Skip to content

BearerTokenAuthenticationPolicy to use shared_lock in case no refresh is needed#5188

Merged
antkmsft merged 6 commits intoAzure:mainfrom
antkmsft:auth-use-shared-lock
Nov 28, 2023
Merged

BearerTokenAuthenticationPolicy to use shared_lock in case no refresh is needed#5188
antkmsft merged 6 commits intoAzure:mainfrom
antkmsft:auth-use-shared-lock

Conversation

@antkmsft
Copy link
Member

@antkmsft antkmsft commented Nov 26, 2023
edited
Loading

Closes #4756.

--
UWP CI is currently blocked until microsoft/vcpkg#35279 is fixed / microsoft/vcpkg#35116 is merged (#5181 would unblock)

@antkmsft antkmsft marked this pull request as ready for review November 26, 2023 15:01
@antkmsft antkmsft added the MQ This issue is part of a "milestone of quality" initiative. label Nov 27, 2023
@antkmsft antkmsft self-assigned this Nov 27, 2023
LarryOsterman
LarryOsterman approved these changes Nov 28, 2023
View reviewed changes
Copy link
Member

@LarryOsterman LarryOsterman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My only concern is the 1970 year bias when creating the Azure::DateTime object, otherwise it looks fine.

@antkmsft antkmsft enabled auto-merge (squash) November 28, 2023 20:23
@antkmsft antkmsft merged commit 135e746 into Azure:main Nov 28, 2023
ahsonkhan
ahsonkhan reviewed Nov 29, 2023
View reviewed changes
sdk/core/azure-core/src/http/bearer_token_authentication_policy.cpp
Comment on lines +65 to +74
bool TokenNeedsRefresh(
Azure::Core::Credentials::AccessToken const& cachedToken,
Azure::Core::Credentials::TokenRequestContext const& cachedTokenRequestContext,
Azure::DateTime const& currentTime,
Azure::Core::Credentials::TokenRequestContext const& newTokenRequestContext)
{
return newTokenRequestContext.TenantId != cachedTokenRequestContext.TenantId
|| newTokenRequestContext.Scopes != cachedTokenRequestContext.Scopes
|| currentTime > (cachedToken.ExpiresOn - newTokenRequestContext.MinimumExpiration);
}
Copy link
Contributor

@ahsonkhan ahsonkhan Nov 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic could benefit from a comment. For example, I understand that we need a token refresh if the tenant id and scope don't match, but why are we using current token's and cached token's expirations together like this: cachedToken.ExpiresOn - newTokenRequestContext.MinimumExpiration?

@antkmsft antkmsft deleted the auth-use-shared-lock branch November 29, 2023 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LarryOsterman LarryOsterman LarryOsterman approved these changes

@RickWinter RickWinter Awaiting requested review from RickWinter RickWinter is a code owner

@vhvb1989 vhvb1989 Awaiting requested review from vhvb1989

@gearama gearama Awaiting requested review from gearama

+1 more reviewer

@ahsonkhan ahsonkhan ahsonkhan left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@antkmsft antkmsft

Labels

Azure.Core Azure.Identity MQ This issue is part of a "milestone of quality" initiative.

Projects

Azure Identity SDK Improvements
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BearerTokenAuthenticationPolicy can be more efficient by utilizing shared/unique token locking

3 participants

@antkmsft @ahsonkhan @LarryOsterman