Microsoft-identity-web: Is it possible to set the expiry for cached tokens

Created on 17 Jul 2020  路  4Comments  路  Source: AzureAD/microsoft-identity-web

Is your feature request related to a problem? Please describe.
Hello,

Thanks for your work here it really makes things easier.
I'm trying to use this library to cache tokens so I can then use them to call Graph Api.

I'm using Redis distributed cache for that to happen.

However one thing I noticed is its not possible to set the cache expiry which is something I really need.

At the moment my code is configured in the Startup.cs like this:

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftWebApp(options =>
                {
                    Configuration.Bind("AzureAD", options);
                    options.Events ??= new OpenIdConnectEvents();
                    options.Events.OnRedirectToIdentityProvider = async ctx =>
                    {
                        ctx.ProtocolMessage.RedirectUri = Configuration["AzureAd:RedirectUri"];
                        await Task.CompletedTask;
                    };
                })
                .AddMicrosoftWebAppCallsWebApi(Configuration)
                .AddDistributedTokenCaches();

                services.AddStackExchangeRedisCache(options =>
            {
                options.Configuration = Configuration["Redis"];
                options.InstanceName = "myapp-";
            });

Describe the solution you'd like
What I would really like is to be able to set the cache expiry for the Redis cache I'm using during startup if that's possible. At the moment the only way I see I can do this is by using the ConfidentialClientApplicationBuilder as described here by hooking into the BeforeAccess and AfterAccessevents. But that means I would not be able to use the really usefulITokenAcquisition.GetAccessTokenForUserAsync(scopes)` which is so much cleaner

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Answered fixed needs documentation question

All 4 comments

Here's the code I use to manage the token expire time.

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftWebApp(options =>
                {
                    Configuration.Bind("AzureAd", options);

                    options.Events.OnTicketReceived = (context) =>
                    {
                        context.Properties.IsPersistent = true;
                        context.Properties.ExpiresUtc = DateTimeOffset.UtcNow.AddDays(365);

                        return Task.FromResult(0);
                    };
                })
                .AddMicrosoftWebAppCallsWebApi(Configuration, new string[] { Constants.Scopes })
                .AddDistributedTokenCaches();

I managed to get this working 馃挭 with adding this line:

services.Configure<MsalDistributedTokenCacheAdapterOptions>(Configuration.GetSection("RedisOptions"));

Then in my appsettings I had this:

  "RedisOptions": {
    "AbsoluteExpirationRelativeToNow":  "72:00:00"
  }

@jmprieur we should capture some or all of this for the wiki.

@mia01 @Mrcl1450.
I've updated the wiki page: https://github.com/AzureAD/microsoft-identity-web/wiki/Token-cache-serialization#managing-the-expiry

cc: @jennyf19

Was this page helpful?
0 / 5 - 0 ratings