Cleanup
AuthFort doesn’t delete expired data automatically. Over time, expired signing keys, used password reset tokens, and revoked sessions accumulate in the database. Call these methods on a schedule to keep things clean.
Methods
Section titled “Methods”cleanup_expired_keys()
Section titled “cleanup_expired_keys()”Deletes signing keys that have passed their key_rotation_ttl expiry. These keys are already excluded from JWKS — this removes them from the database entirely.
deleted = await auth.cleanup_expired_keys()
# Returns count of deleted signing keysdeleted = await auth.cleanup_expired_keys()
# Returns count of deleted signing keyscleanup_expired_tokens()
Section titled “cleanup_expired_tokens()”Deletes verification tokens (password reset) that have expired or been used. These are single-use and expire after password_reset_ttl (default: 1 hour).
deleted = await auth.cleanup_expired_tokens()
# Returns count of deleted verification tokensdeleted = await auth.cleanup_expired_tokens()
# Returns count of deleted verification tokenscleanup_expired_sessions()
Section titled “cleanup_expired_sessions()”Deletes refresh tokens (sessions) that are expired or revoked. Over time these accumulate — especially in apps with many users or short refresh token TTLs.
deleted = await auth.cleanup_expired_sessions()
# Returns count of deleted expired/revoked sessionsdeleted = await auth.cleanup_expired_sessions()
# Returns count of deleted expired/revoked sessionsRecommended Schedule
Section titled “Recommended Schedule”Run cleanup daily — either as a cron job or a background task:
keys = await auth.cleanup_expired_keys()
tokens = await auth.cleanup_expired_tokens()
sessions = await auth.cleanup_expired_sessions()
print(f"Cleaned up {keys} keys, {tokens} tokens, {sessions} sessions")keys = await auth.cleanup_expired_keys()
tokens = await auth.cleanup_expired_tokens()
sessions = await auth.cleanup_expired_sessions()
print(f"Cleaned up {keys} keys, {tokens} tokens, {sessions} sessions")Cleanup is safe to run at any time. It only deletes data that is already expired and no longer functional.
Audit Trail
Section titled “Audit Trail”Cleanup permanently deletes records. If you need traceability, capture the data via event hooks before it’s cleaned up. For example, password_reset_requested and key_rotated events fire when those records are created — log them to your audit table there.