Token Cache - AzureAD/microsoft-authentication-library-for-java GitHub Wiki

In MSAL4J, an in-memory token cache is provided by default. The in-memory token cache lasts for the duration of the application.

Checking what accounts are in the cache

You can check what accounts are in the cache by calling PublicClientApplication.getAccounts()

PublicClientApplication pca = new PublicClientApplication.Builder(
                labResponse.getAppId()).
                authority(TestConstants.ORGANIZATIONS_AUTHORITY).
                build();

Set<IAccount> accounts = pca.getAccounts().join();

Removing accounts from the cache

For removing accounts from the cache, first find the account that needs to be removed, and then call PublicClientApplicatoin.removeAccount()

Set<IAccount> accounts = pca.getAccounts().join();

IAccount accountToBeRemoved = accounts.stream().filter(
                x -> x.username().equalsIgnoreCase(
                        UPN_OF_USER_TO_BE_REMOVED)).findFirst().orElse(null);

pca.removeAccount(accountToBeRemoved).join();

Custom token cache serialization in MSAL4J

To have a persistent token cache application, you will need to customize the serialization. The classes and interfaces involved in token cache serialization are the following:

  • ITokenCache: Interface representing security token cache.
  • ITokenCacheAccessAspect: Interface representing operation of executing code before and after access. You would @Override beforeCacheAccess and afterCacheAccess with the logic responsible for serializing and deserializing the cache.
  • ITokenCacheContext: Interface representing context in which the token cache is accessed.

Below is a naive implementation of custom serialization of token cache serialization/deserialization. This should not be copied and pasted into a production environment.

    static class TokenPersistence implements ITokenCacheAccessAspect{
        String data;

        TokenPersistence(String data){
            this.data = data;
        }

        @Override
        public void beforeCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext){
            iTokenCacheAccessContext.tokenCache().deserialize(data);
        }

        @Override
        public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) {
            data = iTokenCacheAccessContext.tokenCache().serialize();
        }
    }
// Loads cache from file
String dataToInitCache = readResource(this.getClass(), "/cache_data/serialized_cache.json");

ITokenCacheAccessAspect persistenceAspect = new TokenPersistence(dataToInitCache);

// By setting *TokenPersistence* on the PublicClientApplication, MSAL will call *beforeCacheAccess()* before accessing the cache and *afterCacheAccess()* after accessing the cache. 
PublicClientApplication app = 
PublicClientApplication.builder("my_client_id").setTokenCacheAccessAspect(persistenceAspect).build();
⚠️ **GitHub.com Fallback** ⚠️