Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement public client application global cache #770

Merged
merged 6 commits into from
Oct 23, 2020

Conversation

cheenamalhotra
Copy link
Member

Fixes an issue where driver continues to prompt for credentials when requesting access token for AAD authentication, mainly visible when using Interactive authentication.

@karinazhou
Copy link
Member

Though the testing for this requires human interaction, can we have some comments or sample code somewhere about how to validate it manually?

@DavoudEshtehari
Copy link
Contributor

Assume that there are two active tokens with different access to two databases; The first token with index 0 in the accounts has access to database_1 and the second token has access to database_2.
In the next connection with the initial catalog = database_2 always we return the first token if we don't specify the user.
Maybe we need more data to pick the correct token.

@David-Engel
Copy link
Contributor

David-Engel commented Oct 23, 2020

Assume that there are two active tokens with different access to two databases; The first token with index 0 in the accounts has access to database_1 and the second token has access to database_2.
In the next connection with the initial catalog = database_2 always we return the first token if we don't specify the user.
Maybe we need more data to pick the correct token.

The scope of the token is database.windows.net, not the specific database. So using the same token for two databases will be fine. The token identifies the user to the database and database ACL settings determine whether that user is authorized to access the database. There really should never be two tokens in the situation you described. The first token would have been provided when the second was requested from MSAL.

@DavoudEshtehari

This comment has been minimized.

@cheenamalhotra cheenamalhotra merged commit d65173b into dotnet:master Oct 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants