search

AzureAD / microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
MIT License
683 stars 215 forks source link

Fetching OpenID configuration and signing keys in advance #1601

Open chintanr97 opened 2 years ago

chintanr97 commented 2 years ago

Currently, we can protect a web API using the library as follows:

services.AddMicrosoftIdentityWebApiAuthentication(configuration, "TestAuth1", "TestAuth1");

Now, when the service receives first API request that requires authentication, the authentication handler (here, a JwtBearerHandler) attempts to fetch the OpenID configuration followed by token signing keys (from the discovery endpoint) for the authorization server. The response is cached and refreshed every 24 hours by default with the help of the property available as JwtBearerOptions.AutomaticRefreshInterval. Given, the OpenID configuration and the keys are fetched during the first API request, it adds a minor delay in the response there (especially, when the token can be tried to be validated against multiple schemes).

Therefore, we would like to identify a way in which we could request the MSAL to fetch the OpenID configuration in advance and cache it during the service collection setup phase (i.e., during the web API startup). It could be later refreshed periodically and automatically with the help of the setting available under JwtBearerOptions.AutomaticRefreshInterval.

Any pointers for achieving this would be really helpful!

Regards, Chintan Rajvir

jennyf19 commented 2 years ago

@ciaozhang or @dannybtsai could you help answer this? thanks.

techgeek03 commented 2 months ago

Any updates on this one? I have the same use case and have not found a way to pre-load the OpenID configuration in advance.