microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Prototype] Use IIdentityCache and CompositeCache

Open pmaytak opened this issue 2 years ago • 0 comments

Related to cache improvements #3532.

General problem statement Currently if user does not specify caching mechanism, MSAL's default cache is in-memory without eviction. If in-memory cache with eviction is desired, the recommendation is use a separate Microsoft.Identity.Web.TokenCaches package, however, which also uses object serialization.

Goal

  • Primary: Need a default performant in-memory cache with eviction and without serialization (without the need to use Microsoft.Identity.Web.TokenCache).
  • Secondary: Need a more user friendly way to provide a custom cache to MSAL. (Currently user has to subscribe to caching event handlers.)

Changes proposed in this request

  • Adds an ability for the user to provide an implementation of IIdentityCache when creating a confidential client app instance via the CacheOptions.
  • Adds a sample default implementation of IIdentityCache using .NET's Memory Cache if user does not set up caching.
  • Adds a sample implementation of ICompositeCache.

Previous prototypes for cache improvements (#3104, #3177) focused on how to implement better cache (namely Wilson's) by replacing current caching code in non-breaking way. The biggest obstacle was the use of GetAccounts method and other GetAllX methods that are used in cache serialization which are unable to provide a partition key. It is an issue because generally cache implementation don't provide GetAll functionality. (Everywhere else we do have a partition key). There was also a challenge of replacing the storage structures themselves (ex. accessors) to work with the new cache - it would require significant refactoring.

This prototype only focuses on CCA. The GetAccounts and other GetAllX methods without partition key will not use the new cache. (GetAccounts is not applicable to confidential apps because we recommend distributed caching there, so there would only ever be one account in the cache at a time.) This prototype also has the new cache instance side-by-side with the current cache serialization which are mutually exclusive.

CodeTour CodeTour file going over overall end-to-end code changes: IIdentityCache_Prototype.zip How-to:

  1. Install CodeTour VS Code extension.
  2. Open in VS Code: image

pmaytak avatar Jul 01 '22 08:07 pmaytak