You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using Kubernetes as the storage type for Dex. Dex is set up with an OIDC connector and refresh token which expires after 12 hours. I've noticed that the refresh token CRs are left over on the cluster after the refresh token is no longer valid.
Based on my understanding, a refresh token is created per user. However, if the user does not log in for a long time, the CR is still there. With many users, there might be many unused resources.
Is there any clean-up mechanism implemented for the CRs, that would remove them once they are no longer valid?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I'm using Kubernetes as the storage type for Dex. Dex is set up with an OIDC connector and refresh token which expires after 12 hours. I've noticed that the refresh token CRs are left over on the cluster after the refresh token is no longer valid.
Based on my understanding, a refresh token is created per user. However, if the user does not log in for a long time, the CR is still there. With many users, there might be many unused resources.
Is there any clean-up mechanism implemented for the CRs, that would remove them once they are no longer valid?
Beta Was this translation helpful? Give feedback.
All reactions