You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ConfidentialClient - web api (AcquireTokenOnBehalfOf), ConfidentialClient - service to service (AcquireTokenForClient), ManagedIdentityClient - managed identity
Proactive token refresh is done on a separate thread. A cancellation token provided by the user is passed into it. If the parent token source is disposed after the original token request completes, then any usage of that cancellation token in the proactive refresh task will cause a "object is disposed" exception.
Relevant code snippets
No response
Expected behavior
No response
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
Create a linked cancellation token source using the parent user-provided cancellation token to be used in the background refresh task.
The text was updated successfully, but these errors were encountered:
pmaytak
changed the title
[Bug] Background proactive token refresh is not properly cancelled
[Bug] Background proactive token refresh is not properly canceled
Dec 21, 2023
After some investigation, Seems like this issue may happen only under rare circumstances. When CancellationTokenSource is disposed, then calling its properties, including Token, will result in an ObjectDisposedException. However, since the token is passed into the inner methods, the token and it's value properties like CanBeCanceled and IsCancellationRequested can still be called. The only exception to this is the WaitHandle property is disposed. However, it doesn't seem to be used anywhere in the MSAL code.
Library version used
4.58.1
.NET version
Any
Scenario
ConfidentialClient - web api (AcquireTokenOnBehalfOf), ConfidentialClient - service to service (AcquireTokenForClient), ManagedIdentityClient - managed identity
Is this a new or an existing app?
None
Issue description and reproduction steps
microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/Internal/Requests/ClientCredentialRequest.cs
Line 78 in 546d00f
Proactive token refresh is done on a separate thread. A cancellation token provided by the user is passed into it. If the parent token source is disposed after the original token request completes, then any usage of that cancellation token in the proactive refresh task will cause a "object is disposed" exception.
Relevant code snippets
No response
Expected behavior
No response
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
Create a linked cancellation token source using the parent user-provided cancellation token to be used in the background refresh task.
The text was updated successfully, but these errors were encountered: