[v5] Changes to Configuration - CacheOptions (Config #2) #7697
+67
−431
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
documentation
jo-arroyo
commented
Apr 12, 2025
| @@ -171,10 +171,9 @@ export function redirectPreflightCheck( | |||
| ): void { | |||
| preflightCheck(initialized); | |||
| blockRedirectInIframe(config.system.allowRedirectInIframe); | |||
| // Block redirects if memory storage is enabled but storeAuthStateInCookie is not | |||
There was a problem hiding this comment.
Do we still want to block redirects with memory storage here?
There was a problem hiding this comment.
Yes. On redirect, in memory cache is reset and the authentication will forever loop since there is no cache state indicating a previous redirect request is in progress on reload. This check prevents users ever attempting redirect since we cannot support it.
jo-arroyo
changed the title
jo-arroyo
requested review from
sameerag,
tnorling,
hectormmg,
peterzenz,
Robbie-Microsoft,
konstantin-msft,
lalimasharda and
shylasummers
as code owners
shylasummers
approved these changes
Apr 15, 2025
hectormmg
approved these changes
Apr 16, 2025
sameerag
reviewed
Apr 17, 2025
| @@ -71,6 +71,9 @@ To faciliate efficient token acquisition while maintaining a good UX, MSAL cache | |||
| > :bulb: The authorization code is only stored in memory and will be discarded after redeeming it for tokens. | |||
|
|
|||
| ## Warning :warning: | |||
|
|
|||
| **NOTE: `temporaryCacheLocation` is deprecated as of MSAL v5 and will be removed in a future release.** | |||
|
|
|||
| Overriding `temporaryCacheLocation` should be done with caution. Specifically when choosing `localStorage`. Interaction in more than one tab/window will not be supported and you may receive `interaction_in_progress` errors unexpectedly. This is an escape hatch, not a fully supported feature. | |||
There was a problem hiding this comment.
We are keeping the docs? I assumed if it is removed, wouldn't it be just removal notice in migration guidance since this branch is V5?
sameerag
reviewed
Apr 17, 2025
| | `storeAuthStateInCookie` | If true, stores cache items in cookies as well as browser cache. Should be set to true for use cases using IE. | boolean | `false` | | ||
| | `secureCookies` | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS. | boolean | `false` | | ||
| | `cacheMigrationEnabled` | If true, cache entries from older versions of MSAL will be updated to conform to the latest cache schema on startup. If your application has not been recently updated to a new version of MSAL.js you can safely turn this off. In the event old cache entries are not migrated it may result in a cache miss when attempting to retrieve accounts or tokens and affected users may need to re-authenticate to get up to date. | boolean | `true` when using `localStorage`, `false` otherwise | | ||
| | `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. | boolean | `false` | |
There was a problem hiding this comment.
Let us ensure we test this, that we never cache claims. I want to make sure we have Loop who had this bug before, and Teams who I think are setting this to false are not broken with v5.
sameerag
reviewed
Apr 17, 2025
| @@ -95,11 +93,8 @@ const msalInstance = new PublicClientApplication(msalConfig); | |||
| | Option | Description | Format | Default Value | | |||
| | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | |||
| | `cacheLocation` | Location of token cache in browser. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | | |||
| | `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | | |||
| | `storeAuthStateInCookie` | If true, stores cache items in cookies as well as browser cache. Should be set to true for use cases using IE. | boolean | `false` | | |||
| | `secureCookies` | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS. | boolean | `false` | | |||
There was a problem hiding this comment.
Off the topic, but related. Can we make sure the one cookie we set for KMSI is the only one we manage and add it to the docs under cookies MSAL JS manages.. etc. Also link to the migration guide on the discontinuation of existing cookies.
sameerag
approved these changes
Apr 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the CacheOptions for MSAL Browser v5, including:
temporaryCacheLocationandclaimsBasedCachingEnabledstoreAuthStateInCookie,secureCookies, andcacheMigrationEnabled