--- title: OAuth 2.0 authorization code flow description: The AMAccessTokenSim.scala simulation tests OAuth 2.0 authorization code flow performance. It measures the throughput and response time of an AM server performing authentication, authorization, and session token management when AM is configured to use client-based sessions, and OAuth 2.0 is configured to use client-based tokens. In this test, one transaction includes all three operations. component: forgeops version: 2026.1 page_id: forgeops:reference:benchmark/oauth2 canonical_url: https://docs.pingidentity.com/forgeops/2026.1/reference/benchmark/oauth2.html keywords: ["Benchmark", "OAuth 2.0"] section_ids: congratulations: Congratulations! --- # OAuth 2.0 authorization code flow The `AMAccessTokenSim.scala` simulation tests OAuth 2.0 authorization code flow performance. It measures the throughput and response time of an AM server performing authentication, authorization, and session token management when AM is configured to use client-based sessions, and OAuth 2.0 is configured to use client-based tokens. In this test, one transaction includes all three operations. To run the simulation: 1. Make sure the userstore is provisioned, and the PingDS cache is primed. Refer to [Test user generation](testusers.html). 2. Set environment variables that specify, * the host on which to run the test, * the number of concurrent threads to spawn when running the test, * the duration of the test (in seconds), * the first part of the user ID, and the user password, and * the number of users for the test: ``` $ export TARGET_HOST=my-fqdn $ export CONCURRENCY=100 $ export DURATION=60 $ export USER_PREFIX=user. $ export USER_PASSWORD=T35tr0ck123 $ export USER_POOL=n-users ``` where *n-users* is `1000000` for a small cluster, `10000000` for a medium cluster, and `100000000` for a large cluster. 3. Configure AM for CTS-based sessions: 1. Log in to the Ping Identity Platform admin UI as the `amadmin` user. For details, refer to [AM Services](../../deploy/access.html#am-services-cdm). 2. Access the AM admin UI. 3. Select the top level realm. 4. Select Properties. 5. Make sure the Use Client-based Sessions option is disabled. If it's not disabled, disable it, and then select Save Changes. 4. Configure AM for CTS-based OAuth2 tokens: 1. Select Realms > Top Level Realm. 2. Select Services > OAuth2 Provider. 3. Make sure the Use Client-based Access & Refresh Tokens option is disabled. If it's not disabled, disable it, and then select Save Changes. 5. Change to the /path/to/forgeops/docker/gatling directory. 6. Run the simulation: ``` $ gradle clean; gradle gatlingRun-am.AMAccessTokenSim ``` When the simulation is complete, the name of a file containing the test results appears near the end of the output. 7. Open the file containing the test results in a browser to review the results. ## Congratulations! You've successfully run the lightweight benchmark tests on a ForgeOps deployment. * [icon: check-square-o, set=fa][Become familiar with ForgeOps benchmarking](intro.html) * [icon: check-square-o, set=fa][Install third-party software](sw.html) * [icon: check-square-o, set=fa][Generate test users](testusers.html) * [icon: check-square-o, set=fa][Benchmark the authentication rate](authrate.html) * [icon: check-square-o, set=fa][Benchmark the OAuth 2.0 authorization code flow](oauth2.html)