Skip to content

AcquireTokenSilentAsync using a cached token

Jean-Marc Prieur edited this page Aug 27, 2018 · 23 revisions

Token are cached

Once MSAL.NET has acquired a user token for a Web API, it caches it. Next time the application wants a token, it should first call AcquireTokenSilentAsync to verify if an acceptable token is in the cache, and if not, call AcquireTokenAsync.

AcquireTokenAsync don't get token from the cache

Contrary to what happens in ADAL.NET, the design of MSAL.NET is such that AcquireTokenAsync never looks at the cache. This is your responsibility as an application developer to call AcquireTokenSilentAsync first.

Recommended call pattern in public client applications

The recommended call pattern is to first try to call AcquireTokenSilentAsync, and if it fails with a MsalUiRequiredException, call AcquireTokenAsync

Recommended call pattern in public client applications with Msal 2.x

AuthenticationResult result = null;
var accounts = await app.GetAccountsAsync();

try
{
 result = await app.AcquireTokenSilentAsync(scopes, accounts.FirstOrDefault());
}
catch (MsalUiRequiredException ex)
{
 // A MsalUiRequiredException happened on AcquireTokenSilentAsync. 
 // This indicates you need to call AcquireTokenAsync to acquire a token
 System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");

 try
 {
    result = await app.AcquireTokenAsync(scopes);
 }
 catch (MsalException msalex)
 {
    ResultText.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
 }
}
catch (Exception ex)
{
 ResultText.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
 return;
}

if (result != null)
{
 string accessToken = result.AccessToken;
 // Use the token
}

Recommended call pattern in public client applications with Msal 1.x

Previous versions of MSAL.NET were using IUser instead of IAccount. The code was the following:

AuthenticationResult result = null;
try
{
    result = await app.AcquireTokenSilentAsync(scopes, app.Users.FirstOrDefault());
}
catch (MsalUiRequiredException ex)
{
    // A MsalUiRequiredException happened on AcquireTokenSilentAsync. 
    // This indicates you need to call AcquireTokenAsync to acquire a token
    System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");

    try
    {
        result = await app.AcquireTokenAsync(scopes);
    }
    catch (MsalException msalex)
    {
        ResultText.Text = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
    }
}
catch (Exception ex)
{
    ResultText.Text = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
    return;
}

if (result != null)
{
    string accessToken = result.AccessToken;
    // Use the token
}

For the code in context, please see the active-directory-dotnet-desktop-msgraph-v2 sample

Recommended call pattern in Web Apps using the Authorization Code flow to authenticate the user

For Web applications which use OpenID Connect Authorization Code flow, the recommended pattern in the Controllers is to:

  • instantiate a ConfidentialClientApplication with a token cache for which you would have customized the serialization See token cache serialization for Web apps
  • Call AcquireTokenSilentAsync
  • if this fails with a MsalUiRequiredException, request more scopes.

This is illustrated in the active-directory-dotnet-webapp-openidconnect-v2 sample in HomeController, line 116-145

Getting started with MSAL.NET

Acquiring tokens

Desktop/Mobile apps

Web Apps / Web APIs / daemon apps

Advanced topics

News

FAQ

Other resources

Clone this wiki locally