Follow-up from coder/coder#21783:
In large deployments, the number of expired tokens could be quite large especially if many ephemeral / short-lived tokens are issued. Filtering them client-side feels inefficient and should rather be done by the database.
Originally posted by @dannykopping in coder/coder#21783 (comment)