[Bug] Version 4.61.3 seems to bring about very significant increases in token endpoint and metadata request volumes

[sgryt]

Library version used

4.61.3

.NET version

Various

Scenario

ConfidentialClient - web site (AcquireTokenByAuthCode)

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

This report is being created on behalf of a number of customers of our service, all exhibiting the same change in traffic volume behavior towards our service.

On June 11/12, the request volume towards our service (which is an OpenID Provider) token and OIDC metadata endpoints increased dramatically overnight. Dialog with customers indicates that they bumped the Microsoft.Identity.Client library from version 4.60.3 to 4.61.3 at that time.

The increase in volume is about 3 orders of magnitude (1000x).

I don't have much more detail to reveal at the moment (we do not have access to the codebases of our customers, so I cannot inspect their specific setup/middleware configuration).

Please advise on how to proceed ? We would very much like to be able to guide our customers on how to reestablish the previous traffic patterns.

Relevant code snippets

No response

Expected behavior

A reasonable ratio between succesful authorize requests and subsequent token exchange requests.

Identity provider

Other

Regression

No response

Solution and workarounds

No response