Storing and retrieving access token when using Client Credential Flow in .Net

Question

I m using a client credential flow to access the API. I am getting the access token each time client make a call to Web API which seem to me may not be good but not sure why. I looked through web I am getting mix answer, some say Client Credential flow doesn't return refresh token some say possible but it is not clear how. I looked at the project where it seem to store the token in the cache but doesn't show how it can be use when needing to get the access token.

Even if Client Credential flow doesn't support or send refresh token. I am searching for a way to store the access token and use it until is is not expired and get a new one when it is expire. This is where I am looking for support.

Beside that I do have relevant question.

1. Should I just get the access token each time? what is the downfall of it?
2. Should I include a Test method is Web Api to validate if the token is expired and return "Unauthorize" response based on that response I get the new token? With this approach, I will calling the API each time I need to access the API for actual purpose. So wouldn't I just get the access token from the Authorization server (Microsoft Identity platform).

Answer 1

Have a look at these resources:

• https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows
• https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization?tabs=aspnet

One possible solution is to implement internally your own solution:

1. Get the Token.
2. A Dictionary is going to hold the (API type) as a key and the corresponding token as its value.
3. Next call check if the token exists in your Dic(TryGetValu(ket, out param)).
4. Check "ExpiresOn" on the AuthenticationResult (the Token) and compare its time for validation.

Remember to maintain your Dic by Updating or adding new tokens.