Will MSAL be able to maintain a token cache and refreshes tokens for you when they are close to expire in case of Custom REST API secured by Azure AD

Question

Based on the documentation details for MSAL (Azure AD) mentioned at : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/MSAL.NET-supports-multiple-application-architectures-and-multiple-platforms#msalnet-is-about-acquiring-tokens-not-protecting-an-api

I am working on POC : ASP.NET Web App accessing Custom REST API protected by Azure AD.

The link mentioned above says that MSAL.NET (Microsoft Authentication Library for .NET) enables developers of .NET applications to acquire tokens in order to call secured Web APIs. These Web APIs can be the Microsoft Graph, other Microsoft APIS, 3rd party Web APIs, or your own Web API.

Based on the above definition is it good to assume that MSAL will be helping in maintaining a token cache and refreshes tokens for you when they are close to expire in case of the Custom REST APIs also.

Can anyone help me here by providing their guidance on it further.

juunas juunas · Accepted Answer · 2020-11-16T07:25:40

MSAL and Azure AD don't give special treatment to MS Graph API tokens (except the ability to use a short name for scopes). It can refresh any of the tokens as long as the way to refresh is still valid. In the case of implicit grant (used by MSAL.js 1.x), the user must have an active AAD session in the browser. In most other cases you use a refresh token to get a new token; as long as the refresh token is still valid, you can get a new token even after the access token has expired.

Will MSAL be able to maintain a token cache and refreshes tokens for you when they are close to expire in case of Custom REST API secured by Azure AD

1 Answers