Why is AzureServiceTokenProvider returning an expired access token?

Question

I'm trying to use AzureServiceTokenProvider to get an access token to call a custom service, but it's intermittently returning an expired token. I understand that AzureServiceTokenProvider caches the token and retrieves a new one before expiration, but this is a brand new token in a brand new debugging session. Example debugging session:

Current UTC time: 3/6/2021 5:57:16 AM

But token returned is already expired?? 3/6/2021 5:27:40 AM UTC

I'm getting this behavior locally AND when deployed to Azure, but it's intermittent.

• I'm using the latest Microsoft.Azure.Services.AppAuthentication 1.6.1 as of this writing.
• I'm following https://learn.microsoft.com/en-us/dotnet/api/overview/azure/service-to-service-authentication#running-the-application-using-managed-identity-or-user-assigned-identity to get the token with managed identity in Azure and using my Azure account (which has API permissions to the custom service) when debugging locally with Visual Studio.

Update: I also tried GetAuthenticationResultAsync with forceRefresh set to true based on the recommendation from https://github.com/Azure/azure-sdk-for-net/issues/16718 but still got an expired token with the same 3/6/2021 5:27:40 AM date.

Answer 1

Difficult to say what the problem is. Best guess is that the call to get the new token is failing and therefore returning the cached token.

However, as stated in the link in your question, this method is legacy and no longer recommended.

You could therefore "solve" the problem by switching to the Azure Identity Client Library https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme