Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Bug] Cache misses in client_credentials when authority is specified at request level, cloud is not global and region is used
See original GitHub issue var cca = ConfidentialClientApplicationBuilder.Create("client_id")
.WithClientSecret("secret")
.WithAzureRegion("eastus")
.Build();
var result = await cca.AcquireTokenForClient(new[] { "https://graph.ppe.windows.net/.default" })
.WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync();
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
var result2 = await cca.AcquireTokenForClient(new[] { "https://graph.ppe.windows.net/.default" })
.WithAuthority("https://login.windows-ppe.net/17b189bc-2b81-4ec5-aa51-3e628cbc931b")
.ExecuteAsync();
// fails
Assert.AreEqual(TokenSource.Cache, result2.AuthenticationResultMetadata.TokenSource);
Workaround: Add .WithAuthority("https://login.windows-ppe.net/common") or any authority of the same cloud to the application builder.
var cca = ConfidentialClientApplicationBuilder.Create("client_id")
.WithClientSecret("secret")
.WithAzureRegion("eastus")
.WithAuthority("https://login.windows-ppe.net/common")
.Build();
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
microsoft-authentication-library-for-dotnet/CHANGELOG. ...
Improved the error message when cache serialization fails. ... with an authority specified at the request level, the region is used and not...
Read more >Keystone Configuration
For performance reasons, the current state of configuration options for a domain are cached in the keystone server, and in multi-process and ...
Read more >Pivotal Cloud Cache 1.5
Pivotal Cloud Cache (PCC) is a high-performance, high-availability caching layer for Pivotal Cloud. Foundry (PCF). PCC offers an in-memory key- ...
Read more >Dell EMC DD OS Administration Guide
DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND ... Treats corruption to cache data as a cache miss to avoid data loss...
Read more >Applications Manager Issues Fixed
While un-assigning the existing custom field values of type 'List' for monitor groups in Managed server, the changes were not synced properly to...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I hit this issue in national clouds where caching was not working because app.GetAccounts() call returned no accounts, thereby resulting in throttling from ESTS. Upgrading from 4.31.0 to latest version(4.35) fixed the issue.
We do need it for flows where users / accounts are involved, because otherwise you cannot do
app.GetAccounts(). But forclient_credentialsflow, I don’t see why we would require it? We can just use the authority override.Do you want to make the programming model more consistent between AcquireTokenForClient and other AcquireToken* calls and require that the 2 authorities have the same host? Throw an exception if they do not?