Contrib.social

clearing out the authorization_code__scopes and oauth2_server_token__scopes tables

Open on Drupal.org →
Created on 29 July 2022, over 2 years ago
Updated 12 March 2024, about 1 year ago

Problem/Motivation

We use this module internally. we have:
over 1 million rows in the oauth2_server_authorization_code__scopes table in our database compared to
only 26 rows in the oauth2_server_authorization_code table.

Similarly, we have:
over 3 million rows in the oauth2_server_token__scopes table compared to
only 150000 rows in the oauth2_server_token table

I'm not very familiar with drupal so please let me know if I'm not giving enough information. I saw that there seems to be some cron task set up in oauth2_server.module which periodically cleans up expired tokens and authorization codes from the database. I wonder if it should also be clearing out the oauth2_server_authorization_code__scopes and oauth2_server_token__scopes table?

Steps to reproduce

I guess install the module and continuously genrate authorization codes and tokens, you will see that these tables grow without ever shrinking

Proposed resolution

Also clean up the oauth2_server_authorization_code__scopes and oauth2_server_token__scopes tables in the cron job that clears out expired tokens and authorization codes.

Remaining tasks

I would attempt to clear these tables manually myself but since this is a production system that we rely on I'd like to check my assumptions that this data is only needed for the lifetime of the authorization token and code.

User interface changes

none

API changes

none

Data model changes

none

💬 Support request
Status

Active

Version

2.0

Component

Miscellaneous

Created by

willmunn

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago
    🇪🇸Spain dpovshed

    To me it seems you do not have to clear __scopes manually; if you delete an entity in a normal way, all the scopes should gone as well.

    I spotted your thread today because we had a similar situation - hundreds of thousands of entries in these tables. As a result of debugging it revealed that for months the oauth2_server_cron() function was unable to complete because of insufficient memory. 1 GB was not enough, and when I changed this to 3 GB the function was able to terminate - but it took 14 minutes, so better do it via drush.

    For the future - I manually added the simple indexes in the database for the 'expires' column, since these conditions are asked for it.

        $query = \Drupal::entityQuery($entity_type);
    $query->condition('expires', 0, '<>');
    $query->condition('expires', $request_time, '<=');

    Indexes creation SQL:

    CREATE INDEX oauth2_server_authorization_code__expires on oauth2_server_authorization_code (expires);
CREATE INDEX oauth2_server_token__expires on oauth2_server_token (expires);

    Maybe there is a healthier way to define these indexes, via editing the @ContentEntityType definition, but it should be good as well since you are already in the direct database manipulation.

  • Comment about 1 year ago
    🇦🇺Australia cafuego

    I'm not sure how you ended up with so many rows in the `__scopes` tables; I have exactly 0 in both.

    However, since the current cron hook *does* limit by the expires field on both oauth2_server_token and oauth2_server_authorization_code it is entirely reasonable to create an index on those fields.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024