We should identify where in the code we ought to be deleting refresh tokens as the currently the delete_refresh_token function from database as it is not used.
Presently we are simply relying on the TTL to expire:
# Remove refresh tokens that haven't been accessed over 90 days
mongo.db.refresh_tokens.create_index(
"last_accessed", expireAfterSeconds=REFRESH_TOKEN_IDEL_EXPIRATION
)
We should identify where in the code we ought to be deleting refresh tokens as the currently the
delete_refresh_tokenfunction fromdatabaseas it is not used.Presently we are simply relying on the TTL to expire: