I think this might be two questions. First, is there a way to enforce a default expiration on user tokens? Currently, it seems to be un-limited.
Second, I seem to have a number of “token-” tokens created for my user. I do not believe I created them manually. What could be triggering creation of these tokens? How can they be limited? For example, is there a way to enforce a limit of only 1 “token-” token or enforce quick expiration like 1 hour?