Hi @Mayuri Barve ,
Thanks for reaching out.
Microsoft Authentication Library (MSAL) acquires a token and handle the token in many ways.
So, when the application needs a token, it should first call the AcquireTokenSilentAysnc method to verify if an acceptable token is in the cache and retrieve the token from cache. MSAL caches the access, refresh, and ID tokens and handle them accordingly.
In ASP.NET Core web apps and web APIs, use Microsoft.Identity.Web In-memory cache option to get token caches.
In .net core application, call AddInMemoryTokenCaches() or AddDistributedTokenCaches() (In production for persistence) to startup.cs file
public void ConfigureServices(IServiceCollection services)
{
// code before
.EnableTokenAcquisitionToCallDownstreamApi(new string[] { scopesToRequest })
.AddInMemoryTokenCaches();
// code after
If access token is about to expire, it gets the refresh token as token cache also contains a refresh token. AcquireTokenSilentAsync is the abstract process by which refresh token is used to get new access token in backend.
The lifetimes of refresh tokens are relatively long. However, in some cases, refresh tokens expire, are revoked. Then your application should handle the error gracefully using MsalUiRequiredException exception and prompt user to sign in again and get the token interactively.
See AcquireTokenSilentAsync using a cached token and Token cache serialization in MSAL.NET for more clarification .
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.