refresh_tokens table growth due to revoked tokens (self-hosted)

I see many revoked tokens in my refresh_tokens table ... like 91% of the tokens in my table are revoked

52% of those tokens are more than 90 days old

Is there some process that is supposed to be cleaning these automagically? or am I supposed to be cleaning them manually?

boozedogOP•9/30/25, 12:28 PM

tagging in @aantti

garyaustin•9/30/25, 12:56 PM

They are not auto cleaned in supabase hosted as far as I can tell.

boozedogOP•9/30/25, 4:23 PM

it may be that these leftover tokens are due to some misconfiguration or bad code in my app ... or is this a common problem?

Bboozedog tagging in @aantti 😉

garyaustin•9/30/25, 4:36 PM

Mine are all still there is what I'm saying.

garyaustin•9/30/25, 4:37 PM

garyaustin•9/30/25, 4:37 PM

So Supabase does not clean them up... mine go back to 2022.

Ggaryaustin Mine are all still there is what I'm saying.

boozedogOP•9/30/25, 5:10 PM

@garyaustin ah thanks. presumably most of your tokens are revoked and > 90 days old just like mine.

so maybe nothing to worry about.

but i just don't like tables growing for no good reason ... mine's up to 33MB in just a few months

garyaustin•9/30/25, 5:13 PM

You can add a cron to clean them. There is also an auth audit log table that gets huge you can trim. They actually just added an option for that one to not even populate and just use the logs which are not part of the DB.

boozedogOP•9/30/25, 6:42 PM

thanks @garyaustin i will probably just clean manually once a month or so

is there any guidance on what's safe to delete in refresh_tokens? obviously not ones that aren't revoked LOL ... but like should I avoid deleting revoked ones that are newer than e.g., 7 days old or something?

garyaustin•9/30/25, 6:44 PM

I've never seen anything and have not looked at it myself. There is likely something usable in the table. 7 days older is not good as they can last forever until used. So maybe revoked and a few days old is sufficient.

boozedogOP•9/30/25, 7:48 PM

makes sense. thanks @garyaustin

refresh_tokens table growth due to revoked tokens (self-hosted)

Similar Threads

Similar Threads

Similar Threads