This documentation is for WSO2 Identity Server 5.1.0. View documentation for the latest release.
Removing Unused Tokens from the Database - Identity Server 5.1.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

As you use the WSO2 Identity Server (IS), the number of revoked, inactive and expired tokens accumulates in the IDN_OAUTH2_ACCESS_TOKEN table. These tokens are kept in the database for logging and audit purposes, but they can have a negative impact on the server's performance over time. Therefore, it is recommended to clean them periodically as given in the instructions below:

Tip: It is safe to run these steps in read-only mode or during a time when traffic on the server is low, but that is not mandatory.

  1. Take a backup of the running database. 
  2. Set up the database dump in a test environment and test it for any issues.

    Tip: We recommend that you test the database dump before the cleanup task because the cleanup can take some time.

  3. Get the mysql token cleanup script from here and run it on the database dump. This takes a backup of the necessary tables, turns off SQL updates and removes unused tokens from the database.

  4. Once the cleanup is over, start WSO2 Identity Server, point to the cleaned-up database dump, and then test thoroughly for any issues. 
    You can also schedule a cleanup task that will automatically run after a given period. Here's an example:

    USE 'WSO2IS_DB';DROP EVENT IF EXISTS 'cleanup_tokens_event';
    CREATE EVENT 'cleanup_tokens_event'
        ON SCHEDULE
          EVERY 1 WEEK STARTS '2015-01-01 00:00.00'
        DO
          CALL 'WSO2IS_DB'.'WSO2_TOKEN_CLEANUP_SP'();
     
    -- 'Turn on the event_scheduler'
    SET GLOBAL event_scheduler = ON;
  • No labels