Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

Laravel: oauth_access_tokens clean up process

using Laravel Passportโ€”the oauth_access_tokens table balloons when tokens arenโ€™t expiring, not being revoked on logout, or not being purged. Hereโ€™s a practical, safe cleanup + prevention plan you can apply right now.

1) Inspect whatโ€™s growing

-- Table sizes (MB)
SELECT TABLE_NAME, ROUND((DATA_LENGTH+INDEX_LENGTH)/1024/1024,2) AS MB
FROM information_schema.TABLES
WHERE TABLE_SCHEMA = DATABASE()
  AND TABLE_NAME IN ('oauth_access_tokens','oauth_refresh_tokens')
ORDER BY MB DESC;

-- How many active (not revoked) tokens per user
SELECT user_id, COUNT(*) AS tokens
FROM oauth_access_tokens
WHERE revoked = 0
GROUP BY user_id
ORDER BY tokens DESC
LIMIT 20;

-- Expired tokens still present?
SELECT COUNT(*) 
FROM oauth_access_tokens
WHERE expires_at IS NOT NULL AND expires_at < NOW();
Code language: PHP (php)

2) One-time purge (safe cleanup)

Backup first. Then, if youโ€™re on Passport 10+:

php artisan passport:purge --revoked --expired
Code language: CSS (css)

This removes revoked and expired access/refresh tokens.

If you donโ€™t have the purge command, do it manually:

-- Revoke + delete obviously old tokens (example: older than 90 days)
UPDATE oauth_access_tokens SET revoked = 1
WHERE (expires_at IS NOT NULL AND expires_at < NOW()) OR created_at < NOW() - INTERVAL 90 DAY;

-- Clean up refresh tokens linked to revoked access tokens
DELETE rt FROM oauth_refresh_tokens rt
JOIN oauth_access_tokens at ON rt.access_token_id = at.id
WHERE at.revoked = 1;

-- Optionally delete the revoked access tokens themselves
DELETE FROM oauth_access_tokens WHERE revoked = 1;
Code language: JavaScript (javascript)

Then reclaim disk space (if you use file-per-table InnoDB):

OPTIMIZE TABLE oauth_access_tokens;
OPTIMIZE TABLE oauth_refresh_tokens;

3) Fix the root causes

A) Set short, sane expirations

In App\Providers\AuthServiceProvider.php:

use Laravel\Passport\Passport;

public function boot()
{
    $this->registerPolicies();

    Passport::tokensExpireIn(now()->addHours(2));             // access tokens
    Passport::refreshTokensExpireIn(now()->addDays(14));      // refresh tokens
    Passport::personalAccessTokensExpireIn(now()->addMonths(3));
}
Code language: PHP (php)

Deploy, then php artisan config:clear && php artisan cache:clear.

B) Revoke on logout (donโ€™t leave tokens hanging)

If youโ€™re issuing access tokens on login, make sure logout revokes them:

public function logout(Request $request)
{
    $token = $request->user()->token();
    if ($token) {
        $token->revoke();
        // Also revoke its refresh tokens
        \DB::table('oauth_refresh_tokens')
          ->where('access_token_id', $token->id)
          ->update(['revoked' => true]);
    }
    return response()->json(['message' => 'Logged out']);
}
Code language: PHP (php)

If you want to nuke all a userโ€™s tokens on logout:

$request->user()->tokens()->delete();
\DB::table('oauth_refresh_tokens')->whereIn(
  'access_token_id',
  \DB::table('oauth_access_tokens')->where('user_id', $request->user()->id)->pluck('id')
)->delete();
Code language: PHP (php)

C) Donโ€™t issue a new token on every request

Audit your login/auth flowโ€”ensure you only create a token at login (or first app start) and then reuse it. If youโ€™re creating tokens during each API call, thatโ€™s the main culprit.

D) Schedule automatic purging

In app/Console/Kernel.php:

protected function schedule(Schedule $schedule)
{
    // Passport 10+:
    $schedule->command('passport:purge --revoked --expired')->dailyAt('02:30');

    // Optional: extra safetyโ€”purge very old tokens regardless
    // $schedule->call(fn () => \DB::table('oauth_access_tokens')
    //    ->where('created_at','<',now()->subMonths(6))->delete()
    // )->weeklyOn(1, '03:00');
}
Code language: PHP (php)

Ensure your server cron runs Laravelโ€™s scheduler:

* * * * * cd /path/to/app && php artisan schedule:run >> /dev/null 2>&1
Code language: JavaScript (javascript)

4) If youโ€™re not tied to Passport

For SPAs and first-party mobile apps, consider Laravel Sanctum. Itโ€™s lighter (personal_access_tokens), easier to manage, and usually grows less aggressively.

5) Quick โ€œemergencyโ€ reduction

If you must free space fast and accept losing old sessions:

-- Delete tokens older than 30 days (adjust to your risk appetite)
DELETE rt FROM oauth_refresh_tokens rt
JOIN oauth_access_tokens at ON rt.access_token_id = at.id
WHERE at.created_at < NOW() - INTERVAL 30 DAY;

DELETE FROM oauth_access_tokens
WHERE created_at < NOW() - INTERVAL 30 DAY;

Then OPTIMIZE TABLE as above.


Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals
I'm Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms. I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.

Related Posts

Top 10 Product Lifecycle Management (PLM) Tools in 2026: Features, Pros, Cons & Comparison

Introduction Product Lifecycle Management (PLM) is a strategic approach to managing a productโ€™s journey from conception through design, manufacturing, and end-of-life. In 2026, PLM software has evolved…

Read More

Top 10 Patch Management Tools in 2026: Features, Pros, Cons & Comparison

Introduction: The Importance of Patch Management in 2026 In 2026, as cyber threats evolve and technology becomes more complex, patch management tools are critical for maintaining cybersecurity…

Read More

Top 10 Headless CMS Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, Headless Content Management Systems (CMS) have become the go-to solution for businesses seeking flexibility, scalability, and a modern approach to content management. Unlike traditional…

Read More

Top 10 AI Lead Scoring Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI lead scoring tools have become indispensable for B2B and B2C businesses aiming to optimize their sales pipelines. These tools leverage artificial intelligence to…

Read More

Top 10 AI Portfolio Optimization Tools in 2026: Features, Pros, Cons & Comparison

Introduction Investment management has always been about making smart choices at the right time. Traditionally, this required endless hours of research, manual calculations, and intuition. But in…

Read More

Top 10 AI SEO Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI SEO tools have become indispensable for digital marketers, businesses, and content creators aiming to dominate search engine rankings. These tools leverage artificial intelligence…

Read More
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
0
Would love your thoughts, please comment.x
()
x