Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
First call to acquireTokenSilent is slow due to getting authority metadata, even if token is served from localStorage
See original GitHub issueCore Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.13.1
Wrapper Library
Not Applicable
Wrapper Library Version
None
Description
We’ve added some instrumentation to measure the timing of getToken and are noticing some higher than expected durations for tokens that were served out of localStorage.
Upon reproducing this locally, I noticed that the first few calls to acquireTokenSilent has a longer duration due to an empty cache when resolving endpoints https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/fceeb7bdf9a16d900f6e604c0e13ff85edd868f9/lib/msal-common/src/authority/Authority.ts#L224
The cache is stored in memory: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/fceeb7bdf9a16d900f6e604c0e13ff85edd868f9/lib/msal-browser/src/cache/BrowserCacheManager.ts#L347 (internalStorage is in memory, not local/session storage)
As the cache is empty, it will make network calls to get the endpoints which adds latency
I was wondering if there’s a way to make this more performant? Especially as we are trying to bring down initial page load times in our application? I’m aware of this doc: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/performance.md but don’t want to ensure it is using correct, up-to-date cloud instance metadata|
I was also wondering if it’s necessary to get the authority metadata when the token can be served from localStorage? It seems like we need this metadata only when we need to make network calls to get the token (correct me if I’m wrong)
MSAL Configuration
{
auth: {
clientId: this.clientId,
authority: this.authority,
redirectUri: this.loginRedirectUri,
postLogoutRedirectUri: this.postLogoutRedirectUri
},
cache: {
cacheLocation: "localStorage",
storeAuthStateInCookie: isIEOrOldEdge // https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1188#issuecomment-634281307
},
system: {
tokenRenewalOffsetSeconds: Constants.tokenRenewalOffsetSeconds,
iframeHashTimeout: 30000, // iframe is used to refresh the refresh_token as it has a 24h lifetime
loggerOptions: {
loggerCallback: MsalAuthContext.msalLoggerCallback,
piiLoggingEnabled: false,
logLevel: LogLevel.Info
},
navigationClient: this.navigationClient
}
}
Relevant Code Snippets
No response
Identity Provider
Azure AD / MSA
Source
Internal (Microsoft)
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Not sure what you mean by “in handleRedirectPromise”. You should call
acquireTokenSilentin your initialization code.Probably not, but it is very likely that we add an initialization API in the somewhat near future that will do some initial async set up we can’t do in the constructor. This type of pre-fetching would be a prime example of something we could include in that initialization API. I realize it’s not ideal but in the meantime you may have to decide if you’d rather live with the perf hit on the first ATS call every time or just the potential perf hit if the token is expired.
We can take a look at some performance improvements here @thoo1, I agree with your sentiments here:
I’m not sure about resolveEndpointAsync inside handleRedirectPromise() but it’s something we can consider.