Performance Testing Results


This section covers performance testing results of different OAuth authentication flows.

Testing approach

  • All benchmarks are run against Hazelcast Cluster and PostgreSQL used as a storage for refresh tokens and clients.

  • Identity server responsible for the username and password verification is mocked.

  • All processes (load generator, OAuth server, Hazelcast, SQL) are run on separate instances on AWS.


Name Instance type Nodes vCPU Memory (GiB)
Cloudentity ACP c5.2xlarge 8 8 8
Hazelcast c5.2xlarge 3 8 8
Postgresql db.m5.large 1 2 8
Load generator c5.2xlarge 2 8 8


In the scenario with 70% of requests using the refresh token flow and 30% of requests using the resource owner password credentials flow, eight nodes can handle about 60 000 requests per second with 90% of requests under 10 ms.


The following table shows performance results of testing individual flows.

Flow Requests per second Latency (p90)
Client credentials 79 k 2 ms
Refresh token 56 k 8 ms
Resource owner password credentials 43 k 9 ms