Closed marchar91 closed 2 years ago
Sounds like your app somehow mixed the tokens among users. How does your app persist token cache?
Can you reproduce the issue with this sample? It persists the tokens into current session, so it shouldn't have this issue.
Hello, I am working on a project and I am using as starting point the provided application in this repo. The user need to authenticate first, then, using On Behalf Of flow, I get a second token that I use for getting data from a SQL database in Azure by using pass-through authentication. As of now, I have all expected result when testing with a single user but it doesn't work by testing with multiple users (not necessarily at the same exact time). Especially this is the wrong behavior:
The same happens the other way around, after cleaning the session: if I log in with the user that doesn't have any permission, I have an error (correctly in this case) but, if I log in with the user that should have permissions, from a fresh session, then I have the same error (wrong, the user has permissions). I suspect that the problem is that the provided example use a single cache for all the users, in fact, analysing the serialised
cache
value, after the first signin the corresponding dictionary has one user, but, after the second one, there are multiple users there, and they come from the cache serialisation. I would expect to have a proper management by having one cache per user or per session basically. Are my suspects correct? If so, how can I handle it? Thanks