token invalidation or how can i delete old tokens ?

[jasimpa]

I am new to simplesaml and openid, I could make the token generation working with openid but All old tokens are still in the database. How can i delete them?

[cicnavi]

In README there is a short info that a cron module can be used to remove old tokens: https://github.com/simplesamlphp/simplesamlphp-module-oidc#cron-hook

[jasimpa]

Thanks @cicnavi , Does this module have an optiont to validate/check if the access_token property is there and a valid JWT? I am using PHP openid conenct client in SP and I am using $oidc->authenticate() to generate token, Now its is like generating new tokens each time they visit page.

[cicnavi]

No, we don't have access token validation endpoint at the moment.

You should receive an authorization code on your redirect_uri callback and then use it to get user data from the ID token / userinfo endpoint. When you have user data, you should probably perform authorization step, and then create local session... You should only start authentication process if you don's have user locally authenticated (local session active so to say). You should not start OIDC authorization / authentication procedure every time a user visits your page.

[jasimpa]

Yeah , I was working on it , Thanks for the response