Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-7702

Give the ability to disable creation of sign out tokens

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0
    • Fix Version/s: 13.5.0
    • Component/s: oauth2, performance
    • Labels:
    • Support Ticket IDs:

      Description

      Following OPENAM-7482.

      Any call to access_token with grant_type authorization_code, with scope "openid" creates effectively 3 token entries in the CTS:

      • 1 access_token
      • 1 refresh_token (if enabled)
      • 1 "sign out" token

      Considering that the main bottleneck to allow to scale in big oauth2 deployment is the ldap write load against the CTS (especially add and del), it would be great if we could disable the creation of the sign out token.
      (i.e. would save one add and eventually one del for each call to oauth2/authorize=>oauth2/access_token endpoint => would potentially help to improve performance up to 50%).

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              sberthol Sebastien Bertholet [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 0h
                0h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 4h
                4h