Increasingly customers are looking to register a large number of Oauth2 clients in their environments.
We are seeing targets of millions of Oauth2 clients and this creates a number of problems in our current SMS/Agent architecture that is used to register and maintain these.
This can be avoided by choosing a 1-to-many mapping of clients which has the advantage of keeping clients manageable and easier to administer. It greatly simplifies revoking all tokens for example.
However if the more cumbersome 1:1 mapping is chosen then we do hit a number of scalability issues.
We have seen issues with performance of searches (OPENAM-3996,
The UI does not handle this large numbers well (OPENAM-12156)
Additionally Agents/Clients are stored in in-memory caches that, at this scale, cause heap sizing problems.
We should revisit the way we register and store Oauth2 clients with an aim to address these concerns.