File

mod_tokenauth: Delete grants without tokens after period Generally it is expected that a grant would have at least one token as long as the grant is in active use. Refresh tokens issued by mod_http_oauth2 have a lifetime of one week by default, so the idea here is that if that refresh token expired and another week goes by without the grant being used, then the whole grant can be removed.

Thanks for your interest in contributing to the project!

There are many ways to contribute, such as helping improve the
documentation, reporting bugs, spreading the word or testing the latest
development version.

You can find more information on how to contribute at <https://prosody.im/doc/contributing>

See also the HACKERS and README files.