-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request] Add new api RequestRefreshAsync(). #3040
Comments
related - #3025 |
|
RequestRefresh was originally implemented as sync method where the method simply reset the 'syncafter' variable so that the next GetConfigurationAsync would get new Configuration.
GetConfigurationAsync was originally blocking and guarded with a lock. The lock was removed, and configuration is obtained on a background task. This seemed reasonable as in the normal flow, new configuration is obtained periodically controlled by AutomaticRefreshInterval and is not the result of an error condition.
RequestRefresh is different, this is called when token validation fails for reasons that indicate a Configuration refresh could result in a token being successfully validated.
Last-Known-Good (LKG) logic uses a set of Configuration that successfully validated a token associated with a particular identity provider. This reduces the failure rate when an identity provider accidentally posts metadata that is invalid.
LKG logic first calls RequestRefresh (which previously reset 'syncafter'), then GetConfigurationAsync (which was blocking) to obtain new metadata before using historical Configuration.
see:
azure-activedirectory-identitymodel-extensions-for-dotnet/src/Microsoft.IdentityModel.JsonWebTokens/JsonWebTokenHandler.ValidateToken.cs
Line 514 in ae57a3c
RequestRefreshAsync would result in the same logic as the above two calls and provide a deterministic way to obtain new metadata.
The text was updated successfully, but these errors were encountered: