azure-sdk-for-cpp icon indicating copy to clipboard operation
azure-sdk-for-cpp copied to clipboard

Published 20 hours ago verified publisher icon Azure

Token credential with local cache

Open Jinming-Hu opened this issue 2 years ago • 2 comments

We got a feature request from one of our customers. Basically they're using token credential for authorization and they need different client options (like retry options) for different kind of requests so they need to initialize many clients for those requests. The problem is the access token is cached in BearerTokenAuthenticationPolicy, which is created when initializing a blob client. So the access token cannot be shared among these blob clients even though requests are sent to the same storage account.

I'm looking for some way to fix this problem and while I'm looking at .Net code, I found SharedTokenCacheCredential. I think such a credential with local cache can work in this scenario.

@RickWinter @antkmsft What do you think? Can we provide the same credential in C++?

Jinming-Hu avatar Jul 16 '22 07:07 Jinming-Hu

@Jinming-Hu, please help me to understand the request better. It sounds like what you want is to minimize token requests and token refresh requests. I.e. a case 100 clients are using the same credential, you call method of one of them, and it gets the token to reuse within the next hour. But currently that would be reused with only that one client, while all other 99 clients will send the same token request. And in an hour, all 100 of them will need to send a request to refresh the token. What you would like to see is one request per (tenant id, client id, auth scope) to get the token initially, and a single request to refresh the token, not 100 of them. The cash is "local" - it only lives during process run time and is not shared between processes, and is not persistent after process quits.

Is this accurate?

antkmsft avatar Aug 25 '22 18:08 antkmsft

it only lives during process run time and is not shared between processes, and is not persistent after process quits.

Cache within the process can meet this customer's requirement. I think it's much easier to implement because the cache can reside in memory, it involves no file operations or inter-process communication or synchronization. It's good enough for now.

But we should be aware of the fact that .Net has a more advanced implementation. Cache can be shared across processes with .Net. We should keep this in mind when designing the API interface, so that it can be easily extended if we do have such a feature request in the future.

Jinming-Hu avatar Aug 26 '22 01:08 Jinming-Hu