Deleting expired refresh tokensEdit on GitHub
After an authentication refresh token is revoked or expires, it remains in the database.
For security reasons and to reduce the database storage space, we recommend deleting the tokens by setting their liftime. Once they have a lifetime, you can configure a cron job to delete them automatically or do it manually.
To configure the lifetime of refresh tokens, extend the
Spryker\Shared\Oauth\OauthConfig class on a project level.
To configure the cron job to delete the tokens with expired lifetime, configure the time interval for the job via the
To delete the tokens with expired lifetime manually, run the command:
For submitting the form