From cff23eecc76b845eebc38518a3c7797e19904f67 Mon Sep 17 00:00:00 2001
From: Ray Luo <rayluo@microsoft.com>
Date: Thu, 8 Dec 2022 09:43:51 -0800
Subject: [PATCH] Fallback to expires_on when expires_in is absent

---
 msal/token_cache.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/msal/token_cache.py b/msal/token_cache.py
index dc26e843..0259522f 100644
--- a/msal/token_cache.py
+++ b/msal/token_cache.py
@@ -164,8 +164,11 @@ def __add(self, event, now=None):
             now = int(time.time() if now is None else now)
 
             if access_token:
+                default_expires_in = (  # https://www.rfc-editor.org/rfc/rfc6749#section-5.1
+                    int(response.get("expires_on")) - now  # Some Managed Identity emits this
+                    ) if response.get("expires_on") else 600
                 expires_in = int(  # AADv1-like endpoint returns a string
-			response.get("expires_in", 3599))
+                    response.get("expires_in", default_expires_in))
                 ext_expires_in = int(  # AADv1-like endpoint returns a string
 			response.get("ext_expires_in", expires_in))
                 at = {