Add Token Caching Support for Managed Identity

[joshfree]

Intro
When application developers use the developer SDKs and libraries provided by Azure to build apps that run on Azure, they expect built-in support for common and repeatable tasks. From Azure’s perspective, adding support to common patterns helps increase the resilience of the apps running on Azure. Managed Identity token caching is a common task that’s currently missing in the Azure Identity client libraries. The Azure Identity libraries are used by all Track 2 Azure SDKs to support the use of Managed Identities for Azure resources. This is causing each developer to add their own code for token caching.

What is token caching? When a client receives a token from Azure AD, it’s highly recommended to cache the token to improve app resilience by avoiding repeated token requests to Azure AD. In user authentication flows, a cached refresh token allows the client code to silently request new access tokens without causing the users to be prompted for authentication. In an app-only flow, a refresh token isn’t involved, and an access token is issued. Client code must cache the access tokens for the same reasons.

The Azure Identity client library has implemented detection and support for multiple Azure resource providers. It provides an abstraction DefaultAzureCredential and ManagedIdentityCredential classes so that developers can write consistent code that does not need to change based on the resource provider used.

Feature
Collaborate with the MSAL team to design, prototype, and then productize a solution across MSAL and Azure Identity SDKs to provide ManagedIdentity token caching support at the MSAL/SDK layer so that applications can be resilient and performant with managed identity token caching and automatic cache refreshes.

Related:

• [FEATURE REQ] Azure.Identity: Access Token Caching azure-sdk-for-net#18938

[xiangyan99]

Done