Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MsalClientException exception thrown when token not found in cache #38300

Closed
3 tasks done
y0geshdev opened this issue Jan 12, 2024 · 3 comments · Fixed by #38502
Closed
3 tasks done

MsalClientException exception thrown when token not found in cache #38300

y0geshdev opened this issue Jan 12, 2024 · 3 comments · Fixed by #38502
Assignees
@billwert
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved.
Milestone
2024-02

Comments

@y0geshdev
Copy link

Describe the bug
When a token is not found in the in-memory cache then Azure identity log it as an MSAL exception.
The log level is a bit misleading if there is a cache miss. A warning level log might be better suited than an error log.

Or is it that I am missing something to configure it properly to avoid ERROR level log on cache miss?

Exception or Stack Trace
12:40:39.710 [ForkJoinPool.commonPool-worker-1] DEBUG c.m.a.m.ConfidentialClientApplication - [Correlation ID: f1f20e6d-42d7-4b54-baa8-7f74934320e0] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed.

com.microsoft.aad.msal4j.MsalClientException: Token not found in the cache
	at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:75)
	at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:69)
	at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:18)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1768)
	at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1760)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165)
        ...

To Reproduce
Steps to reproduce the behavior:

  • Added code snippet to reproduce

Code Snippet
Add the code snippet that causes the issue.

                // create a clientCertificateCredential
                ClientCertificateCredential clientCertificateCredential = new ClientCertificateCredentialBuilder()
                        .tenantId(<Tenant_Id>)
                        .clientId(<Client_Id>)
                        .pemCertificate(<Certificate_Path>)
                        .sendCertificateChain(true)
                        .additionallyAllowedTenants("*")
                        .build();

                // create SecretClient using above credentials
                SecretClient client = new SecretClientBuilder()
                        .vaultUrl(<Vault_Url>)
                        .credential(clientCertificateCredential)
                        .buildClient();

                // get KV secret
                KeyVaultSecret spClientIdKvSecret;
                try {
                    spClientIdKvSecret = client.getSecret(<SECRET_NAME>);
                } catch (Exception ex) {
                    log.error("Unable to fetch service principal client ID secret from customer {} KV. Exception: {}",
                            destConfig.getAkvUrl(), getStackTrace(httpEx));
                    throw new ConfigurationException(format("Unable to fetch service principal client ID secret from customer %s KV.", destConfig.getAkvUrl()), httpEx);
                }

Expected behavior
Logging cache miss at a warning level might be better than logging it at error level.

Screenshots
NA

Setup (please complete the following information):

  • OS: Windows 11
  • IDE: IntelliJ
  • Library/Libraries: com.azure:azure-identity:1.8.2
  • Java version: 8
  • App Server/Environment: JVM
  • Frameworks: NA

Additional context
NA

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • Bug Description Added
  • Repro Steps Added
  • Setup information Added
@y0geshdev y0geshdev changed the title MsalClientException exception when token not found in cache MsalClientException exception thrown when token not found in cache Jan 12, 2024
@github-actions github-actions bot added Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage Workflow: This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jan 12, 2024
@joshfree
Copy link
Member

Thanks for filing this issue, @y0geshdev. @billwert could you please take a look?

/cc @g2vinay

@joshfree joshfree added feature-request This issue requires a new behavior in the product in order be resolved. and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jan 16, 2024
@joshfree joshfree moved this from Untriaged to Not Started in Azure Identity SDK Improvements Jan 16, 2024
@joshfree joshfree added this to the 2024-02 milestone Jan 16, 2024
@y0geshdev
Copy link
Author

@billwert Thanks for looking into this.
I would appreciate if you can guide me on this one.

billwert added a commit to billwert/azure-sdk-for-java that referenced this issue Jan 26, 2024
@billwert
Move cache miss errors to info level
4e23c57 
Customer reports spurious error messages for simple cache misses from MSAL. We'll catch those errors and log them at the INFO level instead of ERROR.

This only applies to sync cases. In async cases we already suppress the error entirely.

Fixes Azure#38300
@billwert billwert mentioned this issue Jan 26, 2024
Merged
@billwert
Copy link
Contributor

billwert commented Jan 26, 2024
edited
Loading

Thanks for the report @y0geshdev. We should have a fix for this in our next public release.

@billwert billwert removed the needs-team-triage Workflow: This issue needs the team to triage. label Jan 26, 2024
@billwert billwert moved this from Not Started to In Progress in Azure Identity SDK Improvements Jan 30, 2024
billwert added a commit that referenced this issue Jan 31, 2024
@billwert
Move cache miss errors to info level (#38502)
d8dae65 
Customer reports spurious error messages for simple cache misses from MSAL. We'll catch those errors and log them at the INFO level instead of ERROR.

This only applies to sync cases. In async cases we already suppress the error entirely.

Fixes #38300
@github-project-automation github-project-automation bot moved this from In Progress to Done in Azure Identity SDK Improvements Jan 31, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Apr 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@billwert billwert

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved.
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
2024-02
Development

Successfully merging a pull request may close this issue.

Move cache miss errors to info level billwert/azure-sdk-for-java
3 participants
@joshfree @billwert @y0geshdev