python-msal for Azure active directory based authentication, cache
Question
I've followed the sample app found here: https://github.com/Azure-Samples/ms-identity-python-webapp/blob/master/app.py
The python uses flask based session to store (cache) the returned value from the Azure authentication service.
Question: why the web app is required to store the token on its own storage?
Why the web app won't simply pass the access token to the user's browser, which will be sent in subsequent requests in a form of cookie or Authorization header, and then for every request the web app will consult the Azure API for checking whether the token is valid or not?
Assuming a web app needs authentication only, what's the point of the msal.TokenCache , and can I avoid using it?
1 answers
solution1
0 2020-12-18 00:16:40
MSAL's token cache comes with lots of token refresh logic to minimize end user interaction. Say, if you somehow already have token for scope A & B in the cache, and later you need a token for A, MSAL will reuse the token in cache, and automatically refresh it when necessary.
The web app sample chooses to implement such a token cache persistence layer in the form of a session, therefore all the aforementioned cache behavior would simply be there, in case your app would need to use it later down the road.
That being said, the entire token cache is technically optional. You can choose to tailor your implementation. (Caveat: Simply omitting the token cache is likely NOT the right approach, though, because then the default in-memory token cache would kick in, and then all your end user's token would accumulate in your flask app's memory.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.