Table of Contents
Authlete removes access tokens and refresh tokens that have been unused in a certain period, 90 days. “Use” in this context is read/update operations to the tokens by Authlete to process requests such as token introspection, updating scopes.
It is not affected by the token’s expiration time that is defined in the service owner console. For example, a refresh token with a very long expiration time is subject to be removed from the token database after 90 days from the last usage.
Additionally, expired access tokens and refresh tokens are also deleted, regardless of their usage status.
If a token that has not been used for 90 days is used, Authlete will send a response with “[A057302] The access token does not exist” because the token is already deleted from the database.