From fa49e5e47663e4a07e917927a648a7c4b4fc3cb4 Mon Sep 17 00:00:00 2001
From: Claire Novotny <claire@novotny.org>
Date: Mon, 1 Mar 2021 08:16:54 -0500
Subject: [PATCH] Ensure cache is used for tokens

---
 src/SignClient/SignCommand.cs | 39 ++++++++++++++++++++++++++++++++---
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/src/SignClient/SignCommand.cs b/src/SignClient/SignCommand.cs
index d64d1d59..3fd7c8f4 100644
--- a/src/SignClient/SignCommand.cs
+++ b/src/SignClient/SignCommand.cs
@@ -170,7 +170,24 @@ void Log(string facility, LogLevel level, string message)
                     {
                         Log("RESTCLIENT", LogLevel.Info, "Obtaining access token for PublicClientApplication.");
 
-                        var tokenResult = await pca.AcquireTokenByUsernamePassword(new[] { $"{resourceId}/user_impersonation" }, username.Value(), secret).ExecuteAsync();
+                        var accounts = await pca.GetAccountsAsync().ConfigureAwait(false);
+                        var first = accounts.FirstOrDefault();
+
+                        var scopes = new[] { $"{resourceId}/user_impersonation" };
+
+                        if (first != null)
+                        {
+                            try
+                            {
+                                var result = await pca.AcquireTokenSilent(scopes, first).ExecuteAsync().ConfigureAwait(false);
+
+                                Log("RESTCLIENT", LogLevel.Info, $"Obtained access token from cache for PublicClientApplication. Correlation ID = {result.CorrelationId}; Expires on = {result.ExpiresOn}.");
+                                return result.AccessToken;
+                            }
+                            catch(MsalUiRequiredException) { } // eat it as we'll try to get via password next
+                        }
+
+                        var tokenResult = await pca.AcquireTokenByUsernamePassword(scopes, username.Value(), secret).ExecuteAsync();
 
                         Log("RESTCLIENT", LogLevel.Info, $"Obtained access token for PublicClientApplication. Correlation ID = {tokenResult.CorrelationId}; Expires on = {tokenResult.ExpiresOn}.");
 
@@ -189,9 +206,25 @@ void Log(string facility, LogLevel level, string message)
                     {
                         Log("RESTCLIENT", LogLevel.Info, "Obtaining access token for ConfidentialClientApplication.");
 
-                        var tokenResult = await context.AcquireTokenForClient(new[] { $"{resourceId}/.default" }).ExecuteAsync();
+                        var accounts = await context.GetAccountsAsync().ConfigureAwait(false);
+                        var first = accounts.FirstOrDefault();
+                        var scopes = new[] { $"{resourceId}/.default" };
 
-                        Log("RESTCLIENT", LogLevel.Info, $"Obtained access token for PublicClientApplication. Correlation ID = {tokenResult.CorrelationId}; Expires on = {tokenResult.ExpiresOn}.");
+                        if (first != null)
+                        {
+                            try
+                            {
+                                var result = await context.AcquireTokenSilent(scopes, first).ExecuteAsync().ConfigureAwait(false);
+
+                                Log("RESTCLIENT", LogLevel.Info, $"Obtained access token from cache for ConfidentialClientApplication. Correlation ID = {result.CorrelationId}; Expires on = {result.ExpiresOn}.");
+                                return result.AccessToken;
+                            }
+                            catch (MsalUiRequiredException) { } // eat it as we'll try to get via password next
+                        }                        
+
+                        var tokenResult = await context.AcquireTokenForClient(scopes).ExecuteAsync();
+
+                        Log("RESTCLIENT", LogLevel.Info, $"Obtained access token for ConfidentialClientApplication. Correlation ID = {tokenResult.CorrelationId}; Expires on = {tokenResult.ExpiresOn}.");
 
                         return tokenResult.AccessToken;
                     };