Closed maskati closed 1 week ago
Change the implementation of
WithForceRefresh(true)
to also update the token cache
Does WithForceRefresh(true)
not update the token cache? Any successful token acquisition should already update token cache. If not, that might be a bug.
That being said, forcing the calling app to use WithForceRefresh(true)
is not a good dev experience, because calling app won't and shouldn't know when to force refresh. MSAL may revisit an AcquireToken(..., accessTokenToRenew=oldAccessToken)
pattern.
WithForceRefresh(true)
will result in MSAL ignoring any existing access token from the cache. Refresh Tokens are still used. New tokens from the STS will overwrite old tokens.
What flow are you testing with @maskati ? Public Clients using broker have spotty behavior for flag, but it should work on the latest versions of MSAL.NET
Now that I am testing it again it seems to be working as expected, and WithForceRefresh(true)
is updating the cached token even while skipping the cache for lookup. Not sure under what circumstances I considered it not working when testing earlier.
A small note that it might be useful to update the documentation to indicate that force refresh does not skip the cache completely, and does in fact update the cache with the new token. I was performing my own tests because the behaviour was unclear based on the docs.
MSAL client type
Public, Confidential
Problem statement
MSAL does not currently seem to provide a mechanism to force the refresh of a cached access token before expiry. Such functionality would be useful in cases where the token is known to have changes, such as when group memberships are updated as a result of PIM for Groups.
Proposed solution
Change the implementation of
WithForceRefresh(true)
to also update the token cache. Updating the token cache would allow use of this function to refresh the currently cached token as used by other invocations utilizing the same cache (using the defaultWithForceRefresh(false)
).Alternatives
WithForceRefresh(true)
for all token acquisitions until cached token expiry.