microsoft-authentication-library-for-js icon indicating copy to clipboard operation
microsoft-authentication-library-for-js copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

MSAL default cache is slow - O(n)

Open aleknik opened this issue 2 years ago • 12 comments
trafficstars

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

1.14.2

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

We had an issue that msal token exchange requests were becoming slower over time and consuming large portion of CPU time. After an internal discussion it was concluded that in-memory cache operates in O(n) complexity. This bug was open to track this issue.

Error Message

No response

Msal Logs

No response

MSAL Configuration

auth: {
                clientId: clientId,
                clientCertificate: {
                    privateKey: cert.privateRSAKey,
                    thumbprint: cert.publicCER.getThumbprintHex(),
                    x5c: cert.publicCER.asPEM()
                }
            },
            system: {
                networkClient: this.httpModule
            }

Relevant Code Snippets

acquireTokenOnBehalfOf(request);
acquireTokenByClientCredential(request);

Reproduction Steps

We had an issue that msal token exchange requests were becoming slower over time and consuming large portion of CPU time. After an internal discussion it was concluded that in memory cache operates in O(n) complexity.

Expected Behavior

Cache performance should be O(n)

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

Internal (Microsoft)

aleknik avatar Dec 07 '22 13:12 aleknik

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @hectormmg, @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Dec 14 '22 01:12 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @hectormmg, @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Dec 19 '22 13:12 ghost

Workaround exists:

  • create 1 CCA object per request
  • provide "knowAuthorities" and "oidcMetadata" as well

bgavrilMS avatar Dec 19 '22 16:12 bgavrilMS

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @hectormmg, @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Dec 25 '22 01:12 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @hectormmg, @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Dec 30 '22 01:12 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Jan 08 '23 01:01 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Jan 13 '23 13:01 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Jan 19 '23 01:01 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Jan 24 '23 13:01 ghost

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @bgavrilMS, @Robbie-Microsoft please follow up.

ghost avatar Jan 30 '23 01:01 ghost

@bgavrilMS Do we plan to address this in the near future or is the work around the way to go?

sameerag avatar Jan 31 '23 17:01 sameerag