Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Feature Request] In memory token cache in confidential client application is well partitioned for all flows, non longer serialized and can be shared between instances of confidential client apps

See original GitHub issue

Is your feature request related to a problem? Please describe. For context see Token cache vision 1-pager

Describe the solution you’d like Out of the box, confidential client applications should internally have a token cache which is:

well partitioned for all flows. (Today, this is the case for AcquireTokenForClient only)
no longer using serialization when an external token cache serializer is not hooked-up (like the work done on https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2826)
P1: It should be possible to ensure that this token cache is shared between instances of confidential client applications, as was the case with ADAL. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2849#issuecomment-908316278
P2: It should be possible to provide eviction parameters. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2849#issuecomment-908316278

P1:

ConfidentialClientApplicationBuilder.Create(clientId)
                                                          .WithDefaultCache(shared: true) // Shares the cache between instances of CCA

P2:

ConfidentialClientApplicationBuilder.Create(clientId)
                                                          .WithDefaultCache(shared: false,
                                                           new EvictionParameters(sizeSimit:1000,
                                                                                                  slidingExpiration: TimeSpan.FromMinutes(30) )
                                                          );

Describe alternatives you’ve considered see Token cache vision 1-pager

Additional context This issue overrides:

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:7 (3 by maintainers)

Top GitHub Comments

1reaction

jmprieurcommented, Sep 22, 2021

@zhenyar. I think that this was defensive code due to the fact that ADAL’s cache had not initially been designed to support some scenarios. You shouldn’t need to do any of that with MSAL. I would recommend you just delete this code.

0reactions

zhenyarcommented, Sep 29, 2021

When is the default cache support expected to be available in Microsoft.Identity.Client? Will the default cache support multi-tenant OBO, username/password and client credentials auth flows?

Unfortunately Microsoft.Identity.Web.TokenCache is not going to work for me due to nuget hell.

Top Results From Across the Web

Token cache serialization (MSAL.NET) - Microsoft Entra

Public client applications (desktop and mobile apps) should try to get a token from the cache before acquiring a token by another method....

Acquire and cache tokens with Microsoft Authentication ...

Instantiate a confidential client application with a token cache with customized serialization. Acquire the token using the authorization code ...

netFramework/Microsoft.Identity.Client.xml 3.2.0

This information is used for token cache lookup and enforcing the user session on the STS authorize endpoint. ... The same account can...

JAX-RS OAuth2 - Apache CXF

The client requests an access token from OAuth2 Access Token Service by ... INFO: Setting an instance of "org.apache.cxf.rs.security.oauth2.common.

All Classes and Interfaces (Java SE 20 & JDK 20)

This class provides a skeletal implementation of the List interface to minimize the effort required to implement this interface backed by a "sequential...