Homeassistant – Delete old/abandoned refresh tokens from user profiles

I kept on finding there were loads of refresh tokens when logging into HA. So I googled why….. I am not logging out! No surprise there but they are a pain to delete individually and so I found this page.

Delete old/abandoned refresh tokens from user profiles

The tokens are in the .homeassistant/.storage/auth file and held as JSON.

The link explains that something call ‘jq’ can edit JSON from the command line… neat! However I had trouble getting the script in the link to work and so created a new shell script like this….

authfile=/home/homeassistant/.homeassistant/.storage/auth
tmp=”$(tempfile)”
echo “Copying from ” $authfile ” to ” $tmp
jq –arg s “$(date -d “” +”%Y-%m-%dT%H:%M”)” ‘del( .data.refresh_tokens[] | select(.last_used_at < $s) )’ $authfile >$tmp
cp $tmp $authfile
rm $tmp

This needs to be run as the homeassistant user to work and homeassistant needs to be stopped as the auth file seems to be loaded into memory when ha is running.

What it does is call jq after setting up the auth file location and a system temp file using –args. –args passes the ‘s’ as a string of value “$(date -d “”+…) into the command ‘del(.data….) using the $authfile as input. The command deletes the part of the JSON file with the refresh token where the last used date is less than today and copies it to the temp file.

When this is complete the temp file is copied over the authfile and then the temp is deleted.

Works well. Just need to remember to restart home assistant!

Leave a Reply

Your email address will not be published. Required fields are marked *