Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] AcquireTokenFromClient acquires token from cache after AbsoluteExpirationRelativeToNow #2466

Closed
calvinkwtang opened this issue Sep 13, 2023 · 2 comments · Fixed by #2514
Closed

[Bug] AcquireTokenFromClient acquires token from cache after AbsoluteExpirationRelativeToNow #2466

calvinkwtang opened this issue Sep 13, 2023 · 2 comments · Fixed by #2514
Assignees
@pmaytak
Labels
bug Something isn't working P2 token cache serialization - in memory cache
Milestone
2.15.3

Comments

@calvinkwtang
Copy link

Microsoft.Identity.Web Library

Microsoft.Identity.Web.TokenCache

Microsoft.Identity.Web version

2.13.3

Web app

Sign-in users

Web API

Protected web APIs (validating tokens)

Token cache serialization

In-memory caches

Description

I was testing to find a way to expire a token at a specific timeframe after its generation using AbsoluteExpirationRelativeToNow.
I tested on a 5 minute expiration for the sake of fast results but intend to use a longer timeframe (20 or 22 hours) when actually implementing it

Reproduction steps

https://github.com/calvinkwtang/CacheTest

Error message

No response

Id Web logs

No response

Relevant code snippets

app.AddInMemoryTokenCache(services =>
{
    services.Configure<MemoryCacheOptions>(options =>
    {
        options.SizeLimit = 500 * 1024;
    });
    services.Configure<MsalMemoryTokenCacheOptions>(options =>
    {
        options.AbsoluteExpirationRelativeToNow = TimeSpan.FromMinutes(5);
    });
});

Regression

No response

Expected behavior

Calls of AcquireTokenFromClient before 5 minutes (based on the code snippet and sample) should return the same token and after 5 minutes should return a new token
@calvinkwtang calvinkwtang added the question Further information is requested label Sep 13, 2023
@jennyf19
Copy link
Collaborator

@bgavrilMS & @pmaytak can you please take a look at this one? Thanks.

@jennyf19 jennyf19 added token cache serialization - in memory cache and removed question Further information is requested labels Sep 28, 2023
@pmaytak pmaytak self-assigned this Sep 29, 2023
@pmaytak pmaytak changed the title AcquireTokenFromClient acquires token from cache after AbsoluteExpirationRelativeToNow [Bug] AcquireTokenFromClient acquires token from cache after AbsoluteExpirationRelativeToNow Sep 29, 2023
@pmaytak pmaytak added bug Something isn't working P2 labels Sep 29, 2023
@pmaytak
Copy link
Contributor

pmaytak commented Sep 29, 2023

From my past investigation, it may be a bug here:

microsoft-identity-web/src/Microsoft.Identity.Web.TokenCache/InMemory/MsalMemoryTokenCacheProvider.cs

Line 107 in e5efeaa

if (cacheSerializerHints != null && cacheSerializerHints.SuggestedCacheExpiry != null)

For app tokens, MSAL always provides a suggested cache expiry which is token's expiry, and it always takes precedence, and the custom AbsoluteExpiration never overwrites this.

I can provide a PR fix for this.

@pmaytak pmaytak moved this from Triage to In Progress in MSAL Customer Trust / QM Oct 5, 2023
@pmaytak pmaytak mentioned this issue Oct 11, 2023
Merged
@pmaytak pmaytak moved this from In Progress to Waiting for Code Review in MSAL Customer Trust / QM Oct 11, 2023
@jennyf19 jennyf19 moved this from Waiting for Code Review to Done in MSAL Customer Trust / QM Oct 20, 2023
@jennyf19 jennyf19 added this to the 2.15.3 milestone Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmaytak pmaytak

Labels
bug Something isn't working P2 token cache serialization - in memory cache
Projects
MSAL Customer Trust / QM
Archived in project
Milestone
2.15.3
4 participants
@calvinkwtang @jennyf19 @pmaytak @westin-m