Refactor to avoid HTTP calls in app creation #856
Labels
confidential-client
For issues related to confidential client apps
public-client
For questions/issues related to public client apps
SDK-Consistency
Items that deal with consistency between all MSALs
Comments
Avery-Dunn
added
SDK-Consistency
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As pointed out in this comment on the PR adding custom authority support, it is a bad practice to make HTTP calls during app creation. If there is no internet connection, then a program that creates an app on startup can confusingly fail before it actually tries to use MSAL for anything.
Unfortunately, unlike similar calls the sort of information this HTTP call provides doesn't only happen in one place after app creation: it's needed for token calls, certificate helpers, URL builders, and more, all of which are public APIs that can be called in any order.
Some refactoring is needed to ensure that no HTTP calls occur during app creation, and that the HTTP calls are made in a way that doesn't lead to missing info/null pointers/etc.
The text was updated successfully, but these errors were encountered: