Questions about acquireTokenByClientCredential caching

Hello Dionisio, Ryne,

Thanks for posting your question in Microsoft Q&A!

When you use acquireTokenByClientCredential to get a token for your app, the Microsoft Authentication Library (MSAL) saves that token in a cache. This is why when you use the same app multiple times, you don’t see extra calls to Microsoft every time — because MSAL reuses the cached token.

How long does the token last?

The token usually lasts about 60 minutes. MSAL keeps it stored and hands it back as long as it hasn’t expired. When the token is about to expire or has expired, MSAL automatically fetches a new one.

How does the caching work?

Before contacting Microsoft, MSAL checks if there’s still a valid token in its cache. If yes, it uses that token instead of asking Microsoft again. If there isn’t, or the token is expired, it will request a new token and update the cache.

Microsoft has this info in their documentation here:

About application token caching: https://learn.microsoft.com/azure/active-directory/develop/msal-client-application#application-token-cache

About token renewal: https://learn.microsoft.com/azure/active-directory/develop/msal-client-application#token-caching-and-renewal

Best Practices:

• Let MSAL take care of caching and refreshing tokens — no need to do this yourself.
• If a token expires, just handle the error and MSAL will get a new one automatically.
• If you want tokens to last longer or shorter, you can set token lifetimes in Azure AD, but it’s usually best to use the default settings.

Kindly let us know if the above helps or you need further assistance on this issue.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".