Why does the oauth token refresh endpoint is returning 401 unauthorized errors during our peak load simulation. the environment is genesys cloud v2.16.0. we are using jmeter version 5.6.2 to simulate agent login patterns. the test plan uses 500 concurrent threads hitting the /api/v2/oauth/token endpoint. initially, the tokens are generated successfully. however, after approximately 45 minutes of sustained load, the error rate spikes to 15 percent. the response body indicates “invalid_grant” even though the refresh tokens were generated correctly seconds prior.
the architecture involves a dedicated edge instance handling the websocket connections. the api gateway logs show no 5xx errors, only client-side 4xx responses. we have verified that the client_id and client_secret are correct in the jmeter properties file. the issue seems to correlate with the number of active websocket sessions rather than the raw api call volume. could this be related to a specific rate limit on the identity service that is not documented in the standard developer guides. any insights on configuring the token cache duration or adjusting the jmeter think time to avoid this authentication bottleneck would be appreciated. we need to validate the security compliance of our token handling under stress conditions.