From 19369d39b6e84af16f3c27a595b61fabcc002d51 Mon Sep 17 00:00:00 2001
From: Alan Matthews <alanmatthews@microsoft.com>
Date: Thu, 19 Feb 2026 14:46:33 -0500
Subject: [PATCH 1/2] Cache token until it is expired

---
 simple_ado/auth/ado_azid_auth.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/simple_ado/auth/ado_azid_auth.py b/simple_ado/auth/ado_azid_auth.py
index 7776b8f..f33e413 100644
--- a/simple_ado/auth/ado_azid_auth.py
+++ b/simple_ado/auth/ado_azid_auth.py
@@ -1,12 +1,20 @@
 """Azure Identity authentication auth class."""
 
+import time
+
 from azure.identity import DefaultAzureCredential
+from azure.core.credentials import AccessToken
 from simple_ado.auth.ado_auth import ADOAuth
 
 
 class ADOAzIDAuth(ADOAuth):
     """Azure Identity auth."""
 
+    access_token: AccessToken | None
+
+    def __init__(self) -> None:
+        self.access_token = None
+
     def get_authorization_header(self) -> str:
         """Get the header value.
 
@@ -14,9 +22,9 @@ def get_authorization_header(self) -> str:
 
         # The get_token parameter specifies the Azure DevOps resource and requests a token with
         # default permissions for API access.
-        return (
-            "Bearer "
-            + DefaultAzureCredential()
-            .get_token("499b84ac-1321-427f-aa17-267ca6975798/.default")
-            .token
-        )
+        if self.access_token is None or self.access_token.expires_on <= time.time():
+            self.access_token = DefaultAzureCredential().get_token(
+                "499b84ac-1321-427f-aa17-267ca6975798/.default"
+            )
+
+        return "Bearer " + self.access_token.token

From e1ef54c5276f23714fc192e39c3ea1b3cd22e302 Mon Sep 17 00:00:00 2001
From: Alan Matthews <alanmatthews@microsoft.com>
Date: Fri, 20 Feb 2026 09:44:55 -0500
Subject: [PATCH 2/2] Add buffer to time check

---
 simple_ado/auth/ado_azid_auth.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/simple_ado/auth/ado_azid_auth.py b/simple_ado/auth/ado_azid_auth.py
index f33e413..cc57bc1 100644
--- a/simple_ado/auth/ado_azid_auth.py
+++ b/simple_ado/auth/ado_azid_auth.py
@@ -22,7 +22,7 @@ def get_authorization_header(self) -> str:
 
         # The get_token parameter specifies the Azure DevOps resource and requests a token with
         # default permissions for API access.
-        if self.access_token is None or self.access_token.expires_on <= time.time():
+        if self.access_token is None or self.access_token.expires_on <= time.time() + 60:
             self.access_token = DefaultAzureCredential().get_token(
                 "499b84ac-1321-427f-aa17-267ca6975798/.default"
             )