Release 4.2
In this release, the team focused on critical fixes to our token refresh code for OAuth credential flows with Microsoft Application Ids.
Revamping the token acquisition code that obtains a token given the bot App id and password. This is an effective execution of the OAuth client credentials flow, which is supported by the ADAL dotnet library.
Some implementation details and considerations below to complement the source changes:
Token cache: We use ADAL built-in token cache. Given that Adal handles much of the token caching nowadays, we consider it better to leverage ADAL library implementation, leaving less responsibilities in our code. However, after working with the ADAL team we are still responsible for maintaining low concurrency (done through semaphores in this case) and retrying, using the retry after headers received from AAD when we get HttpStatusCode 429.
Testing: We ran long haul load test, in addition to mini-load tests and unit tests. We were able to reproduce token renewal under extremely high load, and even though there were failures, these were retried and ZERO threads ended up without a token. The longest delay observed in our load test was 600 ms, which happened for a total of 40 requests, then going back to 1 millisecond when reading from cache.
Verifying assumptions Even though the ADAL team recommended limiting concurrency, we removed the semaphore and re-ran the load tests. These results were extremely bad, with latencies up to 5 seconds and multiple failures, confirming ADAL teams' recommendation.
Next steps: We would like to eventually expose the token cache to users so they can provide durable token caches (this is supported by adal). This scenario is awesome for horizontal scaling scenarios where multiple instances share perhaps a redis cache for example.
Coming soon: MSAL library: The ADAL team is working on the MSAL library, which will take care of the concurrency control as well. Eventually we'll move to that. GA for MSAL is coming soon.
Changelog V4.2.2
Token Refresh Revamping
- Token Refresh Revamping [PR 1299]