Any call to access_token with grant_type authorization_code, with scope "openid" creates effectively 3 token entries in the CTS:
- 1 access_token
- 1 refresh_token (if enabled)
- 1 "sign out" token
Considering that the main bottleneck to allow to scale in big oauth2 deployment is the ldap write load against the CTS (especially add and del), it would be great if we could disable the creation of the sign out token.
(i.e. would save one add and eventually one del for each call to oauth2/authorize=>oauth2/access_token endpoint => would potentially help to improve performance up to 50%).