Skip to content

Commit fb087c1

Browse files
Copilotsomalaya
Copilot
and
somalaya
committed
Add quick reference guide for token storage
Co-authored-by: somalaya <[email protected]>
1 parent 3ee493b commit fb087c1

File tree

1 file changed

+74
-0
lines changed

1 file changed

+74
-0
lines changed

docs/TOKEN_STORAGE_QUICKREF.md

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
# Token Storage Quick Reference
2+
3+
> For comprehensive details, see [TOKEN_STORAGE_DOCUMENTATION.md](TOKEN_STORAGE_DOCUMENTATION.md)
4+
5+
## Quick Summary
6+
7+
### Where are tokens stored?
8+
**Android SharedPreferences** at:
9+
```
10+
/data/data/{package_name}/shared_prefs/com.microsoft.identity.client.account_credential_cache.xml
11+
```
12+
13+
### What gets stored?
14+
- **AccountRecord**: User identity (username, IDs, name, etc.)
15+
- **AccessTokenRecord**: Access tokens with expiration, scopes, etc.
16+
- **RefreshTokenRecord**: Refresh tokens (MRRT/FRT)
17+
- **IdTokenRecord**: ID tokens with user claims
18+
19+
### Storage Flow (Simplified)
20+
```
21+
BaseController.saveTokens()
22+
23+
MsalOAuth2TokenCache.saveAndLoadAggregatedAccountData()
24+
25+
SharedPreferencesAccountCredentialCache.saveAccount/saveCredential()
26+
27+
SharedPreferencesFileManager.put() [with encryption]
28+
29+
Android SharedPreferences (encrypted XML file)
30+
```
31+
32+
### Cache Key Examples
33+
34+
**Account Key:**
35+
```
36+
{homeAccountId}-{environment}-{realm}
37+
```
38+
39+
**Access Token Key:**
40+
```
41+
{homeAccountId}-{environment}-accesstoken-{clientId}-{realm}-{scopes}
42+
```
43+
44+
**Refresh Token Key:**
45+
```
46+
{homeAccountId}-{environment}-refreshtoken-{clientId}--
47+
```
48+
49+
**ID Token Key:**
50+
```
51+
{homeAccountId}-{environment}-idtoken-{clientId}-{realm}-
52+
```
53+
54+
### Security
55+
- ✅ Values are **encrypted** using Android KeyStore
56+
- ✅ Keys are **hardware-backed** on supported devices
57+
- ✅ Files are **app-private** (MODE_PRIVATE)
58+
-**In-memory LRU cache** (256 entries) for performance
59+
- ✅ Broker mode uses **UID-sequestered** caches per app
60+
61+
### Key Code Locations
62+
- Entry point: `BaseController.saveTokens()` (line 903)
63+
- Cache logic: `MsalOAuth2TokenCache.java`
64+
- Key generation: `CacheKeyValueDelegate.java`
65+
- Storage: `SharedPreferencesFileManager.java`
66+
- DTOs: `dto/` package (AccountRecord, AccessTokenRecord, etc.)
67+
68+
### Special Files
69+
- **FOCI Cache**: `...cache.foci-1` (Family Refresh Tokens)
70+
- **UID Cache**: `...cache.uid-{uid}` (Per-app broker cache)
71+
72+
---
73+
74+
📖 **Full Documentation**: [TOKEN_STORAGE_DOCUMENTATION.md](TOKEN_STORAGE_DOCUMENTATION.md)

0 commit comments

Comments
 (0)