TokenCachePersistenceOptions Class

Options for persistent token caching.

Most credentials accept an instance of this class to configure persistent token caching. The default values configure a credential to use a cache shared with Microsoft developer tools and SharedTokenCacheCredential. To isolate a credential's data from other applications, specify a name for the cache.

By default, the cache is encrypted with the current platform's user data protection API, and will raise an error when this is not available. To configure the cache to fall back to an unencrypted file instead of raising an error, specify allow_unencrypted_storage=True.

Warning

The cache contains authentication secrets. If the cache is not encrypted, protecting it is the

application's responsibility. A breach of its contents will fully compromise accounts.

Inheritance
builtins.object
TokenCachePersistenceOptions

Constructor

TokenCachePersistenceOptions(*, allow_unencrypted_storage: bool = False, name: str = 'msal.cache', **kwargs: Any)

Keyword-Only Parameters

Name Description
name
str

prefix name of the cache, used to isolate its data from other applications. Defaults to the name of the cache shared by Microsoft dev tools and SharedTokenCacheCredential. Additional strings may be appended to the name for further isolation.

Default value: msal.cache
allow_unencrypted_storage

whether the cache should fall back to storing its data in plain text when encryption isn't possible. False by default. Setting this to True does not disable encryption. The cache will always try to encrypt its data.

Examples

Configuring a credential for persistent caching


   cache_options = TokenCachePersistenceOptions()
   credential = InteractiveBrowserCredential(cache_persistence_options=cache_options)

   # specify a cache name to isolate the cache from other applications
   TokenCachePersistenceOptions(name="my_application")

   # configure the cache to fall back to unencrypted storage when encryption isn't available
   TokenCachePersistenceOptions(allow_unencrypted_storage=True)