CODEWITHSUNDEEP
javaoauthoutlookmicrosoft-graph-apimicrosoft-identity-platform
user5155835
user5155835

Reputation: 4742

Microsoft Graph Identity avoid account selection again

I'm using msal4j library for identity and token management in Java Spring Boot application to access Microsoft Graph APIs.

I'm following the sample code here.

In the code, the TokenCache object which consists of accessTokens, refreshTokens, idTokens is stored in the http session.

SessionManagementHelper.storeTokenCacheInSession(httpServletRequest, app.tokenCache().serialize());

static void storeTokenCacheInSession(HttpServletRequest httpServletRequest, String tokenCache){
    httpServletRequest.getSession().setAttribute('token_cache', tokenCache);
}

Now, if my spring boot application crashes etc., the tokens will be lost. And I will have to go through the account selection process again, which I want to avoid since the user had already chosen the account and given the consent.

How do I avoid going through the account selection process again if my application restarts? Do I need to store the tokencache in Database?

My authorization URL looks like: 

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
response_type=code&
redirect_uri=https%3A%2F%2Flocalhost%3A8443%2Fmsal4jsample%2Fsecure%2Faad&
client_id=ca146462-8880-424c-b629-cc7c0d0fb1b3&
scope=openid+offline_access+profile+https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&
prompt=select_account&
state=69a2ac0f-abac-46ad-b525-88f0b70182b7&
nonce=9278f424-6858-4e22-bb13-7b13894abda7

Upvotes: 0

Views: 111

Answers (1)

Raghavendra beldona
Raghavendra beldona

Reputation: 2102

I hope app crash scenario you taking about is before its been hosted. When the application is crashed, the connectivity between the brower and the application gets disconnected. When the application is restarted again a new connection is established and need to go through the account selection process again.

Regarding the Token Cache storage, customers have reported good results when using redis and other distributed cache stores as stated in this document

For security and performance reasons, our recommendation is to serialize one cache per user. Serialization events compute a cache key based on the identity of the processed user and serialize/deserialize a token cache for that user.

Here are a few documentations that you can refer on token caching. All the docs discuss about storing (cache) the token on server side and those documents also has links to GitHub samples for coding reference.

Additional documentations for reference.

Upvotes: 1

Related Questions