Describe the bug
I recently started using managed identity authentication functionality from SqlClient after using our own access token caching implementation, but I'm seeing a lot of random token refreshes and I'm wondering if this is expected. Below is a screenshot from app insights showing the refresh calls over a period of 24 hours of one app instance.
Before:

After:

I would expect the token to be cached around 24 hours before a refresh is triggered if the token lifetime is 24 hours. What I am experiencing though is that it refreshes at a seemingly random interval.
This behavior is slowing down a bunch of our requests as you can probably imagine.
One other thing I noticed is calls to the below endpoints when the token is refreshed. We did not see these pop up before the change.
- GET crl3.digicert.com/Omniroot2025.crl
- GET mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20RSA%20TLS%20CA%2001.crl
Currently I'm considering moving back to our own implementation, because this is just plain dumb behavior.
To reproduce
Just run a application with using the below segment in the connection string.
Authentication=Active Directory Managed Identity
Expected behavior
Refresh the token just before the token expires (5 minutes before or something).
Further technical details
Microsoft.Data.SqlClient version: 4.0.1
.NET target: 6.0.1
SQL Server version: Azure SQL Server
Operating system: aspnet:6.0-bullseye-slim
Describe the bug
I recently started using managed identity authentication functionality from SqlClient after using our own access token caching implementation, but I'm seeing a lot of random token refreshes and I'm wondering if this is expected. Below is a screenshot from app insights showing the refresh calls over a period of 24 hours of one app instance.
Before:

After:

I would expect the token to be cached around 24 hours before a refresh is triggered if the token lifetime is 24 hours. What I am experiencing though is that it refreshes at a seemingly random interval.
This behavior is slowing down a bunch of our requests as you can probably imagine.
One other thing I noticed is calls to the below endpoints when the token is refreshed. We did not see these pop up before the change.
Currently I'm considering moving back to our own implementation, because this is just plain dumb behavior.
To reproduce
Just run a application with using the below segment in the connection string.
Expected behavior
Refresh the token just before the token expires (5 minutes before or something).
Further technical details
Microsoft.Data.SqlClient version: 4.0.1
.NET target: 6.0.1
SQL Server version: Azure SQL Server
Operating system: aspnet:6.0-bullseye-slim