Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUERY] Recommended lifetime to DefaultAzureCredential #31202

Closed
alefranz opened this issue Sep 16, 2022 · 4 comments
Closed

[QUERY] Recommended lifetime to DefaultAzureCredential #31202

alefranz opened this issue Sep 16, 2022 · 4 comments
Assignees
@schaabs
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-author-feedback Workflow: More information is needed from author to address the issue. no-recent-activity There has been no recent activity on this issue. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@alefranz
Copy link

Library name and version

Azure.Identity 1.6.1

Query/Question

What is the recommended lifecycle for the DefaultAzureCredential?

There is no need to keep more than one instance of a client for a given set of constructor parameters or client options
https://devblogs.microsoft.com/azure-sdk/lifetime-management-and-thread-safety-guarantees-of-azure-sdk-net-clients/

Does this recommendation also apply for DefaultAzureCredential?

For example, if we need to retrieve a token for a HTTP dependency, a common pattern is via a Delegating Handler

public class AuthorizationHandler : DelegatingHandler
{
  protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
  {
    var credentials = new DefaultAzureCredential();
    var tokenResult = await credentials.GetTokenAsync(new TokenRequestContext(new[] { "foo" }), cancellationToken);
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokenResult.Token);
    return await base.SendAsync(request, cancellationToken);
  }
}

Is the recommended approach to create a new instance of DefaultAzureCredential every time? or should it be a singleton? or one per type of client?

It would be great to document this, defining the different compromises e.g. token caching

Thank you!

Environment

No response
@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Sep 16, 2022
@azure-sdk azure-sdk added Azure.Identity Client This issue points to a problem in the data-plane of the library. needs-team-triage Workflow: This issue needs the team to triage. labels Sep 16, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Sep 16, 2022
@jsquire jsquire added needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team and removed needs-team-triage Workflow: This issue needs the team to triage. labels Sep 16, 2022
@jsquire
Copy link
Member

jsquire commented Sep 16, 2022

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@devlie
Copy link
Member

devlie commented Oct 10, 2022

I'm curious about this too, also will the answer change once built-in caching is introduced by #25361?

@christothes
Copy link
Member

As an implementation detail, when using DefaultAzureCredential without any options, the credential chain created and the selected credential is a static singleton. The only reason to intentionally use a different instance of the credential is if you intend to discover a different credential in the chain. So generally speaking, it's better to use a singleton credential.

The token caching implications are dependent on which credential you end up selecting in the chain, but I'd say that the impact is not significant to whether or not the credential is a singleton, unless you have some specific requirements around caching.

@christothes christothes added the needs-author-feedback Workflow: More information is needed from author to address the issue. label Oct 19, 2022
@ghost ghost removed the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Oct 19, 2022
@ghost ghost added the no-recent-activity There has been no recent activity on this issue. label Oct 27, 2022
@ghost
Copy link

ghost commented Oct 27, 2022

Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

@ghost ghost closed this as completed Nov 10, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Mar 24, 2023
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@schaabs schaabs

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-author-feedback Workflow: More information is needed from author to address the issue. no-recent-activity There has been no recent activity on this issue. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@alefranz @jsquire @christothes @schaabs @devlie @azure-sdk and others