Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support get access token and token renewal #7595

Merged
merged 11 commits into from
Feb 27, 2025
Merged

Support get access token and token renewal #7595

merged 11 commits into from
Feb 27, 2025

Conversation

yongdiw
Copy link

@yongdiw yongdiw commented Feb 25, 2025
edited
Loading

This PR is to add support for getting an access token in the msal-custom-auth library.

Why:

  1. After the user complete sign in process, the user could use getAccessToken to acquire token.
  2. When acquiring token, the flow will look like below:
    1. Look up browser cache to see if there is any cached access token.
      1. If access token found and it is valid (not expired), return it.
      2. If access token found but expired, renew it.
      3. If access token not found, renew it.
    2. Renew access token - Look up browser cache and see if there is any cached refresh token.
      1. If cached refresh token found and it is valid, call POST /token endpoint to get a new access token. Once it is done, return the new tokens.
      2. If any error when during calling /token endpoint, throw error.
      3. If cached refresh token found but expired, throw error.
      4. If cached refresh token not found, throw error.'
    3. If throw error in the end, user should restart sign-in process again.
  3. If forceRefresh=true, then skip cache look up and only execute token renew.
  4. If no input for scopes, then use default scopes. Otherwise, it will be used during cache lookup and renew token (as request body). It has to be at least a subset of cached access token scope.

What:

  1. In CustomAuthSilentCacheClient, reuse SilentFlowClient originally defined in msal-browser to handle the flow mentioned above.
  2. Add tests for CustomAuthSilentCacheClient to ensure the flow works as expected
  3. Update CustomAuthAuthority to create AuthorityMetadataEntity and set into cache storage. This is used during token look up and calling correct /token endpoint for token renewal.

@github-actions github-actions bot added msal-browser Related to msal-browser package msal-custom-auth labels Feb 25, 2025
@yongdiw yongdiw marked this pull request as ready for review February 26, 2025 10:08
@yongdiw yongdiw requested review from albanx, nilo-ms, diegojerezba, spetrescu84 and Yuki-YuXin and removed request for diegojerezba February 26, 2025 10:08
@github-actions github-actions bot removed the msal-browser Related to msal-browser package label Feb 27, 2025
@yongdiw yongdiw merged commit 74f845f into custom-auth/main Feb 27, 2025
2 of 6 checks passed
@yongdiw yongdiw deleted the custom-auth/get-token branch February 27, 2025 17:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@albanx albanx albanx left review comments

@shenj shenj shenj left review comments

@nilo-ms nilo-ms nilo-ms left review comments

@nguyenluan3017 nguyenluan3017 Awaiting requested review from nguyenluan3017 nguyenluan3017 is a code owner

@sameerag sameerag Awaiting requested review from sameerag

@tnorling tnorling Awaiting requested review from tnorling

@hectormmg hectormmg Awaiting requested review from hectormmg

@jo-arroyo jo-arroyo Awaiting requested review from jo-arroyo

@peterzenz peterzenz Awaiting requested review from peterzenz

@konstantin-msft konstantin-msft Awaiting requested review from konstantin-msft

@lalimasharda lalimasharda Awaiting requested review from lalimasharda

@shylasummers shylasummers Awaiting requested review from shylasummers

@bgavrilMS bgavrilMS Awaiting requested review from bgavrilMS

@Robbie-Microsoft Robbie-Microsoft Awaiting requested review from Robbie-Microsoft

@spetrescu84 spetrescu84 Awaiting requested review from spetrescu84

@Yuki-YuXin Yuki-YuXin Awaiting requested review from Yuki-YuXin

Assignees
No one assigned
Labels
msal-custom-auth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yongdiw @albanx @shenj @nilo-ms