Hi @Matthew Vacarro ,
Thanks for reaching out.
Your understanding is correct here. In-memory caches are good for applications that don't require tokens to persist between app restarts which is mainly for local app development.
For token persistence, MSAL provides and recommended to use distributed token cache (Redis, SQL Server, Azure Cosmos DB, distributed memory) to request tokens for users in a production application.
A distributed memory cache will not clear when the app stops. In this case, the cached items are stored by the app instance on the server where app is running. The Distributed Cache is just an abstraction (using IDistributedCache interface). Using Distributed cache, you can inject the cache where you want to store and use. Asp.net currently support
• Distributed Memory Cache -This one is an in memory cache, likely works the same that when you do AddInMemoryCache.
• Distributed SQL Server cache -allows the distributed cache to use a SQL Server database as its backing store.
• Distributed Redis cache
• Distributed NCache cache
Also, if you want to create your own implementation of the IDistributedCache interface you use any other store (mysql, CosmosDb…)
Refer Token cache serialization (MSAL.NET) for detailed description on distributed cache and sample framework-provided implementations.
Also, Client credential flow is OAuth flow commonly used for server-to-server interactions that usually run in the background, without immediate interaction with a user and help to acquire the token and call protected web APIs.
Hope this will help. If you have further questions on this, please let us know.
Thanks,
Shweta
-----------------------------------------------
Please remember to "Accept Answer" if answer helped you.