TokenCaching

Exploring Access Token Caching

Overview

This tool helps you test the behavior of calling GetAccessToken multiple times using different Azure credential types. You can compare two patterns:

Reusing the same credential instance.
Creating a new credential instance for each request.

You can now choose from several credential types, including DefaultAzureCredential, ManagedIdentityCredential, ClientSecretCredential, and others. The tool lets you analyze how each credential type handles token caching.

Token Caching Behavior Across Credential Types

Token caching depends on which TokenCredential implementation you use. For example:

ManagedIdentityCredential handles caching internally.
ClientSecretCredential and ClientCertificateCredential only reuse tokens if you reuse the instance.
DefaultAzureCredential wraps several providers and may or may not cache depending on which one it selects.

If you create a new credential instance every time, caching is bypassed, and a new token is requested from Entra ID. Reusing the same instance can save time by avoiding repeated token requests.

Selecting a Credential Type

You can now select the credential type before starting the test. The tool supports an optional clientId parameter, which is helpful when working with user-assigned managed identities or when using credentials that require a client ID.

Findings

Reusing a credential instance can make access token retrieval much faster, especially when the credential supports caching. Creating new instances often results in longer delays, as each request triggers a call to Entra ID.

This behavior is easy to observe when running the tests in the tool. The logs show the response time and token hash for each request, so you can see whether the token was reused or not.

Conclusions

To get better performance, reuse the same credential instance whenever you can. This is true for both DefaultAzureCredential and other credential types that support caching. Avoid creating new instances unless you have a specific reason.

By reducing the number of network requests to Entra ID, you lower response times and improve the performance of your application.

Resources

Token caching in the Azure Identity client library

TokenCaching

Exploring Access Token Caching

Overview

Token Caching Behavior Across Credential Types

Selecting a Credential Type

Findings

Conclusions

Resources

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally