question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Perf degradation of AcquireTokenForClient due to default partitioned cache

See original GitHub issue

Is your feature request related to a problem? Please describe. Starting in MSAL 4.30, there’s a default in-memory partitioned cache for confidential client applications. For each cache operation, the data is serialized/deserialiazed, which causes a performance hit. Seems to be a bigger issue for apps that have single-tenant partitions with many resources per tenant.

Possible solutions

  1. Partition the internal cache.
  • Create PartitionedInMemoryTokenCacheAccessor that implements ITokenCacheAccessor and is similar to InMemoryTokenCacheAccessor except that the token dictionaries are partitioned by tenant id.
  • Add overloaded GetAllX methods that accept a tenant parameter.
  • In TokenCache, for confidential client app, set the accessor to the partitioned one.
  1. Explore having a smaller partition key; currently it’s client ID + tenant ID.
  1. When searching through the internal cache, find token by key first then go through filters.

Also add performance tests to compare before and after change. (Testing scenario should include single- and multi-tenant cases with many resources.)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:13 (6 by maintainers)

github_iconTop GitHub Comments

2reactions
bgavrilMScommented, Aug 16, 2021

Let’s treat this as a performance regression. Since before MSAL 4.30, AcquireTokenForClient would not use any JSON operation, but afterwards it does, leading to increased number of allocations.

1reaction
jmprieurcommented, Sep 13, 2021

nom @rymeskar the RT for OBO token is reusable for 90 days (provided, today you give the userassertion, which might have expired, but is used as a key to the cache). @pmaytak is actually improving the experience for OBO tokens used in long running processes: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/2820

Read more comments on GitHub >

github_iconTop Results From Across the Web

[Feature Request] In memory token cache in confidential ...
Perf degradation of AcquireTokenForClient due to default partitioned cache #2826)
Read more >
Token cache serialization (MSAL.NET) - Microsoft Entra
This article discusses default and custom serialization of the token cache in MSAL.NET. Quick summary. The recommendation is: When writing a ...
Read more >
AZ-204 Flashcards
For a given availability set, 5 non-user-configurable update domains are assigned by default (Resource Manager deployments can then be increased to provide up ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found