Clarify cache usage in client_creds sample

AzureAD · Jan 4, 2024 · f6421f3 · f6421f3
1 parent d6395e7
commit f6421f3
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 23 deletions.
diff --git a/apps/tests/devapps/client_certificate_sample.go b/apps/tests/devapps/client_certificate_sample.go
@@ -34,14 +34,8 @@ func acquireTokenClientCertificate() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	result, err := app.AcquireTokenSilent(context.Background(), config.Scopes)
-	if err != nil {
-		result, err = app.AcquireTokenByCredential(context.Background(), config.Scopes)
-		if err != nil {
-			log.Fatal(err)
-		}
-		fmt.Println("Access Token Is " + result.AccessToken)
-		return
-	}
-	fmt.Println("Silently acquired token " + result.AccessToken)
+
+	result, err := app.AcquireTokenByCredential(context.Background(), config.Scopes)
+
+	fmt.Println("Got a token using the certificate. It expires on", result.ExpiresOn)
 }
diff --git a/apps/tests/devapps/client_secret_sample.go b/apps/tests/devapps/client_secret_sample.go
@@ -11,23 +11,28 @@ import (
 	"github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
+// Keep the ConfidentialClient application object around, because it maintains a token cache
+var _app *confidential.Client
+
 func acquireTokenClientSecret() {
 	config := CreateConfig("confidential_config.json")
-	cred, err := confidential.NewCredFromSecret(config.ClientSecret)
-	if err != nil {
-		log.Fatal(err)
-	}
-	app, err := confidential.New(config.Authority, config.ClientID, cred, confidential.WithCache(cacheAccessor))
-	if err != nil {
-		log.Fatal(err)
-	}
-	result, err := app.AcquireTokenSilent(context.Background(), config.Scopes)
-	if err != nil {
-		result, err = app.AcquireTokenByCredential(context.Background(), config.Scopes)
+
+	if _app == nil {
+		cred, err := confidential.NewCredFromSecret(config.ClientSecret)
 		if err != nil {
 			log.Fatal(err)
 		}
-		fmt.Println("Access Token Is " + result.AccessToken)
+		app, err := confidential.New(config.Authority, config.ClientID, cred)
+		if err != nil {
+			log.Fatal(err)
+		}
+		_app = &app
+	}
+
+	result, err := _app.AcquireTokenByCredential(context.Background(), config.Scopes)
+	if err != nil {
+		log.Fatal(err)
 	}
-	fmt.Println("Silently acquired token " + result.AccessToken)
+
+	fmt.Println("A Bearer token was acquired, it expires on: ", result.ExpiresOn)
 }
diff --git a/apps/tests/devapps/main.go b/apps/tests/devapps/main.go
@@ -26,8 +26,20 @@ func main() {
 		panic("currently not implemented")
 		//acquireByAuthorizationCodeConfidential()
 	} else if exampleType == "5" {
+		// This sample does not use a serialized cache - it relies on in-memory cache by reusing the app object
+		// This works great for app tokens, because there is only 1 token per resource, per tenant and most
+		// developers only require 1-2 tokens.
+		acquireTokenClientSecret()
+
+		// this time the token comes from the cache!
 		acquireTokenClientSecret()
 	} else if exampleType == "6" {
+		// This samples	uses a serialized cache in a file. This is for demonstration purposes only of the caching interface.
+		// Production confidential client apps use in-memory cache (see above sample) if they target a small number of tenants.
+		// Multi-tenant apps needing tokens for million of tokens should use a distributed cache like Redis.
+		acquireTokenClientCertificate()
+
+		// this time the token comes from the cache!
 		acquireTokenClientCertificate()
 	}
 }