Recent production instance maintenance shown that OrigamIdentityGrant
table consumes 6GB of disk space. It’s rather large for a system table for storing authentication tokens.
After some experiments it seems that only way to remove a record from the table is user properly logging out of the system. Otherwise the tokens/records are piling in the table.
The first pair of rows was created during the initial login, the second pair of rows was created after I closed the browser and restarted the server, the third pair was created when I logged in incognito mode of the same browser.
My initial idea was to limit user (SubjectId) to only one set of tokens. That would mean that the user would be automatically signed out from other client. That seems to be too harsh, but some sort of control over the tokens overpopulation should be introduced.
There is an option to clean the table during the server boot sequence.