I don’t see anything in the production guide about flushing expired tokens. Do you recommend we make a perodic call to POST /oauth2/flush . Or does the server take care of it’s own housekeeping?
Good point, we should defo document that.
Flushing tokens periodically is a good idea if your database grows in size. If it doesn’t don’t worry about it. Most of the flows get cleaned up over time automatically!