Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Optimize SPN authentication flow #20013

Closed
dingmeng-xue opened this issue Nov 3, 2022 · 1 comment · Fixed by #20297
Closed

[Feature]: Optimize SPN authentication flow #20013

dingmeng-xue opened this issue Nov 3, 2022 · 1 comment · Fixed by #20297
Assignees
@isra-fel
Labels
Authentication feature-request This issue requires a new behavior in the product in order be resolved. Tracking We will track status and follow internally
Milestone
December 2022 (20...

Comments

@dingmeng-xue
Copy link
Member

Description of the new feature

Following this article https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-acquire-token-silently

When you acquire an access token using the Microsoft Authentication Library for .NET (MSAL.NET), the token is cached. When the application needs a token, it should first call the AcquireTokenSilent method to verify if an acceptable token is in the cache. In many cases, it's possible to acquire another token with more scopes based on a token in the cache. It's also possible to refresh a token when it's getting close to expiration (as the token cache also contains a refresh token).
For authentication flows that require a user interaction, MSAL caches the access, refresh, and ID tokens, as well as the IAccount object, which represents information about a single account. Learn more about IAccount. For application flows, such as client credentials, only access tokens are cached, because the IAccount object and ID token require a user, and the refresh token is not applicable.
The recommended pattern is to call the AcquireTokenSilent method first. If AcquireTokenSilent fails, then acquire a token using other methods.

Azure PowerShell needs to use AcquireTokenSilent method to fetch access token for SPN authentication flow. If it fails, Azure PowerShell needs to acquire access token using secret, cert, or other credentials.

Proposed implementation details (optional)

No response
@dingmeng-xue dingmeng-xue added feature-request This issue requires a new behavior in the product in order be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Nov 3, 2022
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label Nov 3, 2022
@dingmeng-xue dingmeng-xue added Tracking We will track status and follow internally Authentication labels Nov 3, 2022
@jiasli
Copy link
Member

jiasli commented Nov 3, 2022

Azure CLI worked on this before in Azure/azure-cli#13276

@BALAGA-GAYATRI BALAGA-GAYATRI mentioned this issue Nov 3, 2022
Closed
@isra-fel isra-fel linked a pull request Nov 28, 2022 that will close this issue
Enable token cache for client assertion login flow #20297
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@isra-fel isra-fel

Labels
Authentication feature-request This issue requires a new behavior in the product in order be resolved. Tracking We will track status and follow internally
Projects
None yet
Milestone
December 2022 (2022-12-06)
Development

Successfully merging a pull request may close this issue.

Enable token cache for client assertion login flow Azure/azure-powershell
3 participants
@jiasli @isra-fel @dingmeng-xue