Update tokens - server-side storage and cancellation for multiple clients

I start with token authentication using the ASOS framework (AspNet.Security.OpenIdConnect.Server).

I have access token generation and retrieval, and now I'm moving on to the updated token.

My questions:

• How to save update token server server?
  • Should I just store the clientID and the hashed and salted update token in the database (along with utility fields, for example, with the expiration date)?
• What is the expected behavior if the user of my API has a single client identifier and is secret but makes many calls at the same time (suppose they want to scale the client on their end on multiple computers to get higher bandwidth, for example).
  • In particular, I mean that if 1 of the client access tokens expires, but the update token has also expired? Of course, they can go to the endpoint of the token to get a new access token and update the token at the same time, but what about other instances for this client identifier? Assuming their code is identical (i.e., they do not exchange knowledge of the update token), each instance will also continue to request a new access and update token.
  • If you save a single update token for a client ID, you end up over-asking for update tokens, potentially every time an access token expires, which would be undesirable.
  • If you store several update tokens for a client, how many of their reasonable number?

Also, what is the general process for revoking update tokens? It's just how simple it is to remove it from where you store it?

Thank.