Optimize TokenCleanupService with a more efficient delete strategy when IOperationalStoreNotification is not in use

[aomader]

Currently, the TokenCleanupService uses a two-step process for cleaning up expired grants, consumed tokens, and device codes. It first fetches a batch of records into memory and then issues a separate ExecuteDeleteAsync call to remove them from the database.

As seen in RemoveExpiredPersistedGrantsAsync and RemoveConsumedPersistedGrantsAsync, the full entities are loaded primarily to support the IOperationalStoreNotification feature, which requires the collection of removed items.

However, when no IOperationalStoreNotification is registered, fetching the entire entities into memory is unnecessary overhead. The cleanup could be performed much more efficiently with a single, direct ExecuteDeleteAsync call, similar to the approach already used in RemovePushedAuthorizationRequestsAsync.

[wcabus]

Thanks for this suggestion! I'll forward this to our engineering team, perhaps we can still fit this one in our next release.

That said, our friends at Rock Solid Knowledge have published a blog post which demonstrates how you could setup a scheduled SQL job using a stored procedure to clean up the persisted grant database table. Perhaps this is an easier solution in the short run.

[aomader]

We already deployed a custom solution for this long time ago. We are just pushing for getting more of the stuff we would expect from the IdentityServer into the IdentityServer and and out of our code base.