Skip to content

Split CacheRefreshReason.ForceRefreshOrClaims into ForceRefresh and WithClaims #5188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

Split CacheRefreshReason.ForceRefreshOrClaims into ForceRefresh and WithClaims #5188

wants to merge 3 commits into from

Conversation

gladjohn
Copy link
Contributor

Fixes #5186

Changes proposed in this request
This pull request includes several changes to the CacheRefreshReason enum and updates to the related logic and tests across multiple files. The changes focus on refining the reasons for cache refresh and improving the logging and handling of these reasons.

Enum and Logic Updates:

Public API Updates:

Test Updates:

These changes collectively enhance the granularity and clarity of cache refresh reasons, improving both logging and functionality.

Testing
unit testing

Performance impact
none

Documentation

  • All relevant documentation is updated. Need to check documentation,

@gladjohn gladjohn requested a review from a team as a code owner March 13, 2025 16:25
@gladjohn gladjohn requested a review from Copilot March 13, 2025 16:25
Copilot
Copilot AI reviewed Mar 13, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request refines how cache refresh reasons are handled by splitting the previous combined value into distinct reasons for force refresh and claims requests. The changes impact the CacheRefreshReason enum, update the related request logic in multiple token acquisition flows, and adjust associated tests and telemetry recording accordingly.

Reviewed Changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/Microsoft.Identity.Test.Unit/TelemetryTests/HttpTelemetryTests.cs Updated telemetry assertions replacing ForceRefreshOrClaims with ForceRefresh
tests/Microsoft.Identity.Test.Unit/RequestsTests/LongRunningOnBehalfOfTests.cs Adjusted OBO assertions and added new test for claims handling
src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs Replaced combined cache refresh reason with distinct handling for ForceRefresh and WithClaims
src/client/Microsoft.Identity.Client/Internal/Requests/ClientCredentialRequest.cs Similar update to adjust cache refresh reason logic
tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/HttpTelemetryRecorder.cs Upgraded parsing logic for the new cache refresh reason values
src/client/Microsoft.Identity.Client/Cache/CacheRefreshReason.cs Updated the enum definitions to remove ForceRefreshOrClaims and add WithClaims and TokenRejected
src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs Updated cache refresh reason assignment in the silent token acquisition flow
src/client/Microsoft.Identity.Client/Internal/Requests/OnBehalfOfRequest.cs Revised logic and logging to distinguish between ForceRefresh and WithClaims
Comments suppressed due to low confidence (1)

src/client/Microsoft.Identity.Client/Internal/Requests/ManagedIdentityAuthRequest.cs:39

  • [nitpick] When both ForceRefresh and Claims are set, this logic will assign CacheRefreshReason.ForceRefresh. Consider clarifying or documenting the prioritization of these flags to ensure the intended behavior is explicit.
AuthenticationRequestParameters.RequestContext.ApiEvent.CacheInfo = _managedIdentityParameters.ForceRefresh ? CacheRefreshReason.ForceRefresh : CacheRefreshReason.WithClaims;

@neha-bhargava
Copy link
Contributor

The changes looks good to me. This change will result in change in all the queries that we have that looks at the cache refresh reason. Both the server side and client side. @bgavrilMS do you know if anyone else consumes this data? If they do then this might be breaking change for them. But we should update all the queries in the dashboards and the oneNote once this change goes in.

rayluo
rayluo reviewed Mar 13, 2025
View reviewed changes
src/client/Microsoft.Identity.Client/Cache/CacheRefreshReason.cs
/// </summary>
ForceRefreshOrClaims = 1,
Copy link
Contributor

@rayluo rayluo Mar 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question
Is removing this value a breaking change? If so, we may keep both ForceRefreshOrClaims = 1 and ForceRefresh = 1 (Csharp allows that), and use <summary>...</summary> to describe that ForceRefreshOrClaims remains only for backward compatibility purposes.

This way, it may also address @neha-bhargava 's call-out of compatibility concern.

Existing telemetry and dashboards will technically still work as-is; it is just that they won't see the new reasons until they are updated.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe leave value 1 as "not longer used" ? And use new values for everything else?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neha-bhargava ^^ can we do that ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated per Bogdan's suggestion

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not seem right, we cannot change all the values. This will break all the server side queries. If you are adding new values, they get assigned new numbers in the enum.

trwalke
trwalke approved these changes Mar 13, 2025
View reviewed changes
Copy link
Member

@trwalke trwalke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approve contingent on naming being updated.

gladjohn and others added 2 commits March 13, 2025 19:38
@gladjohn @trwalke @neha-bhargava
Apply suggestions from code review
d1b8a6e 
Co-authored-by: Travis Walker <travis.walker@microsoft.com>
Co-authored-by: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com>
@GladwinJohnson
pr comments
2ffe2d3
@gladjohn
Copy link
Contributor Author

Approve contingent on naming being updated.

made it TokenRejectedByResource @trwalke @bgavrilMS @rayluo

@bgavrilMS
Copy link
Member

The changes looks good to me. This change will result in change in all the queries that we have that looks at the cache refresh reason. Both the server side and client side. @bgavrilMS do you know if anyone else consumes this data? If they do then this might be breaking change for them. But we should update all the queries in the dashboards and the oneNote once this change goes in.

I do not. Let's postpone this change and discuss it separately?

bgavrilMS
bgavrilMS requested changes Mar 14, 2025
View reviewed changes
Copy link
Member

@bgavrilMS bgavrilMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need consensus on telemetry.

@gladjohn gladjohn self-assigned this Mar 14, 2025
rayluo
rayluo reviewed Mar 14, 2025
View reviewed changes
src/client/Microsoft.Identity.Client/Cache/CacheRefreshReason.cs
/// <summary>
/// Indicates that the resource (e.g., Microsoft Graph) has rejected the provided token.
/// </summary>
TokenRejectedByResource = 7
Copy link
Contributor

@rayluo rayluo Mar 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rayluo can you please confirm the final name to be used?

suggestion (non-blocking)
From logical standpoint, I would still prefer to use TokenRejectedByCaller, because that is really it: the MSAL caller calls the WithAccessTokenSha256ToRefresh(...) for some reason; we hope it was caused by resource rejecting it, but we won't know for sure. (One real-world example is that another team at one point attempted proactively refreshing token more aggressively; even though we subsequently persuaded them not to, we can't rule out someone else would do it via WithAccessTokenSha256ToRefresh() in the future for other (possibly legit) reason.)

P.S.: Now that the ForceRefreshOrClaims split is on-hold, but perhaps we can at least add a TokenRejectedByCaller = 7 // Or 6, to unblock the WithAccessTokenSha256ToRefresh() PR.

@gladjohn
Copy link
Contributor Author

The changes looks good to me. This change will result in change in all the queries that we have that looks at the cache refresh reason. Both the server side and client side. @bgavrilMS do you know if anyone else consumes this data? If they do then this might be breaking change for them. But we should update all the queries in the dashboards and the oneNote once this change goes in.

I do not. Let's postpone this change and discuss it separately?

let me come up with a mini spec for this and we can discuss different options of doing this.

FYI @neha-bhargava @bgavrilMS @rayluo

rayluo
rayluo reviewed Mar 14, 2025
View reviewed changes
src/client/Microsoft.Identity.Client/Cache/CacheRefreshReason.cs
/// When the token request goes to the identity provider because no cached access token exists
/// </summary>
NoCachedAccessToken = 2,
NoCachedAccessToken = 3,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neha-bhargava is correct that this change does not look right. The original topic of that conversation was to keep an alias on the SDK implementation WITHOUT altering any old values. We shall never alter old values.

Please take this into consideration in the upcoming mini specs.

@gladjohn
Copy link
Contributor Author

Closing this as we plan to revisit the design.

@gladjohn gladjohn closed this Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rayluo rayluo rayluo left review comments

@neha-bhargava neha-bhargava neha-bhargava left review comments

Copilot code review Copilot Copilot left review comments

@bgavrilMS bgavrilMS bgavrilMS requested changes

@trwalke trwalke trwalke approved these changes

Assignees

@gladjohn gladjohn

Labels
do not merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Split CacheRefreshReason.ForceRefreshOrClaims
6 participants
@gladjohn @neha-bhargava @bgavrilMS @rayluo @trwalke @GladwinJohnson