<PackageReference Include="Microsoft.Identity.Client" Version="4.85.2" />

Microsoft.Identity.Client.ManagedIdentity.V2.MtlsBindingCache

sealed class MtlsBindingCache : IMtlsCertificateCache
Orchestrates mTLS binding retrieval: 1) local in-memory cache 2) per-key async gate (dedup concurrent mint) 3) persisted cache (best-effort) 4) factory mint + back-fill Persistence is best-effort and non-throwing.
public MtlsBindingCache(ICertificateCache memory, IPersistentCertificateCache persisted)

Inject both caches to avoid global state and enable testing.

public Task<MtlsBindingInfo> GetOrCreateAsync(string cacheKey, Func<Task<MtlsBindingInfo>> factory, CancellationToken cancellationToken, ILoggerAdapter logger)

Get or create mTLS binding info

public void RemoveBadCert(string cacheKey, ILoggerAdapter logger)

Removes a certificate from both in-memory and persistent cache when SCHANNEL rejects it.