Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Web API and daemon apps
There is no API to remove the tokens from the cache. Cache size should be handled by setting eviction policies on the underlying storage. See Cache Serialization for details on how to use a memory cache or distributed cache.
Desktop, command line and mobile applications
When you acquire an access token using the Microsoft Authentication Library for .NET (MSAL.NET), the token is cached. When the application needs a token, it should first call the AcquireTokenSilent method to verify if an acceptable token is in the cache.
Clearing the cache is achieved by removing the accounts from the cache. This does not remove the session cookie which is in the browser, though. The following example instantiates a public client application, gets the accounts for the application, and removes the accounts.
private readonly IPublicClientApplication _app;
private static readonly string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static readonly string Authority = string.Format(CultureInfo.InvariantCulture, AadInstance, Tenant);
_app = PublicClientApplicationBuilder.Create(ClientId)
.WithAuthority(Authority)
.Build();
var accounts = (await _app.GetAccountsAsync()).ToList();
// clear the cache
while (accounts.Any())
{
await _app.RemoveAsync(accounts.First());
accounts = (await _app.GetAccountsAsync()).ToList();
}
To learn more about acquiring and caching tokens, read acquire an access token