New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
force_refresh not being passed to _acquire_token_silent_from_cache .... #113
Conversation
…d_possibly_refresh_it acquire_token_silent is receiving force_refresh but it's not passing to the next function: _acquire_token_silent_from_cache_and_possibly_refresh_it. This update just adds that argument when calling the latter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice. Just a minor comment inside.
Out of curiosity, are you just testing, or do you really have a need in your production system that you would like to do force_refresh
? That would cause your app not benefiting from MSAL's built-in cache as much. What is the reason that you would want to force_refresh?
Hi @rayluo, sure, I can adjust it - should I create another branch to make it cleaner (single commit) or can I commit a new change to this one? I don't quite remember if github squashes multiple commits in a merge request branch.. To answer your question, I caught it while I was testing my application - so I wanted to make sure the refresh worked. However I do have reason to want to manage token expiry on my own code. I use access tokens to access a SQL server impersonating the logged-in user. So I store a ODBC cursor that has been authenticated using the authentication token with this technique. If I try to use the cursor without a valid access token, I will likely get a generic error from the ODBC library. So instead, I could track the expiry time of the access token for every database query. Since there would be many calls, ideally this should be quick - like if access_token_time - time.time() > 3600: refresh. In this case, just to be sure, I could use the force_refresh since I know I want it to be refreshed. But if I didn't it, MSAL should also see the expired access token and refresh it. I'm just not sure whether calling MSAL "acquire_token_silently" on every ODBC query is efficient. If it is, then I can just do that and rely on the library's cache and auto-refresh capability. |
As requested, the call to self._acquire_token_silent_from_cache_and_possibly_refresh_it now specifies force_refresh=force_refresh, similar to line 425.
Thanks for updating this PR. We the repo maintainers would have the choice to do a merge commit or a squash commit. Also THANKS for sharing your real world usage case! We had that case briefly documented in ADAL Python's wiki (which referring to the same source that you found). Please let us know if you would find anything special for MSAL Python. Regarding your usage pattern:
I'm going to merge in your fix. Feel free to ask us more questions when needed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
acquire_token_silent is receiving force_refresh but it's not passing to the next function: _acquire_token_silent_from_cache_and_possibly_refresh_it. This update just adds that argument when calling the latter.