[Feature Request] In memory token cache in confidential client application is well partitioned for all flows, non longer serialized and can be shared between instances of confidential client apps
See original GitHub issueIs your feature request related to a problem? Please describe. For context see Token cache vision 1-pager
Describe the solution you’d like Out of the box, confidential client applications should internally have a token cache which is:
- well partitioned for all flows. (Today, this is the case for AcquireTokenForClient only)
- no longer using serialization when an external token cache serializer is not hooked-up (like the work done on https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2826)
- P1: It should be possible to ensure that this token cache is shared between instances of confidential client applications, as was the case with ADAL. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2849#issuecomment-908316278
- P2: It should be possible to provide eviction parameters. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2849#issuecomment-908316278
P1:
ConfidentialClientApplicationBuilder.Create(clientId)
.WithDefaultCache(shared: true) // Shares the cache between instances of CCA
P2:
ConfidentialClientApplicationBuilder.Create(clientId)
.WithDefaultCache(shared: false,
new EvictionParameters(sizeSimit:1000,
slidingExpiration: TimeSpan.FromMinutes(30) )
);
Describe alternatives you’ve considered see Token cache vision 1-pager
Additional context This issue overrides:
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Token cache serialization (MSAL.NET) - Microsoft Entra
Public client applications (desktop and mobile apps) should try to get a token from the cache before acquiring a token by another method....
Read more >Acquire and cache tokens with Microsoft Authentication ...
Instantiate a confidential client application with a token cache with customized serialization. Acquire the token using the authorization code ...
Read more >netFramework/Microsoft.Identity.Client.xml 3.2.0
This information is used for token cache lookup and enforcing the user session on the STS authorize endpoint. ... The same account can...
Read more >JAX-RS OAuth2 - Apache CXF
The client requests an access token from OAuth2 Access Token Service by ... INFO: Setting an instance of "org.apache.cxf.rs.security.oauth2.common.
Read more >All Classes and Interfaces (Java SE 20 & JDK 20)
This class provides a skeletal implementation of the List interface to minimize the effort required to implement this interface backed by a "sequential...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@zhenyar. I think that this was defensive code due to the fact that ADAL’s cache had not initially been designed to support some scenarios. You shouldn’t need to do any of that with MSAL. I would recommend you just delete this code.
When is the default cache support expected to be available in Microsoft.Identity.Client? Will the default cache support multi-tenant OBO, username/password and client credentials auth flows?
Unfortunately Microsoft.Identity.Web.TokenCache is not going to work for me due to nuget hell.