Title: Remove refresh token
Last modified: January 20, 2024

---

# Remove refresh token

 *  [johannschnagl](https://wordpress.org/support/users/johannschnagl/)
 * (@johannschnagl)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/remove-refresh-token/)
 * I just tried and deleted a test user from my wordpress site. The user was logged
   in and continued to use his refresh token to get new access tokens.
   What is the
   best way to handle this?
    - I expected you code to check if the user exists on a token refresh
    - I assume I could use the wo_before_token_method hook and just die if the user
      doesn’t exist any more
    - I assume I could just delete the user’s refresh tokens from the database when
      the user is deleted.

The topic ‘Remove refresh token’ is closed to new replies.

 * ![](https://ps.w.org/oauth2-provider/assets/icon-256x256.gif?rev=2603051)
 * [WP OAuth Server (OAuth Authentication)](https://wordpress.org/plugins/oauth2-provider/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/oauth2-provider/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/oauth2-provider/)
 * [Active Topics](https://wordpress.org/support/plugin/oauth2-provider/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/oauth2-provider/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/oauth2-provider/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [johannschnagl](https://wordpress.org/support/users/johannschnagl/)
 * Last activity: [2 years, 4 months ago](https://wordpress.org/support/topic/remove-refresh-token/)
 * Status: not resolved