PersistedTokenCache.deserialize doesn't persist data

[chlowell]

PersistedTokenCache.deserialize replaces an instance's in-memory data entirely but the new data isn't persisted until modify is called. This introduces a couple opportunities for data loss:

1. if modify is never called, the data is never persisted
2. if find is called immediately after deserialize, PersistedTokenCache will overwrite its deserialized data when the persistence class returns a modified time later than the last sync, or any time at all if the last sync time is still 0

For example:

from msal import SerializableTokenCache
from msal_extensions import FilePersistence, PersistedTokenCache

PATH = "file_persistence"
with open(PATH, "w"):
    pass

cache_a = SerializableTokenCache()
cache_a.add({"scope": ["scope"], "response": {"access_token": "...", "client_id": "..."}})

cache_b = PersistedTokenCache(persistence=FilePersistence(PATH))
cache_b.deserialize(cache_a.serialize())  # cache_b has new data in memory but doesn't persist it
print("after deserialize: {}".format(cache_b._cache))

# cache_b.find deserializes the empty cache file, replacing data deserialized from cache_a
cache_b.find("AccessToken")
print("after find: {}".format(cache_b._cache))  # cache_b is now empty

[rayluo]

The design goal of this MSAL EX is to make it a drop-in replacement as MSAL's default in-memory cache, demonstrated by its usage pattern. Therefore, the implementation only takes care of the behaviors used by MSAL, namely, the find() and modify(), thus NOT deserialize() (MSAL itself does not use deserialize()). In that sense, we did not foresee a need to call deserialize() directly. Can you help us to understand this new scenario? Was it just your experiment, or will your new pattern happen in real life?

To answer your 2 particular questions:

1. After a deserialize(), if modify() is never called, it is assumed that the current app does not have new data to persist.
2. We could add a minor adjustment to save that arguably unnecessary read here, but still, the major issue here is we did not anticipate you would have an "out-of-band" deserialize() to begin with.

[chlowell]

1. After a deserialize(), if modify() is never called, it is assumed that the current app does not have new data to persist.

This assumption surprises me. It seems to me the cache should assume it has new data after deserialize(). It's an instance method that replaces the cache in memory with arbitrary data.

Was it just your experiment, or will your new pattern happen in real life?

I was experimenting with exposing methods to serialize the cache as part of enabling users (of azure-identity) to implement their own persistence. I don't expect this experiment to leave the lab nor do I plan to use PersistedTokenCache.deserialize, so azure-identity doesn't yet need this fixed. But I think it's an important issue to consider for the sake of other users. There may also be more ways to lose data unexpectedly through PersistedTokenCache's public API.

[rayluo]

Of course the cache would have new data once a deserialize() is called. (Rephrase as this:) MSAL EX internally uses deserialize() to obtain latest cache data from the canonical persistence, and this moment the 2 copies are identical. We just did not anticipate PersistedTokenCache().deserialize() would be called explicitly, to obtain data from elsewhere and result in a discrepancy.

In that sense, Charles you are right that our exposing the desrialize() as an instance method was not a good move. I'm marking this one as an enhancement for now, so that we will come back to evaluate the need to completely remove deserialize() from this PersistedTokenCache() (and if so, it would require a major version bump).