The following table lists different OAuth requests on a single node Identity Server and performance for each request:
Test |
Scenario |
Access Manager Performance |
---|---|---|
Client credentials flow without a refresh token |
Users request for an access token in the client credentials flow without a refresh token. |
820 tokens per second |
Client credentials flow with a refresh token |
Users request for an access token in the client credentials flow along with a refresh token. |
800 tokens per second |
Resource owners flow without refresh tokens |
Users request for an access token in the resource owners flow without requesting for a refresh tokens. |
600 tokens per second |
Resource owners flow with refresh tokens |
Users request for an access token in the resource owners flow with refresh tokens. |
200 tokens per second |
Authorization code flow without refresh tokens |
Authenticate and request for an authorization code and using the authorization code request for an access token without requesting for refresh tokens. |
120 tokens per second |
Authorization code flow with refresh tokens |
Authenticate and request for an authorization code and using the authorization code request for an access token with refresh tokens. |
110 tokens per second |
Implicit flow – access tokens |
Request for an access token in the implicit flow. |
140 tokens per second |
Implicit flow – ID tokens |
Request for the ID token in implicit flow. |
140 token per second |
Implicit flow – Access token + ID tokens |
Request for an access token and an ID token in the implicit flow. |
130 tokens per second |
Token validation |
Validate an access token against the tokeninfo endpoint. |
540 validations per second |
Token refresh |
Getting an access token by submitting the refresh token. |
460 token refreshes per second |
User Attributes |
Fetching the user attributes against the userinfo endpoint |
540 requests per second |
For information about the test environment, see Test Environment: Identity Server as an OAuth 2.0 Identity Provider.
NOTE:To improve the performance of OAuth requests, scale Access Manager components horizontally by adding additional components to the cluster.