You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected behavior GetAccountsAsync() does not make sense in confidential client applications as there should be one cache per user and GetAccountsAsync() does not know which cache key to use.
We'd want to have a warning at build time: Use GetAccountAsync in web apps and web APIs, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization.
Proposed spec
In IConfidentialClientApplication, add a new method (with the same signature as in the base interface):
/// <inheritdoc/>[Obsolete("Use GetAccountAsync in web apps and web APIs, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization.")]newTask<IEnumerable<IAccount>>GetAccountsAsync()
Given the signature is the same as in the base interface this is not really adding a new method to the interface, and therefore, not a breaking change.
Actual behavior
It's possible to call GetAccountsAsync(), but it always returns 0 accounts (unless developers don't override serialization, but this should not be done in confidential client applications).
The text was updated successfully, but these errors were encountered:
henrik-me
changed the title
[Bug] GetAccountsAsync should no longer be exposed in confidential client applications
[Enhancement] GetAccountsAsync should no longer be exposed in confidential client applications
Aug 5, 2020
Proposing, in 4.28.0 to just do the following (non-breaking)
add a new method GetAccountsAsync on IConfidentialClientApplication (at the moment it's only on ApplicationBase)
add an obsolete attribute, with warning? The message should be: Use GetAccountAsync in web apps and web apis, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization @bgavrilMS
bgavrilMS
changed the title
[Enhancement] GetAccountsAsync should no longer be exposed in confidential client applications
[Enhancement] GetAccountsAsync should no longer be exposed in confidential client applications (via deprecation)
Mar 8, 2021
Which Version of MSAL are you using ?
4.17.0
Platform
net45, netcore
What authentication flow has the issue?
Repro
Expected behavior
GetAccountsAsync()
does not make sense in confidential client applications as there should be one cache per user and GetAccountsAsync() does not know which cache key to use.We'd want to have a warning at build time: Use GetAccountAsync in web apps and web APIs, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization.
Proposed spec
In
IConfidentialClientApplication
, add a new method (with the same signature as in the base interface):Given the signature is the same as in the base interface this is not really adding a new method to the interface, and therefore, not a breaking change.
Actual behavior
It's possible to call
GetAccountsAsync()
, but it always returns 0 accounts (unless developers don't override serialization, but this should not be done in confidential client applications).The text was updated successfully, but these errors were encountered: