Update common UI infrastucture to point to ID4SLAB2, Fixes AB#3525444 (#2907)

Updating our ui infrastructure to point to ID4SLAB2 resources

- Updated LAB api signatures
- Updated UPN JSON fields
- Rewire existing test classes to use the UPN JSON rather than LabQuery,
which is no longer available on ID4SLAB2


[AB#3525444](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3525444)

---------

Co-authored-by: richardtz12 <richardtz12@gmail.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

Author: 3 people

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/ILabAccount.java

@@ -58,6 +58,13 @@ public interface ILabAccount {
      */
     String getHomeTenantId();
 
+    /**
+     * Get the guest tenant id of this account.
+     *
+     * @return a String representing the account's guest tenant id
+     */
+    String getGuestTenantId();
+
     /**
      * Get the object id in home tenant.
      *

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabAccount.java

@@ -55,6 +55,7 @@ public class LabAccount implements ILabAccount {
     private final String mHomeObjectId;
 
     private final String mAssociatedClientId;
+    private final String mGuestTenantId;
 
     private final String mCloudUrl;
 

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabClient.java

@@ -73,8 +73,54 @@ public class LabClient implements ILabClient {
     public static final long TEMP_USER_WAIT_TIME = TimeUnit.SECONDS.toMillis(35);
 
     private static final String ACCOUNT_UPN_JSON_STRING_SECRET_NAME = "Android-ID4SLAB2-User-Identifiers";
+    private String mAlternativeUpnJsonStringSecretName;
     private Map<String, LabJsonStringAccountEntry> labUPNJsonMap = null;
 
+    /**
+     * Holds the most recently fetched or created {@link ILabAccount} for this process.
+     * <p>
+     * Updated after each successful account fetch or temporary user creation via
+     * {@link LabClient}. Intended as a convenience for single-threaded test scenarios
+     * that need access to the last lab account without explicitly passing it between
+     * methods.
+     * </p>
+     * <p>
+     * The field is {@code volatile} to ensure writes performed by one thread are
+     * immediately visible to all other threads. It may be {@code null} if no account
+     * has been fetched or created yet. Do not rely on this field in multi-threaded
+     * or production code.
+     * </p>
+     */
+    public static volatile ILabAccount latestLabAccount = null;
+
+    /**
+     * Updates {@link #latestLabAccount} from a static context, avoiding the
+     * {@code ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD} SpotBugs warning that would
+     * be raised if instance methods assigned the field directly.
+     * <p>
+     * This method is thread-safe; the underlying field is {@code volatile}, so
+     * the write is immediately visible to all threads. {@code account} may be
+     * {@code null} to clear the stored account.
+     * </p>
+     *
+     * @param account The {@link ILabAccount} to store as the latest; may be {@code null}.
+     */
+    private static void setLatestLabAccount(final ILabAccount account) {
+        latestLabAccount = account;
+    }
+
+    /**
+     * This method allows tests to specify an alternative secret name for the UPN JSON string in Key Vault,
+     * as the default points specifically to Android Team's upn json. T
+     *
+     * IF YOU ARE THE ONEAUTH TEAM, PLEASE USE THIS METHOD TO POINT TO YOUR OWN JSON SECRET NAME
+     *
+     * @param secretName The name of the alternative Key Vault secret to use for fetching the UPN JSON string.
+     */
+    public void setAccountUpnJsonStringSecretName(final String secretName) {
+        mAlternativeUpnJsonStringSecretName = secretName;
+    }
+
     @Override
     public ILabAccount getLabAccount(@NonNull final LabQuery labQuery) throws LabApiException {
         // Adding a second attempt here, api sometimes fails to fetch the user.
@@ -142,7 +188,7 @@ private ILabAccount getLabAccountObject(@NonNull final ConfigInfo configInfo) th
 
         final String password = getPassword(configInfo);
 
-        return new LabAccount.LabAccountBuilder()
+        final LabAccount account = new LabAccount.LabAccountBuilder()
                 .username(username)
                 .password(password)
                 .userType(UserType.fromName(configInfo.getUserInfo().getUserType()))
@@ -152,6 +198,10 @@ private ILabAccount getLabAccountObject(@NonNull final ConfigInfo configInfo) th
                 .cloudUrl(configInfo.getLabInfo().getAuthority())
                 .azureEnvironment(configInfo.getLabInfo().getAzureEnvironment())
                 .build();
+
+        setLatestLabAccount(account);
+
+        return account;
     }
 
     private List<ConfigInfo> fetchConfigsFromLab(@NonNull final String upn) throws LabApiException {
@@ -252,14 +302,17 @@ private ILabAccount createTempAccountInternal(@NonNull final TempUserType tempUs
 
         final String password = getPassword(tempUser);
 
-        return new LabAccount.LabAccountBuilder()
+        final LabAccount account = new LabAccount.LabAccountBuilder()
                 .username(tempUser.getUpn())
                 .password(password)
                 // all temp users created by Lab Api are currently cloud users
                 .userType(UserType.CLOUD)
                 .homeTenantId(tempUser.getTenantId())
                 .homeObjectId(tempUser.getObjectId())
                 .build();
+
+        setLatestLabAccount(account);
+        return account;
     }
 
     @Override
@@ -335,8 +388,15 @@ public Map<String, LabJsonStringAccountEntry> getAccountMapJsonFromMobileBuildKe
         );
         final KeyVaultSecretsApi keyVaultSecretsApi = new KeyVaultSecretsApi(KeyVaultSecretsApi.MOBILE_BUILD_VAULT_URL);
 
+        final String keyvaultSecret;
+        if (mAlternativeUpnJsonStringSecretName != null && !mAlternativeUpnJsonStringSecretName.isEmpty()) {
+            keyvaultSecret = mAlternativeUpnJsonStringSecretName;
+        } else {
+            keyvaultSecret = ACCOUNT_UPN_JSON_STRING_SECRET_NAME;
+        }
+
         try {
-            final SecretBundle secretBundle = keyVaultSecretsApi.getKeyVaultSecret(ACCOUNT_UPN_JSON_STRING_SECRET_NAME);
+            final SecretBundle secretBundle = keyVaultSecretsApi.getKeyVaultSecret(keyvaultSecret);
 
             labUPNJsonMap = LabJsonStringAccountEntry.parseJsonToMap(secretBundle.getValue());
             return labUPNJsonMap;
@@ -356,16 +416,21 @@ public ILabAccount getAccountFromLabJsonStringInMobileBuildVault(UserType userTy
         }
         final String accountPassword = getPassword(accountEntry.getKeyVaultEntry());
 
-        return new LabAccount.LabAccountBuilder()
+        final LabAccount account =  new LabAccount.LabAccountBuilder()
                 .username(accountEntry.getUpn())
                 .password(accountPassword)
                 .userType(userType)
                 .homeTenantId(accountEntry.getHomeTenantId())
                 .homeObjectId(accountEntry.getHomeObjectId())
+                .guestTenantId(accountEntry.getGuestTenantId())
+                .associatedClientId(accountEntry.getAssociatedClientId())
                 .azureEnvironment(accountEntry.getAzureEnvironment())
                 .cloudUrl(accountEntry.getCloudUrl())
                 .build();
 
+        setLatestLabAccount(account);
+
+        return account;
     }
 
     @Override

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabJsonStringAccountEntry.java

@@ -24,11 +24,20 @@
 package com.microsoft.identity.labapi.utilities.client;
 
 import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParseException;
 import com.google.gson.annotations.SerializedName;
 import com.google.gson.reflect.TypeToken;
 
 import java.io.Serializable;
+import java.lang.reflect.Field;
 import java.lang.reflect.Type;
+import java.util.HashMap;
+import java.util.Locale;
 import java.util.Map;
 
 import lombok.Getter;
@@ -48,6 +57,12 @@ public class LabJsonStringAccountEntry implements Serializable {
     @SerializedName("HomeTenantId")
     private String homeTenantId;
 
+    @SerializedName("GuestTenantId")
+    private String guestTenantId;
+
+    @SerializedName("AssociatedClientId")
+    private String associatedClientId;
+
     @SerializedName("KeyVaultEntry")
     private String keyVaultEntry;
 
@@ -64,8 +79,48 @@ public class LabJsonStringAccountEntry implements Serializable {
      * @return a map of key to LabJsonStringAccountEntry
      */
     public static Map<String, LabJsonStringAccountEntry> parseJsonToMap(String json) {
-        Gson gson = new Gson();
+        final Gson gson = new GsonBuilder()
+                .registerTypeAdapter(LabJsonStringAccountEntry.class, new CaseInsensitiveDeserializer())
+                .create();
         Type type = new TypeToken<Map<String, LabJsonStringAccountEntry>>(){}.getType();
         return gson.fromJson(json, type);
     }
+
+    /**
+     * Gson deserializer that matches JSON property names to {@link SerializedName} values
+     * in a case-insensitive manner, so {@code upn}, {@code Upn} and {@code UPN} are all
+     * treated as the same field.
+     */
+    private static class CaseInsensitiveDeserializer implements JsonDeserializer<LabJsonStringAccountEntry> {
+        @Override
+        public LabJsonStringAccountEntry deserialize(JsonElement json, Type typeOfT,
+                                                     JsonDeserializationContext context) throws JsonParseException {
+            final JsonObject src = json.getAsJsonObject();
+
+            // Build a lowercase-keyed view of the incoming JSON object.
+            final Map<String, JsonElement> lowerCased = new HashMap<>();
+            for (Map.Entry<String, JsonElement> e : src.entrySet()) {
+                lowerCased.put(e.getKey().toLowerCase(Locale.ROOT), e.getValue());
+            }
+
+            final LabJsonStringAccountEntry result = new LabJsonStringAccountEntry();
+            for (Field field : LabJsonStringAccountEntry.class.getDeclaredFields()) {
+                final SerializedName annotation = field.getAnnotation(SerializedName.class);
+                if (annotation == null) {
+                    continue;
+                }
+                final JsonElement value = lowerCased.get(annotation.value().toLowerCase(Locale.ROOT));
+                if (value == null || value.isJsonNull()) {
+                    continue;
+                }
+                try {
+                    field.setAccessible(true);
+                    field.set(result, context.deserialize(value, field.getGenericType()));
+                } catch (IllegalAccessException ex) {
+                    throw new JsonParseException("Failed to set field " + field.getName(), ex);
+                }
+            }
+            return result;
+        }
+    }
 }

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/LabConstants.java

@@ -26,25 +26,29 @@ public class LabConstants {
     private static final String NONE = "none";
 
     public static final String DEFAULT_LAB_CLIENT_ID = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
+    public static final String DEFAULT_ID4SLAB2_CLIENT_ID = "c6bb302a-1e38-408e-9754-87c18fe81c80";
     public static final String DEFAULT_LAB_SCOPE = "https://request.msidlab.com/.default";
     public static final String KEYVAULT_SCOPE = "https://vault.azure.net/.default";
     public static final String DEFAULT_LAB_CERT_ALIAS = "LabAuth.MSIDLab.com";
-    public static final String MSID_LAB3 = "https://login.microsoftonline.com/msidlab3.com";
-    public static final String MSID_LAB4 = "https://login.microsoftonline.com/msidlab4.com";
+    public static final String ID4SLAB2 = "https://login.microsoftonline.com/id4slab2.onmicrosoft.com";
+    public static final String ID4SLAB1 = "https://login.microsoftonline.com/id4slab1.onmicrosoft.com";
 
     // TODO, REMOVE LEGACY UserTypes WHEN WE REMOVE LAB QUERY USAGE
     static final class UserType {
         public static final String BASIC = "basic";
         public static final String MSA = "msa";
         public static final String MDM_CA = "mdm_ca";
         public static final String MAM_CA = "mam_ca";
+        public static final String MAM_ON_SPO = "mam_on_spo";
+        public static final String TP_CA = "tpca";
         public static final String TRUE_MAM_CA = "true_mam_ca";
         public static final String WP = "wp";
         public static final String FEDERATED = "federated";
         public static final String DEVICE_ADMIN = "device_admin";
         public static final String USGOV = "usgov";
         public static final String USGOV_GUEST = "usgov_guest";
         public static final String CHINA = "china";
+        public static final String CHINA_GUEST = "china_guest";
         public static final String QR_PIN = "qr_pin";
         public static final String TOKEN_BINDING = "token_binding";
         public static final String CBA = "cba";
@@ -87,6 +91,9 @@ static final class ProtectionPolicy {
         public static final String TRUE_MAM_CA = "truemamca";
         public static final String MAM_SPO = "mamspo";
         public static final String BLOCKED = "blocked";
+        public static final String GLOBAL_MFA = "globalmfa";
+        public static final String AUTHAPP_LBAC = "authapplbac";
+        public static final String AUTHAPP_RICH_CONTEXT = "authapprichcontext";
     }
 
     static final class HomeDomain {
@@ -176,6 +183,8 @@ static final class TempUserType {
         public static final String MFAONEXO = "MFAONEXO";
         public static final String MAMCA = "MAMCA";
         public static final String MDMCA = "MDMCA";
+        public static final String AUTHAPP_LBAC = "AuthappLBAC";
+        public static final String AUTHAPP_RICH_CONTEXT = "AuthappRichContext";
     }
 
     static final class TempUserPolicy {
@@ -184,6 +193,8 @@ static final class TempUserPolicy {
         public static final String MFAONEXO = TempUserType.MFAONEXO;
         public static final String MAMCA = TempUserType.MAMCA;
         public static final String MDMCA = TempUserType.MDMCA;
+        public static final String AUTHAPP_LBAC = TempUserType.AUTHAPP_LBAC;
+        public static final String AUTHAPP_RICH_CONTEXT = TempUserType.AUTHAPP_RICH_CONTEXT;
     }
 
     static final class ResetOperation {

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/ProtectionPolicy.java

@@ -27,12 +27,15 @@ public enum ProtectionPolicy {
     CA(LabConstants.ProtectionPolicy.CA),
     CADJ(LabConstants.ProtectionPolicy.CADJ),
     MAM(LabConstants.ProtectionPolicy.MAM),
+    GLOBAL_MFA(LabConstants.ProtectionPolicy.GLOBAL_MFA),
     MDM(LabConstants.ProtectionPolicy.MDM),
     MAM_CA(LabConstants.ProtectionPolicy.MAM_CA),
     MDM_CA(LabConstants.ProtectionPolicy.MDM_CA),
     TRUE_MAM_CA(LabConstants.ProtectionPolicy.TRUE_MAM_CA),
     MAM_SPO(LabConstants.ProtectionPolicy.MAM_SPO),
-    BLOCKED(LabConstants.ProtectionPolicy.BLOCKED);
+    BLOCKED(LabConstants.ProtectionPolicy.BLOCKED),
+    AUTHAPP_LBAC(LabConstants.ProtectionPolicy.AUTHAPP_LBAC),
+    AUTHAPP_RICH_CONTEXT(LabConstants.ProtectionPolicy.AUTHAPP_RICH_CONTEXT);
 
     final String value;
 

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/TempUserType.java

@@ -28,7 +28,9 @@ public enum TempUserType {
     MFA_ON_SPO(LabConstants.TempUserType.MFAONSPO),
     MFA_ON_EXO(LabConstants.TempUserType.MFAONEXO),
     MAM_CA(LabConstants.TempUserType.MAMCA),
-    MDM_CA(LabConstants.TempUserType.MDMCA);
+    MDM_CA(LabConstants.TempUserType.MDMCA),
+    AUTHAPP_LBAC(LabConstants.TempUserType.AUTHAPP_LBAC),
+    AUTHAPP_RICH_CONTEXT(LabConstants.TempUserType.AUTHAPP_RICH_CONTEXT);
 
     final String value;
 

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/constants/UserType.java

@@ -29,13 +29,15 @@ public enum UserType {
     MSA(LabConstants.UserType.MSA),
     MDM_CA(LabConstants.UserType.MDM_CA),
     MAM_CA(LabConstants.UserType.MAM_CA),
+    MAM_ON_SPO(LabConstants.UserType.MAM_ON_SPO),
     TRUE_MAM_CA(LabConstants.UserType.TRUE_MAM_CA),
     WP(LabConstants.UserType.WP),
     FEDERATED(LabConstants.UserType.FEDERATED),
     DEVICE_ADMIN(LabConstants.UserType.DEVICE_ADMIN),
     USGOV(LabConstants.UserType.USGOV),
     USGOV_GUEST(LabConstants.UserType.USGOV_GUEST),
     CHINA(LabConstants.UserType.CHINA),
+    CHINA_GUEST(LabConstants.UserType.CHINA_GUEST),
     QR_PIN(LabConstants.UserType.QR_PIN),
     TOKEN_BINDING(LabConstants.UserType.TOKEN_BINDING),
     CBA(LabConstants.UserType.CBA),
@@ -51,9 +53,9 @@ public enum UserType {
     DUNA_MFA_2(LabConstants.UserType.DUNA_MFA_2),
     CLOUD(LabConstants.UserType.CLOUD),
     B2C(LabConstants.UserType.B2C),
+    CIAM(LabConstants.UserType.CIAM),
     GUEST(LabConstants.UserType.GUEST),
-    ONPREM(LabConstants.UserType.ONPREM),
-    CIAM(LabConstants.UserType.CIAM);
+    ONPREM(LabConstants.UserType.ONPREM);
 
     final String value;
 

LabApiUtilities/src/test/com/microsoft/identity/labapi/utilities/authentication/PublicAuthClientRopcTest.java

@@ -28,7 +28,6 @@
 import com.microsoft.identity.labapi.utilities.authentication.msal4j.Msal4jAuthClient;
 import com.microsoft.identity.labapi.utilities.client.ILabAccount;
 import com.microsoft.identity.labapi.utilities.client.LabClient;
-import com.microsoft.identity.labapi.utilities.client.LabQuery;
 import com.microsoft.identity.labapi.utilities.constants.UserType;
 import com.microsoft.identity.labapi.utilities.exception.LabApiException;
 import com.microsoft.identity.labapi.utilities.jwt.IJWTParser;
@@ -80,11 +79,7 @@ public void canGetTokenUsingRopcWithAdal4j() throws LabApiException {
     }
 
     private IAuthenticationResult performTestWithAuthClient(@NonNull final IPublicAuthClient publicAuthClient) throws LabApiException {
-        final LabQuery query = LabQuery.builder()
-                .userType(UserType.CLOUD)
-                .build();
-
-        final ILabAccount labAccount = labClient.getLabAccount(query);
+        final ILabAccount labAccount = labClient.getAccountFromLabJsonStringInMobileBuildVault(UserType.BASIC);
 
         final TokenParameters.TokenParametersBuilder tokenParametersBuilder = TokenParameters.builder()
                 .clientId(labAccount.getAssociatedClientId());