CTS tokenstore internally uses blocking queues to distribute the Tasks to the task processors. On operations like Create, the tokenstore queues the request and returns the control to the calling method. In the following scenario this implementation doesnt work
If Create request is executed on server 1 and read/update request is made on server 2 then its possible that request on server 2 is processed before request on server 1
Our usage of OAuth involves 2 steps. 1) get access token and 2) use access token to authenticate users. With OpenAM 11 we have ~zero failure; with OpenAM 12, we are observing close to 1.2-1.3% authenticate failures due to the mentioned problem.
We can't use affinity in this case as there is no session token used in either of the OAuth calls. The fix could be to wait for the operation to be completed by CTS before returning the response to the client. But doing so with current implementation simply negates the purpose of having queues at the first place. Given that, the correct fix in my opinion would be to replace the async CTS with sync CTS.