AzIdentity with Cache - logout?

[DariuszPorowski]

Hi there

I am trying caching (1.8.0-beta.3) for user context authentication - so far looks good. But I wonder how to do "logout"?
I assume that simply deleting the cache file does not solve the problem (it only contains user metadata) and the rest is in the encryption facility. So how to do "logout" and remove stuff from the encryption facility according to the user's operating system?

[github-actions]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[chlowell]

Neither azidentity nor its underlying cache implementation has an API for logging users in or out because applications decide whether a user is logged in or not. azidentity only authenticates users, and the cache is just a simple data store; neither has a concept of a "logged in" user. azidentity does require an AuthenticationRecord to access persisted user data, so at the application level "logging in" means authenticating a user and storing an AuthenticationRecord, and "logging out" means deleting deleting it.

Is it important for your application to actually delete cached data when a user logs out?

[github-actions]

Hi @DariuszPorowski. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

[DariuszPorowski]

Hi @chlowell, everything regarding AzIdentity being stateless is understood. Let me outline the scenario.

I have a CLI tool named mytool. When I execute mytool login, it uses azidentity for authentication and creates a state with the AzIdenity Cache (AuthenticationRecord) to avoid re-authentication on subsequent executions. Now, I wish to remove my authentication state by calling mytool logout. While it is straightforward to delete the file containing user metadata - which theoretically logs me out - AzIdenity Cache uses encryption facility to store sensitive data. Therefore, I need to ensure that mytool also clears this.

[chlowell]

Why do you need to delete the data? Sure, it's sensitive, but it's encrypted and the OS protects it from other users.

[github-actions]

Hi @DariuszPorowski. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

[github-actions]

Hi @DariuszPorowski, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!