Hi There, Im having alot of trouble trying to find some information on this subject so I am going through the motions of posting Everywhere in attempt to see If I can get it answered. Appreciate your patience.
I am trying to use on-behalf-of flow to aquire token AcquireTokenAsync, store it in token cache, and from there, refresh is it using AcquireTokenSilentAsync.
AcquireTokenAsync works fine. I can use the following authority endpoints to do so.
string authority = "https://login.microsoftonline.com/" + tenantId + "/oauth2/v2.0/token";
or
string authority = "https://login.microsoftonline.com/" + tenantId + "/oauth2/authorize";
These both work fine when using AcquireTokenAsync.
My AuthenticationResult looks like so
authenticationResult = await authenticationContext.AcquireTokenAsync(service, cac); service being graph endpoint, cac bring the loaded certificate.
But........
Here is what I have noticed. The aquiring of the token takes ALONG time, sometimes up to 10 seconds on my machine. This is insanly slow. So even though it does store the token in the cache, Im using RedisCache by the way, it does not seem to get it from there on subsequent results.
My assumption, or knowledge thus far is that one needs to use AcquireTokenSilentAsync to try and aquire a token, and if a non-expired token is in the cache, it will simply deliver this back to the caller, and negate the need to make another expensive request for another token from the azure ad identity server.
Am I right in this assumption/knowledge.
Here is what I am trying thus far. One I have aquired my token using AcquireTokenAsync and stored in the cache, I can successfully make calls against the microsoft graph api no problems.
So I have a token stored in cache which is good to go.
Then I fire up my console app again, using the following
UserIdentifier userIdentifier = new UserIdentifier(tenantId, UserIdentifierType.RequiredDisplayableId);
authenticationResult = await authenticationContext.AcquireTokenSilentAsync(service, cac, userIdentifier);
But it just doesnt work. Does the UserIdentifier even get used in this situation when using on-bahalf of flow? I havent found any good info on this?
Any help would be greatly appreciated. I will post this question on stack exchange, github and all other places, as I really REALLY want to know. Can one cache a on-behalf of token, store in cache and get it to deliver it back to the caller if its still valid and avoid the expensive re-aquire call to Azure AD? this would really speed things up
Cheers