Django OAuth Toolkit exposes some useful management commands that can be run via shell or by other means (eg: cron)
cleartokens management command allows the user to remove those refresh tokens whose lifetime is greater than the
amount specified by
REFRESH_TOKEN_EXPIRE_SECONDS settings. It is important that this command is run regularly
(eg: via cron) to avoid cluttering the database with expired refresh tokens.
cleartokens runs daily the maximum delay before a refresh token is
REFRESH_TOKEN_EXPIRE_SECONDS + 1 day. This is normally not a
problem since refresh tokens are long lived.
To prevent the CPU and RAM high peaks during deletion process use
CLEAR_EXPIRED_TOKENS_BATCH_INTERVAL settings to adjust the process speed.
Note: Refresh tokens need to expire before AccessTokens can be removed from the
REFRESH_TOKEN_EXPIRE_SECONDS has limited effect.