Skip to content

Add unit tests for Authority, Instance, and TenantId merging logic (AAD & B2C, warning paths covered) #3610

Closed
Closed
Add unit tests for Authority, Instance, and TenantId merging logic (AAD & B2C, warning paths covered)#3610
Assignees
jmprieur
@jmprieur

Description

@jmprieur
jmprieur
opened on Nov 22, 2025

Background

@AzureAD/microsoft-identity-web#3609 and sub-issues cover Authority config pitfalls for AAD and B2C. Now, we need to expand the test matrix: Authority-only (AAD and B2C), conflicts (should log warning), parsing edge cases, and preserved authority in CIAM.

Tests to Implement

E2E Authority-only (AAD)

[Fact]
public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_AuthorityOnlyAAD_Succeeds()
{
    services.Configure<MicrosoftIdentityApplicationOptions>(s_optionName, option =>
    {
        option.Authority = "https://login.microsoftonline.com/msidlab4.onmicrosoft.com/v2.0";
        option.ClientId = "f6b698c0-140c-448f-8155-4aa9bf77ceba";
        option.ClientCredentials = s_clientCredentials;
    });
    await CreateGraphClientAndAssertAsync(tokenAcquirerFactory, services);
}

(E2E: TokenAcquirer.cs#L229)

E2E Authority-only (B2C)

[Fact]
public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_AuthorityOnlyB2C_Succeeds()
{
    services.Configure<MicrosoftIdentityApplicationOptions>(s_optionName, option =>
    {
        option.Authority = "https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1_signup_signin/v2.0";
        option.ClientId = "...";
        option.ClientCredentials = s_clientCredentials;
    });
    await CreateGraphClientAndAssertAsync(tokenAcquirerFactory, services);
}

Warning Logging (AAD + B2C)

[Fact]
public void AuthorityAndInstanceBothPresent_LogsWarning()
{
    // Arrange: Use a mock logger, verify a warning is emitted
    var options = new MergedOptions
    {
        Authority = "https://login.microsoftonline.com/tenantA/v2.0",
        Instance = "https://login.microsoftonline.us/",
        TenantId = "tenantB"
    };
    // Act/Assert: Should see a warning in logs
}

[Fact]
public void AuthorityAndInstanceBothPresent_B2C_LogsWarning()
{
    var options = new MergedOptions
    {
        Authority = "https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1_signup_signin/v2.0",
        Instance = "https://login.microsoftonline.com/",
        TenantId = "contoso.onmicrosoft.com",
        DefaultUserFlow = "B2C_1_signup_signin"
    };
    // Act/Assert: Should see a warning in logs
}

Parsing edge cases

  • Authority without /v2.0 (v1.0 authority don't have the /v2.0 and they are important for web APIs)
  • Authority containing '/tfp/' (B2C)
  • Authority without scheme

Acceptance Criteria

  • All scenarios above have dedicated tests
  • Tests assert outcome (token acquired) and warning log
  • All legacy and migration cases covered
  • Permalinks for test samples maintained

Bridge: Propose test code blocks and diff mapping when Jean-Marc replies "Go ahead".

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions