refresh_tokens table growth due to revoked tokens (self-hosted)
I see many revoked tokens in my refresh_tokens table ... like 91% of the tokens in my table are revoked
52% of those tokens are more than 90 days old
Is there some process that is supposed to be cleaning these automagically? or am I supposed to be cleaning them manually?
11 Replies
tagging in @aantti 😉
They are not auto cleaned in supabase hosted as far as I can tell.
it may be that these leftover tokens are due to some misconfiguration or bad code in my app ... or is this a common problem?
Mine are all still there is what I'm saying.
So Supabase does not clean them up... mine go back to 2022.
@garyaustin ah thanks. presumably most of your tokens are revoked and > 90 days old just like mine.
so maybe nothing to worry about.
but i just don't like tables growing for no good reason ... mine's up to 33MB in just a few months
You can add a cron to clean them. There is also an auth audit log table that gets huge you can trim. They actually just added an option for that one to not even populate and just use the logs which are not part of the DB.
thanks @garyaustin i will probably just clean manually once a month or so
is there any guidance on what's safe to delete in refresh_tokens? obviously not ones that aren't revoked LOL ... but like should I avoid deleting revoked ones that are newer than e.g., 7 days old or something?
I've never seen anything and have not looked at it myself. There is likely something usable in the table. 7 days older is not good as they can last forever until used. So maybe revoked and a few days old is sufficient.
makes sense. thanks @garyaustin