Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
The access token retrieval logic in [1] is only needed when the retainOldAccessTokens is enabled.
Suggestions:
Therefore expand the retainOldAccessTokens [2] check and add the logic in [1] inside of it. As the retrieved data has the token_id value move [3] as well.
When the config is not enabled, introduce a new function to delete the tokens using the token hash.
Describe the issue:
The access token retrieval logic in [1] is only needed when the retainOldAccessTokens is enabled.
Suggestions:
Therefore expand the retainOldAccessTokens [2] check and add the logic in [1] inside of it. As the retrieved data has the token_id value move [3] as well.
When the config is not enabled, introduce a new function to delete the tokens using the token hash.
[1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java#L70-L104 [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java#L105-L107 [3] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/OldTokensCleanDAO.java#L108