Disable the token cache for FederationToken login flow if Az.Accounts…

… is set to in memory token cache option Workaround #22628
Azure · Mar 20, 2024 · 652fad1 · 652fad1
1 parent c2a615c
commit 652fad1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Disable the token cache for FederationToken login flow if Az.Accounts is set to in memory token cache option as a workaround for #22628.
 * Added `AsSecureString` to `Get-AzAccessToken` to convert the returned token to SecureString [#24190].
 * Upgraded Azure.Core to 1.37.0.
 

diff --git a/src/Accounts/Authenticators/ClientAssertionAuthenticator.cs b/src/Accounts/Authenticators/ClientAssertionAuthenticator.cs
@@ -43,8 +43,12 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             var options = new ClientAssertionCredentialOptions()
             {
                 AuthorityHost = new Uri(authority),
-                TokenCachePersistenceOptions = spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions()
             };
+            if (!(spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions() is InMemoryTokenCacheOptions))
+            {
+                options.TokenCachePersistenceOptions = spParameters.TokenCacheProvider.GetTokenCachePersistenceOptions();
+            }
+
             options.Diagnostics.IsTelemetryEnabled = false; // disable telemetry to avoid error thrown from Azure.Core that AssemblyInformationalVersion is null
             TokenCredential tokenCredential = new ClientAssertionCredential(tenantId, spParameters.ClientId, () => GetClientAssertion(spParameters), options);
             string parametersLog = $"- ClientId:'{spParameters.ClientId}', TenantId:'{tenantId}', ClientAssertion:'***' Scopes:'{string.Join(",", scopes)}'";