Why we need `ReaderWriterLockSlim` in OpenIdConnectCachingSecurityTokenProvider?

Azure-Samples / active-directory-b2c-dotnet-webapp-and-webapi

A combined sample for a .NET web application that calls a .NET web API, both secured using Azure AD B2C

http://aka.ms/aadb2c

MIT License

273 stars 236 forks source link

Why we need `ReaderWriterLockSlim` in OpenIdConnectCachingSecurityTokenProvider? #124

Open LeTranAnhVu opened 2 years ago

LeTranAnhVu commented 2 years ago

The class OpenIdConnectCachingSecurityTokenProvider uses read/write lock of ReaderWriterLockSlim before get issuer and keys. I am wondering, why we need to use lock here? and what happen if we don't?

mderriey commented 1 week ago

I've done a write-up of my findings about the locking behaviour that we're confident caused a deadlock-like situation for us under enough concurrent requests.

https://github.com/AzureAD/microsoft-identity-web/issues/3078.