Add unit tests for Authority, Instance, and TenantId merging logic (AAD & B2C, warning paths covered)

[jmprieur]

Background

@AzureAD/microsoft-identity-web#3609 and sub-issues cover Authority config pitfalls for AAD and B2C. Now, we need to expand the test matrix: Authority-only (AAD and B2C), conflicts (should log warning), parsing edge cases, and preserved authority in CIAM.

Tests to Implement

E2E Authority-only (AAD)

[Fact]
public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_AuthorityOnlyAAD_Succeeds()
{
    services.Configure<MicrosoftIdentityApplicationOptions>(s_optionName, option =>
    {
        option.Authority = "https://login.microsoftonline.com/msidlab4.onmicrosoft.com/v2.0";
        option.ClientId = "f6b698c0-140c-448f-8155-4aa9bf77ceba";
        option.ClientCredentials = s_clientCredentials;
    });
    await CreateGraphClientAndAssertAsync(tokenAcquirerFactory, services);
}

(E2E: TokenAcquirer.cs#L229)

E2E Authority-only (B2C)

[Fact]
public async Task AcquireToken_WithMicrosoftIdentityApplicationOptions_AuthorityOnlyB2C_Succeeds()
{
    services.Configure<MicrosoftIdentityApplicationOptions>(s_optionName, option =>
    {
        option.Authority = "https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1_signup_signin/v2.0";
        option.ClientId = "...";
        option.ClientCredentials = s_clientCredentials;
    });
    await CreateGraphClientAndAssertAsync(tokenAcquirerFactory, services);
}

Warning Logging (AAD + B2C)

[Fact]
public void AuthorityAndInstanceBothPresent_LogsWarning()
{
    // Arrange: Use a mock logger, verify a warning is emitted
    var options = new MergedOptions
    {
        Authority = "https://login.microsoftonline.com/tenantA/v2.0",
        Instance = "https://login.microsoftonline.us/",
        TenantId = "tenantB"
    };
    // Act/Assert: Should see a warning in logs
}

[Fact]
public void AuthorityAndInstanceBothPresent_B2C_LogsWarning()
{
    var options = new MergedOptions
    {
        Authority = "https://contoso.b2clogin.com/tfp/contoso.onmicrosoft.com/B2C_1_signup_signin/v2.0",
        Instance = "https://login.microsoftonline.com/",
        TenantId = "contoso.onmicrosoft.com",
        DefaultUserFlow = "B2C_1_signup_signin"
    };
    // Act/Assert: Should see a warning in logs
}

Parsing edge cases

• Authority without /v2.0 (v1.0 authority don't have the /v2.0 and they are important for web APIs)
• Authority containing '/tfp/' (B2C)
• Authority without scheme

Acceptance Criteria

• All scenarios above have dedicated tests
• Tests assert outcome (token acquired) and warning log
• All legacy and migration cases covered
• Permalinks for test samples maintained

---

Bridge: Propose test code blocks and diff mapping when Jean-Marc replies "Go ahead".