Skip to content

Use MemoryCache instead of static cache in MSAL #3543

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Use MemoryCache instead of static cache in MSAL #3543

wants to merge 1 commit into from

Conversation

@bgavrilMS
Copy link
Member

@bgavrilMS bgavrilMS commented Oct 10, 2025
edited
Loading

See #3237

@bgavrilMS bgavrilMS requested a review from a team as a code owner October 10, 2025 00:25
@bgavrilMS bgavrilMS linked an issue Oct 10, 2025 that may be closed by this pull request
[Feature Request- Breaking change] Use an actual MemoryCache with eviction when instructed #3237
Open
@jmprieur
Copy link
Collaborator

jmprieur commented Oct 10, 2025

@jennyf19, @GeoK, @pmaytak
We need to discuss the impact on MISE of this PR: the cache would no longer be static when customer decide InMemoryCache, but it would grow and would require eviction policies.

@jmprieur
Copy link
Collaborator

jmprieur commented Oct 10, 2025

Potential Issues for Adopting Services

  1. Cache Behavior Change
    Before: MsalMemoryTokenCacheProvider used MSAL's static shared cache (CacheOptions.EnableSharedCacheOptions)
    After: Uses MemoryCache (ASP.NET Core's IMemoryCache) for token storage
    Impact: Services using in-memory caching may experience different cache isolation characteristics. The static cache was shared across all app instances in the same process, while IMemoryCache provides better scoped isolation.

  2. Memory Management
    Concern: IMemoryCache has different eviction policies compared to MSAL's static cache
    Potential Issue: In high-load scenarios, tokens might be evicted from cache more aggressively, leading to more token acquisitions from the identity provider
    Recommendation: Services should monitor token acquisition patterns and potentially configure MemoryCacheOptions appropriately

  3. Multi-Tenant Scenarios
    Before: The shared static cache could cause issues with cache key collisions across tenants
    After: Better isolation, but services need to ensure their cache configuration supports their multi-tenancy model
    Impact: This is likely a positive change for multi-tenant apps, but services should verify tenant isolation works as expected

  4. Performance
    the In memory cache would be 10x slower than the static cache. @bgavrilMS : do you confirm

@keegan-caruso
Copy link
Contributor

keegan-caruso commented Oct 10, 2025

Agree with @jmprieur, it is a large behavioral change, can this be an opt-in behavior?

@jennyf19
Copy link
Collaborator

jennyf19 commented Oct 10, 2025

We need to discuss the impact on MISE of this PR: the cache would no longer be static when customer decide InMemoryCache, but it would grow and would require eviction policies.

Without eviction policies, we're just trading "static dictionary with predictable growth" for "MemoryCache with unpredictable growth...not an improvement, just a different problem

@bgavrilMS
Copy link
Member Author

bgavrilMS commented Oct 10, 2025
edited
Loading

MSAL static cache

Pros: fast
Cons: no eviction policies and no way to set them

MemoryCache

Pros: app developer can set eviction policies
Cons: slower

If we do opt-in, how would that setting look like?

@jmprieur
Copy link
Collaborator

jmprieur commented Oct 10, 2025

@bgavrilMS : the recommendation from the MISE team is to add a new boolean in the MicrosoftIdentityApplicationOptions or one of its base classes to specify if to use the static cache or not. An opt-in to use an evictable but slower in-memory cache, making this PR no longer a breaking change.

@pmaytak
Copy link
Contributor

pmaytak commented Oct 11, 2025

+1 to making this an opt-in change via options. In my experience, different users value different things (cache size vs speed). Setting and changing the default will make someone unhappy. Another point is that when we make big changes like this, even in major versions, it reduces the SDK maintainability a bit. For example, when users have issues, it'll add time to figure out which SDK version has which cache and such. So maybe for now if we keep static cache as default but make it clear on how to change it if size becomes an issue.

@jmprieur
Copy link
Collaborator

jmprieur commented Oct 11, 2025 via email

@bgavrilMS bgavrilMS marked this pull request as draft October 13, 2025 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs attention

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature Request- Breaking change] Use an actual MemoryCache with eviction when instructed

6 participants

@bgavrilMS @jmprieur @keegan-caruso @jennyf19 @pmaytak