-
Notifications
You must be signed in to change notification settings - Fork 340
Client Throttling
MSAL detects certain conditions (see below) where the application should not make repeated calls to AAD. If a call is made, then an MsalThrottledServiceException
or an MsalThrottledUiRequiredException
is thrown by MSAL. These are subtypes of MsalServiceException
, so this behaviour does not introduce a breaking change. If MSAL would not apply client-side throttling, the application would still not be able to acquire tokens, as AAD would throw the error.
If the server is having problems or if an application is requesting tokens too often, AAD will responds with an HTTP code 429 and with header of Retry-After X seconds
. The application will see an MsalServiceException
with header details. The throttling state is maintained for the X seconds. Affects all flows. Introduced in 4.13.0.
If AAD is having problems it may respond with an HTTP 5xx error code with no Retry-After header. The throttling state is maintained for 1 minute. Affects only public client flows. Introduced in 4.13.0
MSAL throws MsalUiRequiredException
when authentication cannot be resolved silently and the end-user needs to use a browser. This is a common occurrence when a tenant admin introduced 2FA or when a user password expires. Retrying the silent authentication cannot succeed. The throttling state is maintained for 2 minutes. Affects only the AcquireTokenSilent
. Introduced in 4.14.0
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Xamarin Docs
- UWP
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code