[Feature Request] Managed Identity - Calculate the refresh_in value based on expires_in

[gladjohn]

Managed Identity Endpoints do not give us refresh_in. The plan is to calculate this in MSAL

A sample Managed Identity Token response from IMDS Endpoint is seen below,

HTTP/1.1 200 OK
Content-Type: application/json
{
  "access_token": "eyJ0eXAi...",
  "refresh_token": "",
  "expires_in": "3599",
  "expires_on": "1506484173",
  "not_before": "1506480273",
  "resource": "https://management.azure.com/",
  "token_type": "Bearer"
}

Compute refresh_in as 1/2 expires_in, but only if expires_in > 2h.

if expires_in > 2h 
   refresh_in =  expires_in * 0.50 
else 
      refresh_in = null;

Where:

• expires_in: The lifetime of the access token in seconds.
• buffer_time: The amount of time (in seconds) you want to subtract from the token lifetime to ensure that you refresh the token before it expires. This is typically a small value, such as 60 seconds, to avoid any chance of the token expiring before it can be refreshed.
• refresh_in: The time (in seconds) after which you should refresh the access token to ensure that it remains valid.
  The value of 0.50 in the formula is a recommended value for the refresh time. This ensures that the token is refreshed before it expires while also minimizing the number of unnecessary refreshes.

For example, if the token lifetime is 3600 seconds (1 hour) and the buffer time is 60 seconds, then the refresh time would be:

expires_in = 7200 -> refresh_in  = 3600
expires_in = 3600 -> refresh_in = null

[bgavrilMS]

Please make sure this is documented in our MI implementation (API review).