Remove unused tokens from the database¶
As you use WSO2 Identity Server, the number of revoked, inactive, and expired tokens accumulate in the IDN_OAUTH2_ACCESS_TOKEN table. The database stores these tokens for logging and audit purposes, but they can degrade the server's performance over time.
To maintain optimal performance, and avoid the access token table from growing indefinitely, you can periodically clean up the database by removing unused tokens. You can do this using either of the following methods:
Use the stored procedures for token cleanup (recommended)¶
You can use the provided stored procedures to run a token cleanup task periodically to remove the old and invalid tokens. Follow the instructions below to configure token cleanup using this method.
Tip
Run these steps during a low-traffic period to reduce disruption to the server.
-
Disable the internal token cleanup process by configuring the following property in the
deployment.tomlfile found in the<IS_HOME>/repository/conffolder. -
Depending on your database, select the appropriate token cleanup script based on the links mentioned in the sub-points below and run it on the database. This takes a backup of the necessary tables, turns off SQL updates, and cleans the database of unused tokens.
-
Once the cleanup is over, start the WSO2 Identity Server pointing to the cleaned-up database. You can also schedule a cleanup task that will be automatically run after a given period.
Configure WSO2 Identity Server for token cleanup¶
While stored procedures are recommended, you can use the WSO2 Identity Server to trigger token cleanup during the following instances.
- New token generation
- Token refresh
- Token revocation
Enable token cleanup by configuring the following properties in the <IS_HOME>/repository/conf/deployment.toml file.
| Property | Description |
|---|---|
enable |
Set this property to Set it to |
retain_access_tokens_for_auditing |
Set this property to Set it to |