Browser flow authentication fails during performance running for Password flow against token endpoint using 5 threads

We are running Keycloak 22.0.5 on RHEL 9 using Java 17. As part of our regular performance verification using Jmeter for Password flow (1000 Users), we observed during the performance run, none of the browser login are working fine. When the Jmeter stopped, browser flow works fine.

Only in audit logs, we are getting below code_to_token_error but nothing in server logs even with TRACE enabled.

type=CODE_TO_TOKEN_ERROR, realmId=e2cd7652-dcea-41f3-8f3a-9c65607ef170, clientId=security-admin-console, userId=null, ipAddress=110.12.10.160, grant_type=authorization_code, code_id=d020abbb-e78a-4e74-9022-447432955125, client_auth_method=client-secret, error=invalid_code

From the browser, we could see 400 bad request with “Invalid code” as response for the same token endpoint during the browser flow authentication.

We have enabled metrics to check the whether the auth code is getting expired/removed from authentication sessions cache but thats not the case either and the code exist even when we are getting “Invalid_code” error.