--- a/plugins/mod_tokenauth.lua	Sat Nov 04 17:12:01 2023 +0100
+++ b/plugins/mod_tokenauth.lua	Sun Nov 05 16:10:40 2023 +0100
@@ -166,22 +166,22 @@
 		token_store:set_key(username, grant.id, nil);
 		return nil, "invalid";
 	end
+
+	local found_expired = false
 	for secret_hash, token_info in pairs(grant.tokens) do
-		local found_expired = false
 		if token_info.expires and token_info.expires < now then
 			module:log("debug", "Token has expired, cleaning it up");
 			grant.tokens[secret_hash] = nil;
 			found_expired = true;
 		end
-		if found_expired then
-			token_store:set_key(username, grant.id, nil);
-		end
 	end
 
 	if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then
 		module:log("debug", "Token grant has no tokens, discarding");
 		token_store:set_key(username, grant.id, nil);
 		return nil, "expired";
+	elseif found_expired then
+		token_store:set_key(username, grant.id, grant);
 	end
 
 	return grant;