From ac52dce0b2607880d6e4a27dd6dbfce0fa7b2f57 Mon Sep 17 00:00:00 2001 From: Jorge Daboub Date: Fri, 26 Apr 2024 16:03:21 -0700 Subject: [PATCH 1/2] Add KID check when getting a token from cache --- msal/application.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/msal/application.py b/msal/application.py index f6486f88..51ce0cc4 100644 --- a/msal/application.py +++ b/msal/application.py @@ -1386,6 +1386,9 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it( if expires_in < 5*60: # Then consider it expired refresh_reason = msal.telemetry.AT_EXPIRED continue # Removal is not necessary, it will be overwritten + if key_id and entry.get("key_id") != key_id: + refresh_reason = msal.telemetry.AT_EXPIRED + continue # If the Key_Id is not matching, then it is not the token we are looking for logger.debug("Cache hit an AT") access_token_from_cache = { # Mimic a real response "access_token": entry["secret"], From d9722f12b98c58c36fac14dd4b122072378c68b7 Mon Sep 17 00:00:00 2001 From: Jorge Daboub Date: Tue, 30 Apr 2024 12:39:26 -0700 Subject: [PATCH 2/2] update telemetry value --- msal/application.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal/application.py b/msal/application.py index 51ce0cc4..7a46fe56 100644 --- a/msal/application.py +++ b/msal/application.py @@ -1387,7 +1387,7 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it( refresh_reason = msal.telemetry.AT_EXPIRED continue # Removal is not necessary, it will be overwritten if key_id and entry.get("key_id") != key_id: - refresh_reason = msal.telemetry.AT_EXPIRED + refresh_reason = msal.telemetry.AT_ABSENT continue # If the Key_Id is not matching, then it is not the token we are looking for logger.debug("Cache hit an AT") access_token_from_cache = { # Mimic a real response