disable token cache for service principal (#20336)

Co-authored-by: NanxiangLiu <[email protected]> Co-authored-by: Jin Lei <[email protected]>
Azure · Dec 1, 2022 · 44b8085 · 44b8085
1 parent fcd4743
commit 44b8085
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -19,9 +19,7 @@
 -->
 
 ## Upcoming Release
-* Enabled caching tokens when logging in with a service principal or client assertion. [#20013]
-    - This could reduce extra network traffic and improve performance.
-    - It also fixed the incorrectly short lifespan of tokens.
+* Enabled caching tokens when logging in with a client assertion. This fixed the incorrectly short lifespan of tokens.
 * Upgraded target framework of Microsoft.Identity.Client to net461 [#20189]
 * Stored `ServicePrincipalSecret` and `CertificatePassword` into `AzKeyStore`.
 * Updated the reference of Azure PowerShell Common to 1.3.65-preview.

diff --git a/src/Accounts/Authenticators/ServicePrincipalAuthenticator.cs b/src/Accounts/Authenticators/ServicePrincipalAuthenticator.cs
@@ -43,12 +43,14 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             var authority = spParameters.Environment.ActiveDirectoryAuthority;
 
             var requestContext = new TokenRequestContext(scopes);
-            var tokenCachePersistenceOptions = spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions();
+            // var tokenCachePersistenceOptions = spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions();
             AzureSession.Instance.TryGetComponent(nameof(AzureCredentialFactory), out AzureCredentialFactory azureCredentialFactory);
 
             var options = new ClientCertificateCredentialOptions()
             {
-                TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
+                // commented due to https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3218
+                // todo: investigate splitting user token cache and app token cache
+                // TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
                 AuthorityHost = new Uri(authority),
                 SendCertificateChain = spParameters.SendCertificateChain ?? default(bool)
             };
@@ -67,7 +69,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                 //Service principal with secret
                 var csOptions = new ClientSecretCredentialOptions()
                 {
-                    TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
+                    // TokenCachePersistenceOptions = tokenCachePersistenceOptions, // allows MSAL to cache access tokens
                     AuthorityHost = new Uri(authority)
                 };
                 tokenCredential = azureCredentialFactory.CreateClientSecretCredential(tenantId, spParameters.ApplicationId, spParameters.Secret, csOptions);