[Bug] MSAL Suggested cache key can create performance issues to due to over serialization

Which Version of MSAL are you using ? 4.16.1

Platform netcore

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive
  • Integrated Windows Auth
  • Username Password
  • Device code flow (browserless)
• Web App
  • Authorization code
  • OBO
• Web API
  • OBO

Other? - please describe;

Is this a new or existing app? The app is in production, and I have started using MSAL instead of ADAL

Issue MSAL today in it’s suggested cache key makes following suggestions

• App context - ClientId+_AppTokenCache
• User context
  • Silent acquire - User account Id
  • OnBehalfOf exchange - Original token hash

However there are a couple of issues I see with this

Issue with App context cache

We recently onboarded MSAL (shifting away from ADAL) and during rollout we saw a trace (False) MSAL 4.16.1.0 MSAL.NetCore Microsoft Windows 10.0.14393 [07/18/2020 13:52:56] Serializing token cache with 4247 items.

This is happening because all app context tokens are being pushed into one single cache and since the tokens are tenantized, the moment a significant number of tenant hit the call the token cache just keeps on growing.

Issue with User context cache

For user context caches, since the cache key for OnBehalfOf exchange is the original token, as lots of callers make the call using unique clients (we have thousands of clients sending us potentially 100s of unique tokens per user) the token for same user gets cached over and over.

Solution which I propose

Based on the issues above, here is what I recommend as the token caches

• App context - ClientID+TenantId+_AppTokenCache
• User Context - ClientId + HomeAccountIdentifier (i.e. TenantID+UserId)

Additionally TokenCacheNotificationArgs should expose additional information like resourceId since for services which hit a lot of external services even tenant level cache might be too big and they might need to go granular.