Use tenant id for building the cache key. Right now the cache key used is using tenant as common, but should be managed-identity

[neha-bhargava]

The cache key for managed identity should be same for MSAL.Net and MSAL Java.

Currently, the difference between the cache key is the tenant. Cache key in MSAL.Net: -login.microsoftonline.com-accesstoken-system_assigned_managed_identity-managed_identity-https://management.azure.com Cache key in MSAL Java: -login.microsoftonline.com-accesstoken-system_assigned_managed_identity-common-https://management.azure.com

The format of the cache key: --accesstoken---

Since the authority is not used in case of managed identity, the default authority is used for managed identity. But also after adding managed-identity as tenant the common tenant id is used for cache key.

MSAL.Net follows this algorithm to get the tenant.

We can either implement this algorithm or modify the default authority for managed identity.

Preference to have consistency with MSAL.Net and have the same logic to use the tenant id unless there is a concern.

[bgavrilMS]

@neha-bhargava - the 2 cache keys you described seem to be identical.

The algorithm you describe is pretty complex because it takes into consideration user scenarios. But in app scenario, there are only:

• authority specified at app level
• authority or tenant specified at request level (which wins)

Are you saying that MSAL Java does not correctly resolve the tenant id in client_credentials scenarios?

[Avery-Dunn]

This was resolved in https://github.com/AzureAD/microsoft-authentication-library-for-java/pull/746 and released as part of 1.14.4-beta