Closed JorgeDaboub closed 2 months ago
Thanks for bringing this to our attention, @JorgeDaboub . This was the same issue that we recently fixed in #717 already. Please install our dev
branch to confirm that our fix also works for you.
pip install --force-reinstall "git+https://github.com/AzureAD/microsoft-authentication-library-for-python.git@dev"
It would be great if you can let us know your test result within a day or two, because we are approaching a code-freeze period for another release.
Closing for now. Please reopen if our fix won't work for you.
We have encountered an issue with how MSAL is caching Tokens that have a KID.
The issue is:
The solution:
A quick check when getting a token from cache. If a KeyID is present it should match the one provided.
I validated these changes locally and they solve the issue. For reference here is the code we use: https://github.com/Azure/azure-cli-extensions/blob/2a1898ff1b70153df2311ccb784a90751914c0b1/src/connectedk8s/azext_connectedk8s/_clientproxyutils.py#L86
We have an open ICM with more context: https://portal.microsofticm.com/imp/v3/incidents/incident/494360176/summary