Address PR comments

AzureAD · Jan 4, 2024 · 7d8e369 · 7d8e369
1 parent f6421f3
commit 7d8e369
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 29 deletions.
diff --git a/apps/tests/devapps/client_certificate_sample.go b/apps/tests/devapps/client_certificate_sample.go
@@ -12,10 +12,16 @@ import (
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
-func acquireTokenClientCertificate() {
-	config := CreateConfig("confidential_config.json")
+var _config2 *Config = CreateConfig("confidential_config.json")
+
+// Keep the ConfidentialClient application object around, because it maintains a token cache
+// For simplicity, the sample uses global variables.
+// For user flows (web site, web api) or for large multi-tenant apps use a cache per user or per tenant
+var _app2 *confidential.Client = createAppWithCert()
+
+func createAppWithCert() *confidential.Client {
 
-	pemData, err := os.ReadFile(config.PemData)
+	pemData, err := os.ReadFile(_config2.PemData)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -30,12 +36,19 @@ func acquireTokenClientCertificate() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	app, err := confidential.New(config.Authority, config.ClientID, cred, confidential.WithCache(cacheAccessor))
+	app, err := confidential.New(_config2.Authority, _config2.ClientID, cred, confidential.WithCache(cacheAccessor))
 	if err != nil {
 		log.Fatal(err)
 	}
+	return &app
+}
 
-	result, err := app.AcquireTokenByCredential(context.Background(), config.Scopes)
+func acquireTokenClientCertificate() {
+
+	result, err := _app2.AcquireTokenByCredential(context.Background(), _config1.Scopes)
+	if err != nil {
+		log.Fatal(err)
+	}
 
-	fmt.Println("Got a token using the certificate. It expires on", result.ExpiresOn)
+	fmt.Println("A Bearer token was acquired, it expires on: ", result.ExpiresOn)
 }
diff --git a/apps/tests/devapps/client_secret_sample.go b/apps/tests/devapps/client_secret_sample.go
@@ -11,25 +11,30 @@ import (
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
+var _config1 *Config = CreateConfig("confidential_config.json")
+
 // Keep the ConfidentialClient application object around, because it maintains a token cache
-var _app *confidential.Client
+// For simplicity, the sample uses global variables.
+// For user flows (web site, web api) or for large multi-tenant apps use a cache per user or per tenant
+var _app1 *confidential.Client = createAppWithSecret()
 
-func acquireTokenClientSecret() {
-	config := CreateConfig("confidential_config.json")
-
-	if _app == nil {
-		cred, err := confidential.NewCredFromSecret(config.ClientSecret)
-		if err != nil {
-			log.Fatal(err)
-		}
-		app, err := confidential.New(config.Authority, config.ClientID, cred)
-		if err != nil {
-			log.Fatal(err)
-		}
-		_app = &app
+func createAppWithSecret() *confidential.Client {
+
+	cred, err := confidential.NewCredFromSecret(_config1.ClientSecret)
+	if err != nil {
+		log.Fatal(err)
+	}
+	app, err := confidential.New(_config1.Authority, _config1.ClientID, cred)
+	if err != nil {
+		log.Fatal(err)
 	}
 
-	result, err := _app.AcquireTokenByCredential(context.Background(), config.Scopes)
+	return &app
+}
+
+func acquireTokenClientSecret() {
+
+	result, err := _app1.AcquireTokenByCredential(context.Background(), _config1.Scopes)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/apps/tests/devapps/main.go b/apps/tests/devapps/main.go
@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"os"
 )
 
 var (
@@ -13,30 +12,30 @@ var (
 func main() {
 	ctx := context.Background()
 
-	// TODO(msal): This is pretty yikes. At least we should use the flag package.
-	exampleType := os.Args[1]
+	// Choose a sammple to run.
+	exampleType := "5"
+
 	if exampleType == "1" {
 		acquireTokenDeviceCode()
 		/*} else if exampleType == "2" {
 		acquireByAuthorizationCodePublic()
 		*/
 	} else if exampleType == "3" {
+		// This sample uses a serialized cache in an ecrypted file on Windows / KeyChain on Mac / KeyRing on Linux
 		acquireByUsernamePasswordPublic(ctx)
 	} else if exampleType == "4" {
 		panic("currently not implemented")
 		//acquireByAuthorizationCodeConfidential()
 	} else if exampleType == "5" {
 		// This sample does not use a serialized cache - it relies on in-memory cache by reusing the app object
-		// This works great for app tokens, because there is only 1 token per resource, per tenant and most
-		// developers only require 1-2 tokens.
+		// This works well for app tokens, because there is only 1 token per resource, per tenant.
 		acquireTokenClientSecret()
 
 		// this time the token comes from the cache!
 		acquireTokenClientSecret()
 	} else if exampleType == "6" {
-		// This samples	uses a serialized cache in a file. This is for demonstration purposes only of the caching interface.
-		// Production confidential client apps use in-memory cache (see above sample) if they target a small number of tenants.
-		// Multi-tenant apps needing tokens for million of tokens should use a distributed cache like Redis.
+		// This sample does not use a serialized cache - it relies on in-memory cache by reusing the app object
+		// This works well for app tokens, because there is only 1 token per resource, per tenant.
 		acquireTokenClientCertificate()
 
 		// this time the token comes from the cache!