In a project we are using Laravel Password as oAuth server. I've seen that we have millions of revoked access token (revoked=1 in db). The same for refresh_tokens.
Can I safely remove them with a direct DB query like "DELETE FROM oauth_access_token WHERE revoked = 1 OR expire_at < NOW() " ?
IMHO, revoked or expired tokens won't be used by password, so I can safely remove them, right ?
Sign in to participate in this thread!