[Feature Request] Simplify the experience developer with the MSAL Token Cache.

[jmprieur]

Is your feature request related to a problem? Please describe.
Today, token caches are still complex to use with MSAL.NET. There are several pieces of documentation to read

• https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/token-cache-serialization, explains the whole thing. That’s the bit for the confidential client applications Token cache serialization · https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/token-cache-serialization#token-cache-for-a-web-app-or-web-api-confidential-client-application
• https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/MSAL.NET-or-Microsoft.Identity.Web#use-hybrid-model-msalnet-and-microsoft-identity-web for the technological choice.
• https://github.com/AzureAD/microsoft-identity-web/wiki/token-cache-serialization when customers choose to use full Identity.Web (the royal route)
• asp net · AzureAD/microsoft-identity-web Wiki (github.com) for the hybrid approach (MSAL.NET)
  https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Multi-tenant-client_credential-use for the multi-tenant options

Describe the solution you'd like
We want to have one message, which is simple and the same for every case.

addition of token caches to MSAL.NET confidential client applications in ASP.NET, or .NET Core, or .NET FW. The app.UseInMemoryTokenCaches(); and app.UseTokenCaches could be added to Microsoft.Identity.Web (probably not MSAL.NET to avoid drawing a dependency on Microsoft.Extensions.Caching.Memory.

Note that

• These methods should not be used in ASP.NET Core, where the token cache should still be added in the ConfigureService method of the Startup.cs.

• I don't recommend providing higher level wrappers AddRedisTokenCaches etc ..., because this would mean Ms.Id.Web would need to depend on Microsoft.Extensions.Caching.StackExchangeRedis etc ..

Proposed experience

            // (Simulates the configuration, could be a IConfiguration or anything)
            Dictionary<string, string> Configuration = new Dictionary<string, string>();

            // Create the confidential client application
            IConfidentialClientApplication app;
            app = ConfidentialClientApplicationBuilder.Create(clientId)
                // Alternatively to the certificate you can use .WithClientSecret(clientSecret)
                .WithCertificate(certDescription.Certificate)
                .WithTenantId(tenant)
                .Build();

            // In memory token cache
            app.UseInMemoryTokenCaches();

            // Or

            // In memory distributed token cache
            app.UseDistributedTokenCaches(services =>
            {
                // In net472, requires to reference Microsoft.Extensions.Caching.Memory
                services.AddDistributedMemoryCache();
            });

            // Or

            // SQL Server token cache
            app.UseDistributedTokenCaches(services =>
            {
                services.AddDistributedSqlServerCache(options =>
                {
                    // In net472, requires to reference Microsoft.Extensions.Caching.Memory

                    // Requires to reference Microsoft.Extensions.Caching.SqlServer
                    options.ConnectionString = @"Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=TestCache;Integrated Security=True;Connect Timeout=30;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False";
                    options.SchemaName = "dbo";
                    options.TableName = "TestCache";

                    // You don't want the SQL token cache to be purged before the access token has expired. Usually
                    // access tokens expire after 1 hour (but this can be changed by token lifetime policies), whereas
                    // the default sliding expiration for the distributed SQL database is 20 mins. 
                    // Use a value which is above 60 mins (or the lifetime of a token in case of longer lived tokens)
                    options.DefaultSlidingExpiration = TimeSpan.FromMinutes(90);
                });
            });

            // Or 

            // Redis token cache
            app.UseDistributedTokenCaches(services =>
            {
                // Requires to reference Microsoft.Extensions.Caching.StackExchangeRedis
                services.AddStackExchangeRedisCache(options =>
                {
                    options.Configuration = "localhost";
                    options.InstanceName = "Redis";
                });
            });

            // Or

            // Cosmos DB token cache
            app.UseDistributedTokenCaches(services =>
            {
                // Requires to reference Microsoft.Extensions.Caching.Cosmos (preview)
                services.AddCosmosCache((CosmosCacheOptions cacheOptions) =>
                {
                    cacheOptions.ContainerName = Configuration["CosmosCacheContainer"];
                    cacheOptions.DatabaseName = Configuration["CosmosCacheDatabase"];
                    cacheOptions.ClientBuilder = new CosmosClientBuilder(Configuration["CosmosConnectionString"]);
                    cacheOptions.CreateIfNotExists = true;
                });
            });

Describe alternatives you've considered
Add these to MSAL.NET directly, but this would draw un-desired dependencies as MSAL.NET needs to say small for some scenarios.

[jennyf19]

Azure-Samples/active-directory-dotnet-v1-to-v2#38

[jennyf19]

Included in 1.14 release