Persist authority in in-memory cache (#4081)

* Persist authority in inmemory cache

* Change files

* Revering making `inMemoryCache` a class variable

* added clearCache() functionality to assist silent flow e2e tests

* Apply suggestions from code review

Co-authored-by: Robbie-Microsoft <[email protected]>
Co-authored-by: Thomas Norling <[email protected]>

Author: 3 people

change/@azure-msal-node-b12936ed-da98-48ac-9b2c-58a23b9e4cb4.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Persist authority in in memory cache #4081",
+  "packageName": "@azure/msal-node",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-node/docs/caching.md

@@ -14,7 +14,7 @@ const cca = new msal.ConfidentialClientApplication({
     }
 });
 
-/** 
+/**
 * login* and acquireToken* APIs return an account object containing "homeAccountId"
 * you should keep a record of this in your app and use it later on when calling acquireTokenSilent
 * For more, see: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/docs/accounts.md
@@ -58,6 +58,9 @@ MSAL Node's cache schema is compatible with other MSALs. By default, MSAL's cach
 }
 ```
 
+## Cache in memory
+If a user chooses not to persist cache, the `TokenCache` interface is still available to access the tokens cached in memory. The life time of in memory cache is the same as MSAL instance. If the MSAL instance  restarts, the cache is erased when the process lifecycle finishes. We recommend persisting the cache with encryption for all real life applications both for security and desired cache longevity.
+
 ## Persistence
 
 MSAL Node fires events when the cache is accessed, apps can choose whether to serialize or deserialize the cache. This often constitutes two actions:

lib/msal-node/src/cache/NodeStorage.ts

@@ -57,7 +57,6 @@ export class NodeStorage extends CacheManager {
      * @param cache - key value store
      */
     cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {
-
         const inMemoryCache: InMemoryCache = {
             accounts: {},
             idTokens: {},
@@ -90,16 +89,20 @@ export class NodeStorage extends CacheManager {
      * @param inMemoryCache - kvstore map for inmemory
      */
     inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {
+
         // convert in memory cache to a flat Key-Value map
         let cache = this.getCache();
 
         cache = {
+            ...cache,
             ...inMemoryCache.accounts,
             ...inMemoryCache.idTokens,
             ...inMemoryCache.accessTokens,
             ...inMemoryCache.refreshTokens,
             ...inMemoryCache.appMetadata
         };
+
+        // convert in memory cache to a flat Key-Value map
         return cache;
     }
 

lib/msal-node/src/client/ClientApplication.ts

@@ -420,4 +420,11 @@ export abstract class ClientApplication {
 
         return await AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions);
     }
+
+    /**
+     * Clear the cache
+     */
+    clearCache(): void {
+        this.storage.clear();
+    }
 }

lib/msal-node/src/client/IConfidentialClientApplication.ts

@@ -48,4 +48,7 @@ export interface IConfidentialClientApplication {
 
     /** Replaces the default logger set in configurations with new Logger with new configurations */
     setLogger(logger: Logger): void;
+
+    /** Clear the cache */
+    clearCache(): void;
 }

lib/msal-node/src/client/IPublicClientApplication.ts

@@ -44,4 +44,7 @@ export interface IPublicClientApplication {
 
     /** Replaces the default logger set in configurations with new Logger with new configurations */
     setLogger(logger: Logger): void;
+
+    /** Clear the cache */
+    clearCache(): void;
 }

samples/msal-node-samples/silent-flow/test/silent-flow-aad.spec.ts

@@ -182,6 +182,7 @@ describe("Silent Flow AAD PPE Tests", () => {
             beforeEach(async () => {
                 context = await browser.createIncognitoBrowserContext();
                 page = await context.newPage();
+                await publicClientApplication.clearCache();
             });
 
             afterEach(async () => {

samples/msal-node-samples/silent-flow/test/silent-flow-adfs.spec.ts

@@ -180,6 +180,7 @@ describe("Silent Flow ADFS 2019 Tests", () => {
             beforeEach(async () => {
                 context = await browser.createIncognitoBrowserContext();
                 page = await context.newPage();
+                await publicClientApplication.clearCache();
                 await page.goto(homeRoute);
             });