Seems to me that Kong(0.11.2) currently does not manage created OAuth2 expired credential tokens as seen in my db:
*****@cqlsh:******> select * from oauth2_tokens;
id | access_token | api_id | authenticated_userid | created_at | credential_id | expires_i
n | refresh_token | scope | token_type
--------------------------------------+----------------------------------+--------+----------------------+---------------------------------+--------------------------------------+----------
--+---------------+-------+------------
5868967f-2d55-49b6-8c4f-c3ae2fd87c4c | fo6ATiM1H08jvWX1k4piWvOAvTjCUnh3 | null | null | 2018-01-03 20:37:02.178000+0000 | 4ccc3d1f-2c35-44e6-a6d5-4cebc6745ffc | 360
0 | null | | bearer
4ff53291-73e8-4004-8639-6f7cfa34251d | Rp2zSM651msoHIXAjbwT7PH85UxOkE5K | null | null | 2018-01-03 20:40:37.086000+0000 | 4ccc3d1f-2c35-44e6-a6d5-4cebc6745ffc | 360
0 | null | | bearer
a9b8158b-e7ab-4a65-8b84-111a2da9a1a7 | prKTAPuFEsF7LbHlGjyu3wOBWlCNwTsz | null | null | 2018-01-05 22:06:58.689000+0000 | e72fbe91-0c2d-40eb-ab60-f30696831f12 | 360
0 | null | | bearer
644207eb-b1b8-4063-a9a8-cd43443e99e9 | WZhUjJPSSa9aFxFeFtEpTqshLtpZXbEg | null | null | 2018-01-03 23:38:08.449000+0000 | e72fbe91-0c2d-40eb-ab60-f30696831f12 | 360
0 | null | | bearer
66255710-d5c4-4b6b-b27e-4670fe708531 | u8CANJUA09Vm8GQw1Vyy4MqjeSD6YQg8 | null | null | 2018-01-03 23:40:55.255000+0000 | e72fbe91-0c2d-40eb-ab60-f30696831f12 | 360
0 | null | | bearer
9944682d-3ba4-4814-8103-8972efbbe0bf | DG9Ho9TlmzpHraWKQew5SiASOQSRVFxc | null | null | 2018-01-03 20:41:34.496000+0000 | 4ccc3d1f-2c35-44e6-a6d5-4cebc6745ffc | 360
0 | null | | bearer
f3321fed-fc5a-4d27-bc9b-68443ac315c6 | YtflyahpTIVSTYM7Hc6VAQ7PygNAv0An | null | null | 2018-01-03 20:37:37.097000+0000 | 4ccc3d1f-2c35-44e6-a6d5-4cebc6745ffc | 360
0 | null | | bearer
d02edc35-43a7-4f36-9e4d-8c4e62fed2ec | M1FR92Y7qm6JvTmNd6JGWcxX6rl2GcgD | null | null | 2018-01-05 17:52:25.954000+0000 | 6fdd91da-8d62-4cd2-b6f3-5eb468e6887b | 360
0 | null | | bearer
915a60cd-dd86-4768-8011-6df210d2c6c4 | ZGgcrEJ0DHJPkbBRN9BZ3rM1X3VT33iK | null | null | 2018-01-05 06:55:55.753000+0000 | ca6e60df-a247-4189-a467-4fc9db72d652 | 360
0 | null | | bearer
23659b06-4b1e-4323-89c7-9c65a45aa422 | vVpknBPoyb2TGjicrvK5Y6pUVUOOeoq9 | null | null | 2018-01-05 07:02:21.033000+0000 | ca6e60df-a247-4189-a467-4fc9db72d652 | 360
0 | null | | bearer
(10 rows)
***@cqlsh:****>
If I get some time I will investigate further, as I see this being a problem when a large number of consumers are generating tokens every hour. 100 consumers on a 1 hr token expiry policy, you are talking 2,400 db rows of extra expired tokens every day chilling in the db for no reason.
I brought this up in the chat but thought it good for better documentation here so others are aware of it as well.
Temporary measures Kong community users can take would be an hourly/daily cron to run a delete on all rows with the null api_id && authenticated_userid until something gets put in place to improve the plugin.