Skip to content

TokenCredential.supports_caching #19940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chlowell wants to merge 1 commit into from
Closed

TokenCredential.supports_caching #19940

chlowell wants to merge 1 commit into from

Conversation

@chlowell
Copy link
Member

@chlowell chlowell commented Jul 26, 2021

Part of #19308. Today, BearerTokenCredentialPolicy caches the last access token it acquired and calls get_token() only when this cached token will soon expire. This isn't safe with on-behalf-of tokens because they contain a user assertion identifying the user on whose behalf the application accesses resources. When an application changes its intended user, a client must not continue using a token for the prior user. Our design for on-behalf-of authentication makes the credential responsible for tracking the application's user assertion changes, which is to say it requires BearerTokenCredentialPolicy to call get_token() every time it authorizes a request. So, this PR adds TokenCredential.supports_caching(). BearerTokenCredentialPolicy calls this method to learn whether a given TokenCredential maintains its own token cache. When this returns True, BearerTokenCredentialPolicy defers to the credential's cache, calling get_token() every time it wants to authorize a request. The policy doesn't expect all credentials to implement this method, and assumes it's safe to cache tokens from credentials which do not.

@chlowell
Copy link
Member Author

chlowell commented Aug 27, 2021

Closing in favor of #20451

@chlowell chlowell closed this Aug 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lmazuel lmazuel Awaiting requested review from lmazuel lmazuel will be requested when the pull request is marked ready for review lmazuel is a code owner

@annatisch annatisch Awaiting requested review from annatisch annatisch will be requested when the pull request is marked ready for review annatisch is a code owner

@johanste johanste Awaiting requested review from johanste johanste will be requested when the pull request is marked ready for review johanste is a code owner

@xiangyan99 xiangyan99 Awaiting requested review from xiangyan99 xiangyan99 will be requested when the pull request is marked ready for review xiangyan99 is a code owner

@iscai-msft iscai-msft Awaiting requested review from iscai-msft iscai-msft will be requested when the pull request is marked ready for review iscai-msft is a code owner

@kashifkhan kashifkhan Awaiting requested review from kashifkhan kashifkhan will be requested when the pull request is marked ready for review kashifkhan is a code owner

@pvaneck pvaneck Awaiting requested review from pvaneck pvaneck will be requested when the pull request is marked ready for review pvaneck is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

Azure.Core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chlowell