java - How to manage retrieval of ADAL auth token in a mulithreaded application -


i have high volume multi threaded java based application needs call rest based endpoints running on microsoft cloud authorization token in header retrieved using "azure adal acquiretoken". using "azuread/azure-activedirectory-library-for-java" (code sample below). questions have -

  1. do need make call retrieve token using acquiretoken method each , every rest call going make? if yes, believe token going latest call may change, in case requests if have requests made retrieved tokens going fail or azure adal still going honor generated tokens?
  2. if token retrieved not expected honored azure adal options have manage single token @ time , making sure @ time 1 token used requests? need implement kind of single threaded cache retrieve token, maintain token until expires, make call new token if expired , make multi threaded requests go through single threaded cache latest token? suggestions on this. if case seems huge bottleneck in high volume multi threaded multi jvm application far scalability goes.

my code below. when called acquiretoken method loop inside main method, got 3 different types of token in 10 calls , 3 different tokens seemed work, not sure if how should called in multi threaded applications.

package com.mycompany.msft.auth;  import java.util.concurrent.executorservice; import java.util.concurrent.executors; import java.util.concurrent.future;  import com.microsoft.aad.adal4j.authenticationcontext; import com.microsoft.aad.adal4j.authenticationresult; import com.microsoft.aad.adal4j.clientcredential;  public class applicationauthexample {     private final static string authorization_endpoint = "https://login.microsoftonline.com/";     private final static string arm_endpoint = "https://myendpoint";       private static string credential = "my credential";     private static string clientid = "my client id";     private static string tenantid = "my tenant id";      private static string url = authorization_endpoint + tenantid ;      authenticationcontext context = null;     authenticationresult result = null;     executorservice service = null;      public  authenticationresult getauthtoken() {         try {             service = executors.newfixedthreadpool(1);               context = new authenticationcontext(url, false, service);              future<authenticationresult> future = null;                   clientcredential cred = new clientcredential(clientid, credential);                 future = context.acquiretoken(arm_endpoint, cred, null);               result = future.get();         } catch (exception ex) {             system.out.println("exception occurred:");             ex.printstacktrace();             system.exit(1);         } {             service.shutdown();         }         return result;     }      public static void main(string[] args) throws exception {          applicationauthexample auth = new applicationauthexample();          (int =0 ; i< 10 ; i++) {             authenticationresult result = auth.getauthtoken();             // use adal authenticate              system.out.println (i+ " authorization" + "bearer " + result.getaccesstoken());             system.out.println (i + " getexpireson" + result.getexpireson());              //this token comes different in different calls. 1 should use , 1 not.              system.out.println (i+ " getexpireson" + result.getrefreshtoken());               system.out.println (i+" getexpireson" + result.getuserinfo());             }      } } 

per experience, think key of issue expiration time of token. can use token wish after expire. can refer section claims in id_tokens of https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-tokens/ know token claim time include issued at, expriation time & `not before.

so need use adal4j acquire token , request refresh token when previous 1 expires.

the lifetime of default security token claims-based authentication deployment using ad fs 2.0 60 minutes.

if want increase token expiration time of azure ad, can try refer doc https://technet.microsoft.com/en-us/library/gg188586.aspx configure relying party token lifetime.


Comments