diff --git a/src/client/Microsoft.Identity.Client/Cache/CacheSessionManager.cs b/src/client/Microsoft.Identity.Client/Cache/CacheSessionManager.cs index d1ee545d32..4907d7aca4 100644 --- a/src/client/Microsoft.Identity.Client/Cache/CacheSessionManager.cs +++ b/src/client/Microsoft.Identity.Client/Cache/CacheSessionManager.cs @@ -109,7 +109,7 @@ private async Task RefreshCacheForReadOperationsAsync(CacheEvent.TokenTypes cach _requestParams.Account, hasStateChanged: false, TokenCacheInternal.IsApplicationCache, - _requestParams.Account?.HomeAccountId?.Identifier); + _requestParams.SuggestedCacheKey ?? _requestParams.Account?.HomeAccountId?.Identifier); try { diff --git a/src/client/Microsoft.Identity.Client/ClientApplicationBase.cs b/src/client/Microsoft.Identity.Client/ClientApplicationBase.cs index 226495f513..db43487446 100644 --- a/src/client/Microsoft.Identity.Client/ClientApplicationBase.cs +++ b/src/client/Microsoft.Identity.Client/ClientApplicationBase.cs @@ -76,13 +76,17 @@ internal ClientApplicationBase(ApplicationConfiguration config) /// public async Task> GetAccountsAsync() { - return await GetAccountsWithHomeAccountIdAsync(null).ConfigureAwait(false); + return await GetAccountsAndSetCacheKeyAsync(null).ConfigureAwait(false); } /// /// Returns all the available accounts in the user token cache for the application. + /// Also sets the cache key based on a given home account id, which is the account id of the home account for the user. + /// This uniquely identifies the user across AAD tenants. /// - public async Task> GetAccountsWithHomeAccountIdAsync(string homeAccountId) + /// The identifier is the home account id of the account being targetted in the cache./> + /// + private async Task> GetAccountsAndSetCacheKeyAsync(string homeAccountId) { RequestContext requestContext = CreateRequestContext(Guid.NewGuid()); IEnumerable localAccounts = Enumerable.Empty(); @@ -161,7 +165,7 @@ public async Task> GetAccountsAsync(string userFlow) /// public async Task GetAccountAsync(string accountId) { - var accounts = await GetAccountsWithHomeAccountIdAsync(accountId).ConfigureAwait(false); + var accounts = await GetAccountsAndSetCacheKeyAsync(accountId).ConfigureAwait(false); return accounts.FirstOrDefault(account => account.HomeAccountId.Identifier.Equals(accountId, StringComparison.OrdinalIgnoreCase)); } diff --git a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs index c38ecb58fe..8675d674a5 100644 --- a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs @@ -131,6 +131,7 @@ public async Task ConfidentialClientWithCertificateTestAsync() MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(1, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); // Call again to ensure token cache is hit authResult = await confidentialApp @@ -141,6 +142,7 @@ public async Task ConfidentialClientWithCertificateTestAsync() MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(2, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); } [TestMethod] @@ -166,6 +168,7 @@ public async Task ConfidentialClientWithRSACertificateTestAsync() MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(1, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); // Call again to ensure token cache is hit authResult = await confidentialApp @@ -176,6 +179,7 @@ public async Task ConfidentialClientWithRSACertificateTestAsync() MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(2, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); } [TestMethod] @@ -214,6 +218,7 @@ public async Task RunTestWithClientSecretAsync(string clientID, string authority MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(1, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); // Call again to ensure token cache is hit authResult = await confidentialApp.AcquireTokenForClient(s_keyvaultScope) @@ -223,6 +228,7 @@ public async Task RunTestWithClientSecretAsync(string clientID, string authority MsalAssert.AssertAuthResult(authResult); appCacheRecorder.AssertAccessCounts(2, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); } [TestMethod] @@ -299,6 +305,7 @@ public async Task ConfidentialClientWithSignedAssertionTestAsync() appCacheRecorder.AssertAccessCounts(1, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); ValidateClaimsInAssertion(claims, ((ConfidentialClientApplication)confidentialApp).ClientCredential.SignedAssertion); MsalAssert.AssertAuthResult(authResult); @@ -309,6 +316,7 @@ public async Task ConfidentialClientWithSignedAssertionTestAsync() appCacheRecorder.AssertAccessCounts(2, 1); Assert.IsTrue(appCacheRecorder.LastNotificationArgs.IsApplicationCache); + Assert.AreEqual("16dab2ba-145d-4b1b-8569-bf4b9aed4dc8_AppTokenCache", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); } private void ValidateClaimsInAssertion(IDictionary claims, string assertion) @@ -566,11 +574,14 @@ private async Task RunOnBehalfOfTestAsync(LabResponse labResponse) .WithTestLogging() .Build(); + var appCacheRecorder = confidentialApp.AppTokenCache.RecordAccess(); + authResult = await confidentialApp.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(authResult.AccessToken)) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, user); + //Assert.AreEqual("YKaBLu1qpbkeiYa3QRiHRD066w8xp31kaWKrDZdxCfo", appCacheRecorder.LastNotificationArgs.SuggestedCacheKey); } } }