Add additional comments for token caching.

JimacoMS4 · JimacoMS4 · commit 5a6b49aabf18 · 2024-06-06T14:39:28.000-07:00
diff --git a/articles/postgresql/flexible-server/connect-python.md b/articles/postgresql/flexible-server/connect-python.md
@@ -118,9 +118,14 @@ In this section, you add authentication code to your working directory and perfo
         sslmode = os.environ['SSLMODE']
             
         # Use passwordless authentication via DefaultAzureCredential.
+        # IMPORTANT! This code is for demonstration purposes only. DefaultAzureCredential() is invoked on every call.
+        # In practice, it's better to persist the credential across calls and reuse it so you can take advantage of token
+        # caching and minimize round trips to the identity provider. To learn more, see:
+        # https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/identity/azure-identity/TOKEN_CACHING.md 
+        credential = DefaultAzureCredential()
+
         # Call get_token() to get a token from Microsft Entra ID and add it as the password in the URI.
         # Note the requested scope parameter in the call to get_token, "https://ossrdbms-aad.database.windows.net/.default".
-        credential = DefaultAzureCredential()
         password = credential.get_token("https://ossrdbms-aad.database.windows.net/.default").token
     
         db_uri = f"postgresql://{dbuser}:{password}@{dbhost}/{dbname}?sslmode={sslmode}"
