In a ASP.NET Core 3.1 project, when settings up authentication using MSAL:
services
.AddMicrosoftIdentityWebAppAuthentication(configuration, "AzureAdB2C")
.EnableTokenAcquisitionToCallDownstreamApi(scopes)
.AddDistributedTokenCaches();
Together with Redis as distributed cache:
services.AddStackExchangeRedisCache(options =>
{
var connectionUrl = Configuration.GetValue<string>("Redis:ConnectionUrl");
options.Configuration = connectionUrl;
});
The access and refresh tokens are correctly written and retrieved to/from Redis. But when checking the TTL of the key with the Redis TLL command it returns -1.
I noticed that the session data in Redis does get the TTL set based on the configured session idle timeout:
services.AddSession(options =>
{
options.IdleTimeout = TimeSpan.FromHours(int.Parse(sessionSection["IdleTimeout"]));
});
These findings leave me with 3 questions:
- Wouldn't it be better to configure a TTL for these keys? Storing these tokens forever seems redundant as they will expire anyway at some point.
- Is there any way to configuring or add TLL to these keys which are managed by the MSAL library?
- Is using the LRU cache functionality of Redis a viable/better solution for this?
