Skip to content

Reduce repeated Graph sign-in prompts by caching delegated tokens and unifying auth paths#136

Closed
mengyimicro wants to merge 3 commits intomainfrom
users/mengyixu/reuseSessionCacheTokens
Closed

Reduce repeated Graph sign-in prompts by caching delegated tokens and unifying auth paths#136
mengyimicro wants to merge 3 commits intomainfrom
users/mengyixu/reuseSessionCacheTokens

Conversation

@mengyimicro
Copy link
Contributor

@mengyimicro mengyimicro commented Dec 27, 2025
edited
Loading

Problem
Running a365 setup all in a new tenant triggers 20+ Microsoft sign-in popups during execution.

Root causes:

  • Each Graph operation could spawn a new PowerShell session and call Connect-MgGraph
  • Delegated tokens were not cached across calls
  • Some Graph API calls unintentionally fell back to Azure CLI auth
  • GraphPatchAsync ignored the scopes parameter
  • Permission setup loops amplified the issue

This resulted in a poor CLI experience and made setup appear unreliable.

Fix
This PR reduces interactive sign-in prompts by reusing delegated Graph tokens and ensuring a single auth path during setup.

Key changes:

  1. MicrosoftGraphTokenProvider

Added in-memory token caching keyed by (tenant + clientAppId + normalized scopes)
Added single-flight locking to prevent concurrent PowerShell sign-ins
Extracts JWT exp to reuse tokens until near expiration

  1. GraphApiService

Fixed GraphPatchAsync to correctly pass scopes
Ensured service principal lookup/creation respects delegated scopes
Prevented accidental fallback to Azure CLI auth when scopes are required

  1. SetupHelpers

Pre-warms delegated Graph auth at the start of permission setup
Ensures all permission-related Graph calls use delegated auth consistently

Test

Unit Tests all success
E2E validation on Setup all to reduce prompt sign in from 20+ to 5

@mengyimicro mengyimicro requested review from a team as code owners December 27, 2025 01:50
Copilot AI review requested due to automatic review settings December 27, 2025 01:50
Copilot AI reviewed Dec 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces the number of Microsoft sign-in prompts during setup by implementing token caching and unifying authentication paths for Graph API operations. Previously, each Graph operation could trigger a new PowerShell session and require re-authentication, resulting in 20+ sign-in popups during setup in a new tenant.

Key changes:

  • Added in-memory delegated token caching in MicrosoftGraphTokenProvider with JWT expiration tracking to reuse tokens across multiple Graph calls
  • Fixed GraphApiService methods to accept and pass through scopes parameters consistently, preventing fallback to Azure CLI authentication
  • Implemented pre-warming of delegated Graph authentication in SetupHelpers to ensure all permission operations use a single authentication session

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
MicrosoftGraphTokenProvider.cs Implements token caching with single-flight locking, JWT expiry parsing, and cache key generation based on tenant/client/scopes
GraphApiService.cs Adds scopes parameter to service principal lookup and creation methods to support delegated authentication consistently
SetupHelpers.cs Pre-warms delegated token at the start of permission setup to ensure consistent auth path across all Graph operations
PublishHelpersTests.cs Updates mock method signatures to match new scopes parameter in service principal methods

pontemonti
pontemonti previously approved these changes Dec 27, 2025
View reviewed changes
tmlsousa
tmlsousa previously approved these changes Dec 29, 2025
View reviewed changes
Copilot AI review requested due to automatic review settings December 29, 2025 22:17
@mengyimicro mengyimicro dismissed stale reviews from tmlsousa and pontemonti via 0911cd1 December 29, 2025 22:17
Copilot AI reviewed Dec 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@mengyimicro mengyimicro enabled auto-merge (squash) December 29, 2025 23:06
@mengyimicro mengyimicro requested a review from Copilot December 29, 2025 23:08
@mengyimicro mengyimicro disabled auto-merge December 29, 2025 23:08
Copilot AI reviewed Dec 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

@mengyimicro
Copy link
Contributor Author

mengyimicro commented Dec 29, 2025
edited
Loading

Close this PR since hit github bug. use the latest PR for merge the fix code: #139

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pontemonti pontemonti pontemonti approved these changes

@tmlsousa tmlsousa tmlsousa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mengyimicro @pontemonti @tmlsousa