Hi all,
I realized in hydra DB that records of authentication request, authentication session, code, consent request and pkce etc. never get cleaned up and am starting to worry this can become an issue over time (while access tokens are fine as there is a flush call at least). Is there indeed any housekeeping mechanism in place or in plan for these records?
Thanks!
I have to check again but I believe that all tokens, codes, sessions that are no longer valid will be removed when they become eligible for removal (with flush). However, the authorization code for example is important for the chain of code -> access token -> refresh token -> access token -> refresh token -> access token -> ... as we need to revoke all tokens associated with that code.
I believe that all tokens, codes, sessions that are no longer valid will be removed when they become eligible for removal (with flush).
Do you mean there’s a thread which keeps cleaning up the obsolete records periodically (I bet not) or these obsolete records will be identified and removed when one calls flush (which is for flushing tokens only as I understand it)? Anyway looking forward to your confirmation. Thanks!
No, there is no automated process as that could break audits. You have to manually call (e.g. with a cron job) the flush command.
Thanks.
I tried flush - apparently only hydra_oauth2_access was cleaned up. I am using Hydra 1.0.
The following tables remained untouched and still contains lots of records (the record counts are in thousands while our user count is indeed <10, so I bet most of them must be obsolete):
hydra_oauth2_authentication_request
hydra_oauth2_authentication_request_handled
hydra_oauth2_authentication_session
hydra_oauth2_code
hydra_oauth2_consent_request
hydra_oauth2_consent_request_handled
hydra_oauth2_pkce
hydra_oauth2_refresh
I will have to check but it’s very busy at the moment - in order not to lose track here could you please create this as an issue in the github repo?