Skip to content

Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider #3381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 11, 2025
Merged

Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider #3381

merged 7 commits into from
Jun 11, 2025

Conversation

trwalke
Copy link
Member

@trwalke trwalke commented Jun 4, 2025
edited
Loading

  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Description

Updates the DefaultAuthorizationHeaderProvider to update the AcquireTokenOptions.LongRunningWebApiSessionKey after the token is acquired so that the key can be used in the next OBO call.

Fixes #3382

@trwalke trwalke marked this pull request as ready for review June 4, 2025 00:50
@trwalke trwalke requested a review from a team as a code owner June 4, 2025 00:50
jmprieur
jmprieur reviewed Jun 11, 2025
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be better to use the new interface that Keegan created:

https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/blob/main/src/Microsoft.Identity.Abstractions/DownstreamApi/IAuthorizationHeaderProvider_T.cs

this way we could return something?

@trwalke
Copy link
Member Author

trwalke commented Jun 11, 2025
edited
Loading

Wouldn't it be better to use the new interface that Keegan created:

https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/blob/main/src/Microsoft.Identity.Abstractions/DownstreamApi/IAuthorizationHeaderProvider_T.cs

this way we could return something?

I'm am not sure it is the best way to do it. The returning of the cache key also happens when using the ITokenAcquisition so I wouldn't want to limit the solution to only IAuthorizationHeaderProvider_T.

See https://github.com/AzureAD/microsoft-identity-web/wiki/get-token-in-event-handler#principle

Lets fix this for the customer since it is the currently released behavior and change the design in a follow up PR. I can create a work item.

@trwalke trwalke merged commit c9744b7 into master Jun 11, 2025
5 checks passed
@trwalke trwalke deleted the trwalke/OboKeyFix branch June 11, 2025 22:45
This was referenced Jul 23, 2025
Closed
Closed
Closed
Closed
Closed
This was referenced Aug 19, 2025
Closed
Closed
Closed
Open
Closed
Closed
Closed
Closed
Closed
Open
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Open
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmprieur jmprieur jmprieur left review comments

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@jennyf19 jennyf19 jennyf19 approved these changes

@keegan-caruso keegan-caruso keegan-caruso approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Microsoft.IdentityWeb - Impossible to keep LR OBO session with auto generated key
5 participants
@trwalke @bgavrilMS @jmprieur @jennyf19 @keegan-caruso