Azure Java SDK - Azure Authenticated Object - Expiry & Handling

Question

I am trying to list the storage accounts of a given subscription and with that I am trying to pull all the blob end points of the subscription.

The way it is done is as follows.

a. create a cache with subscriptionId vs Azure.Authenticated object. This is basically for reuse, for the subsequent sdk api calls in the business process

b. if the subscriptionid is not present in the above cache, then create Azure.Authenticated object as follows, and put it in the cache

ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(
    subscription.getClientId(),
    subscription.getTenantId(),
    subscription.getKey(),
    subscription.getEnvironmentType().getEnvironment());

Azure.Authenticated = Azure.configure()
    .withLogLevel(LogLevel.NONE)
    .authenticate(credentials);

c. Get the Azure object, using the subscription id

azure = authenticatedClient.withSubscription(subscription.getSubscriptionId());

d. Use the storageAccounts list API to paginate and list all the storage accounts of a given subscription.

try {
              PagedList<StorageAccount> strgAccList = azure.storageAccounts().list();
          boolean hasNextPage = null != strgAccList.currentPage();
          int pageCount = 0;
          if (hasNextPage) {
            while (hasNextPage) {
              ++pageCount;
              Page<StorageAccount> resourcePage = strgAccList.currentPage();
              Iterator<StorageAccount> it = resourcePage.items().iterator();
              while (it.hasNext()) {
                StorageAccount storageAccount = it.next();
                storageAccounts.put(storageAccount.name(), storageAccount);
              }
              hasNextPage = strgAccList.hasNextPage();
              if (hasNextPage) {
                strgAccList.loadNextPage();
              }
            }
          }
        } catch (Exception e) {
          //log exception here
        }

Since this azure object is cached, it is possible that this object(I assume there is a token wrapped inside it) might expire in this iteration or and will eventually result in exception scenario. My question is

a. what is the TTL of this object?

b. should I create a new azure object, incase if of TTL expires?

c. Or will the sdk api will take care of renewing the token with new one?

Documentation doesn't help(I don't see it either), and I searched in the azure java sdk github project. The samples in there was also not of any help. Please enlighten me with all the wisdom. Thanks!

Answer 1

a )what is the TTL of this object?

Answer: Since you are assuming to wrapping token in the object so TTL of this object is dependent on the time of expiry of Access token. Default value of expiry time is 86,400 seconds (24 hours) Reference: https://auth0.com/docs/security/tokens/access-tokens/update-access-token-lifetime

b) should I create a new azure object, in case if of TTL expires?

Answer: No need to create a new object once the TTL expire you can refresh and generate new token and can assign that token into same object.

C) Or will the sdk api will take care of renewing the token with new one?

Answer: Yes, the SDK API will be renewing the token with the new one when needed. tokens are artifacts that allow application systems to perform the authorization and authentication process.

Answer 2

As per documentation, the sdk client library takes care of refershing the token as and when needed. Thanks to Venkatesh, a friend of mine, for leading me to this page.

https://learn.microsoft.com/en-us/java/api/com.azure.core.credential.tokencredential?view=azure-java-stable