Persist Token Cache or Better Solution

Matthew Vacarro 1 Reputation point
2022-02-03T04:14:58.27+00:00

Node / Express Server & PG DB

MSAL is instantiated when the server builds and is held in App.locals

=> app.locals.msalClient = new msal.ConfidentialClientApplication(msalConfig);

Everything works great, when I user login all the information is held in the MSAL and the tokens are accessible.

Here's the problem: every time I want to push any updated to prod the cache of tokens are lost due to being held in local memory. So when I rebuild local or on Heroku the cache is empty and that requires my users to re-auth. I need these tokens to persist but there doesn't seem to be a way for me to add them into the DB to rehydrate or leverage later. From my understanding, MSAL won't allow you to insert tokens back in.

The service I am building runs a lot in the background and shouldn't require a user having to open the application for the service's protocols to continue.

I looked into doing the "Client credential flows" but I can only find explanations in .NET. Ideally, I would love for the tokens to be held on the Azure close and stay accessible & persistent. However I am happy to hear any and all solutions.

Thanks,
Matt

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,814 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,820 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,106 Reputation points Microsoft Employee
    2022-02-03T10:57:51.797+00:00

    Hi @Matthew Vacarro ,

    Thanks for reaching out.

    Your understanding is correct here. In-memory caches are good for applications that don't require tokens to persist between app restarts which is mainly for local app development.

    For token persistence, MSAL provides and recommended to use distributed token cache (Redis, SQL Server, Azure Cosmos DB, distributed memory) to request tokens for users in a production application.

    A distributed memory cache will not clear when the app stops. In this case, the cached items are stored by the app instance on the server where app is running. The Distributed Cache is just an abstraction (using IDistributedCache interface). Using Distributed cache, you can inject the cache where you want to store and use. Asp.net currently support

    • Distributed Memory Cache -This one is an in memory cache, likely works the same that when you do AddInMemoryCache.
    • Distributed SQL Server cache -allows the distributed cache to use a SQL Server database as its backing store.
    • Distributed Redis cache
    • Distributed NCache cache

    Also, if you want to create your own implementation of the IDistributedCache interface you use any other store (mysql, CosmosDb…)

    Refer Token cache serialization (MSAL.NET) for detailed description on distributed cache and sample framework-provided implementations.

    Also, Client credential flow is OAuth flow commonly used for server-to-server interactions that usually run in the background, without immediate interaction with a user and help to acquire the token and call protected web APIs.

    Hope this will help. If you have further questions on this, please let us know.

    Thanks,
    Shweta

    -----------------------------------------------

    Please remember to "Accept Answer" if answer helped you.