To ensure that expired OAuth tokens are properly removed from the database and evicted from cache, Integration Server uses the Remove Expired Tokens system task to check for and remove expired OAuth tokens. The frequency with which the Remove Expired Tokens task runs and the number of expired tokens that the task removes is determined by the watt.server.oauth.token.removal.interval and watt.server.oauth.token.removal.maxRows server configuration parameters, respectively.

The Remove Expired Tokens system task executes the pub.oauth:removeExpiredAccessTokens service which deletes expired access tokens from the database by performing a series of delete operations in the database. The server configuration parameter watt.server.oauth.token.removal.batchSize controls the batch size for each delete and has a default value of 1000.

You can also invoke the pub.oauth:removeExpiredAccessTokens service in the WmPublic package directly to remove expired OAuth access tokens from the database. For more information about the pub.oauth:removeExpiredAccessTokens service, see pub.oauth:removeExpiredAccessTokens .