Quick question about handling authentication tokens under high concurrency in US1 environment.
We are running a JMeter 5.6 script to simulate 500 concurrent agents logging into the PureCloud softphone. The goal is to validate the security token refresh mechanism under load. The initial login requests succeed, but after approximately 300 concurrent sessions are active, we start seeing authentication failures on the WebSocket upgrade attempts.
The error returned is consistent:
HTTP 401 Unauthorized - Invalid or expired access token
I have configured the script to refresh the OAuth token every 5 minutes, which should be well within the validity period. However, it seems that when multiple threads attempt to refresh their tokens simultaneously, or when the load on the identity provider increases, the refresh process fails.
Is there a known rate limit or throttling policy on the /oauth/token endpoint during high-volume refresh operations? We are using the standard client credentials flow. I want to ensure our load test configuration is not triggering a security block. Any insights on the expected behavior for token refresh under heavy load would be appreciated. We need to adjust our JMeter think time or parallelism settings.