Skip to content

Commit 54c602e

Browse files
gladjohnCopilotCopilot
authored
Remove experimental feature gate from WithClientAssertion(ClientSignedAssertion) overload (#5945)
* Remove ValidateUseOfExperimentalFeature gate from WithClientAssertion(ClientSignedAssertion) Remove the runtime experimental feature check from the WithClientAssertion(Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>>) overload in ConfidentialClientApplicationBuilder. This makes the ClientSignedAssertion-based assertion provider API always available without requiring .WithExperimentalFeatures(true). Updated unit and integration tests to remove the now-unnecessary .WithExperimentalFeatures(true) calls for tests that only needed it for this overload. Tests using other experimental features (e.g., WithFmiPathForClientAssertion) retain the flag. Fixes #5944 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Revert CHANGELOG.md and restore WithExperimentalFeatures for FmiPath test - Revert CHANGELOG.md to match main (not part of this PR) - Restore .WithExperimentalFeatures(true) in FmiPathClientAssertion_ClientSignedAssertionProvider_PreflightPassesFmiPathAsync since WithFmiPathForClientAssertion is still experimental Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
1 parent c593a70 commit 54c602e

4 files changed

Lines changed: 0 additions & 22 deletions

File tree

src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -339,8 +339,6 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRe
339339
throw new ArgumentNullException(nameof(clientSignedAssertionProvider));
340340
}
341341

342-
ValidateUseOfExperimentalFeature();
343-
344342
return WithClientAssertionInternal(
345343
clientSignedAssertionProvider: clientSignedAssertionProvider);
346344
}

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,6 @@ public async Task Sni_AssertionFlow_Uses_JwtPop_And_Succeeds_TestAsync()
181181
Guid expectedCorrelationId = Guid.NewGuid();
182182

183183
IConfidentialClientApplication assertionApp = ConfidentialClientApplicationBuilder.Create(MsiAllowListedAppIdforSNI)
184-
.WithExperimentalFeatures()
185184
.WithAuthority("https://login.microsoftonline.com/bea21ebe-8b64-4d06-9f6d-6a889b120a7c")
186185
.WithAzureRegion("westus3")
187186
.WithClientAssertion((AssertionRequestOptions options, CancellationToken ct) =>
@@ -281,7 +280,6 @@ public async Task Sni_AssertionFlow_Uses_JwtPop_And_Acquires_Bearer_Token_TestAs
281280
bool sawClientAssertionTypeParam = false;
282281

283282
IConfidentialClientApplication assertionApp = ConfidentialClientApplicationBuilder.Create(MsiAllowListedAppIdforSNI)
284-
.WithExperimentalFeatures()
285283
.WithAuthority("https://login.microsoftonline.com/bea21ebe-8b64-4d06-9f6d-6a889b120a7c")
286284
.WithAzureRegion("westus3")
287285
.WithClientAssertion((AssertionRequestOptions options, CancellationToken ct) =>

tests/Microsoft.Identity.Test.Unit/PublicApiTests/ClientAssertionTests.cs

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -349,7 +349,6 @@ public async Task ClientAssertion_BearerAsync()
349349

350350
var handler = http.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
351351
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
352-
.WithExperimentalFeatures(true)
353352
.WithClientSecret(TestConstants.ClientSecret)
354353
.WithHttpManager(http)
355354
.WithClientAssertion(BearerDelegate())
@@ -392,7 +391,6 @@ public async Task WithMtlsPop_AfterPoPDelegate_Works()
392391
var cert = CertHelper.GetOrCreateTestCert();
393392

394393
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
395-
.WithExperimentalFeatures(true)
396394
.WithClientAssertion(PopDelegate())
397395
.WithAuthority($"https://login.microsoftonline.com/123456-1234-2345-1234561234")
398396
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
@@ -442,7 +440,6 @@ public async Task ClientAssertion_ReceivesClientCapabilitiesAsync()
442440

443441
bool checkedCaps = false;
444442
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
445-
.WithExperimentalFeatures(true)
446443
.WithClientSecret(TestConstants.ClientSecret)
447444
.WithClientCapabilities(TestConstants.s_clientCapabilities)
448445
.WithHttpManager(http)
@@ -471,7 +468,6 @@ public async Task ClientAssertion_ReceivesClientCapabilitiesAsync()
471468
public async Task ClientAssertion_EmptyJwt_ThrowsAsync()
472469
{
473470
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
474-
.WithExperimentalFeatures(true)
475471
.WithClientSecret(TestConstants.ClientSecret)
476472
.WithClientAssertion((o, c) =>
477473
Task.FromResult(new ClientSignedAssertion { Assertion = string.Empty }))
@@ -511,7 +507,6 @@ public async Task ClientAssertion_CancellationTokenPropagatesAsync()
511507
using var cts = new CancellationTokenSource();
512508

513509
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
514-
.WithExperimentalFeatures(true)
515510
.WithClientSecret(TestConstants.ClientSecret)
516511
.WithClientAssertion((o, ct) =>
517512
{
@@ -549,7 +544,6 @@ public async Task BearerClientAssertion_WithPoPDelegate_Works()
549544
var cert = CertHelper.GetOrCreateTestCert();
550545

551546
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
552-
.WithExperimentalFeatures(true)
553547
.WithClientAssertion(PopDelegate())
554548
.WithAuthority($"https://login.microsoftonline.com/123456-1234-2345-1234561234")
555549
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
@@ -621,7 +615,6 @@ public async Task PoP_CachedTokenWithDifferentCertificate_IsBypassedAsync()
621615

622616
// ─────────── Build the app ───────────
623617
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
624-
.WithExperimentalFeatures(true)
625618
.WithClientSecret(TestConstants.ClientSecret)
626619
.WithClientAssertion(popDelegate)
627620
.WithAuthority($"https://login.microsoftonline.com/123456-1234-2345-1234561234")
@@ -654,7 +647,6 @@ public async Task PoP_CachedTokenWithDifferentCertificate_IsBypassedAsync()
654647
public async Task WithMtlsPop_AfterBearerDelegate_Throws()
655648
{
656649
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
657-
.WithExperimentalFeatures(true)
658650
.WithClientSecret(TestConstants.ClientSecret)
659651
.WithClientAssertion(BearerDelegate())
660652
.BuildConcrete();
@@ -678,7 +670,6 @@ public async Task ClientAssertion_NotCalledWhenTokenFromCacheAsync()
678670
http.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); // first call => network
679671

680672
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
681-
.WithExperimentalFeatures(true)
682673
.WithClientSecret(TestConstants.ClientSecret)
683674
.WithHttpManager(http)
684675
.WithClientAssertion((o, c) =>
@@ -711,7 +702,6 @@ public async Task WithMtlsPop_AfterPoPDelegate_NoRegion_UsesGlobalEndpointAsync(
711702
tokenType: "mtls_pop");
712703

713704
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
714-
.WithExperimentalFeatures(true)
715705
.WithAuthority(TestConstants.AadAuthorityWithMsftTenantId)
716706
.WithClientAssertion(PopDelegate())
717707
.WithHttpManager(http)
@@ -774,7 +764,6 @@ public async Task BearerClientAssertion_WithPoPDelegate_CanReturnDifferentPairsA
774764
};
775765

776766
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
777-
.WithExperimentalFeatures(true)
778767
.WithClientAssertion(provider)
779768
.WithAuthority($"https://login.microsoftonline.com/{tenantId}")
780769
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
@@ -818,7 +807,6 @@ public async Task WithMtlsAssertion_NoRegion_UsesGlobalEndpointAsync()
818807
http.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
819808

820809
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
821-
.WithExperimentalFeatures(true)
822810
.WithAuthority(TestConstants.AadAuthorityWithMsftTenantId)
823811
.WithClientAssertion(PopDelegate())
824812
.WithHttpManager(http)
@@ -864,7 +852,6 @@ public async Task BearerOverMtls_CertChangesAcrossRequests_DoesNotBypassCache_As
864852
});
865853

866854
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
867-
.WithExperimentalFeatures(true)
868855
.WithClientSecret(TestConstants.ClientSecret)
869856
.WithClientAssertion(provider)
870857
.WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}"), validateAuthority: false)
@@ -926,7 +913,6 @@ public async Task PopRequest_DoesNotReuseCachedBearerOverMtlsToken_Async()
926913
});
927914

928915
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
929-
.WithExperimentalFeatures(true)
930916
.WithClientSecret(TestConstants.ClientSecret)
931917
.WithClientAssertion(provider)
932918
.WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}"), validateAuthority: false)
@@ -964,7 +950,6 @@ public void ClientAssertion_CredentialTypesAndCapabilities_AreCorrect()
964950
{
965951
// Old overloads (returning string) should NOT be cert-capable and should NOT implement IClientSignedAssertionProvider
966952
var app1 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
967-
.WithExperimentalFeatures(true)
968953
.WithClientSecret(TestConstants.ClientSecret)
969954
.WithClientAssertion((AssertionRequestOptions o) => Task.FromResult("jwt"))
970955
.BuildConcrete();
@@ -979,7 +964,6 @@ public void ClientAssertion_CredentialTypesAndCapabilities_AreCorrect()
979964

980965
// New overload (returning ClientSignedAssertion) SHOULD be cert-capable and implement IClientSignedAssertionProvider
981966
var app2 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
982-
.WithExperimentalFeatures(true)
983967
.WithClientSecret(TestConstants.ClientSecret)
984968
.WithClientAssertion((AssertionRequestOptions o, CancellationToken ct) =>
985969
Task.FromResult(new ClientSignedAssertion { Assertion = "jwt", TokenBindingCertificate = null }))
@@ -1093,7 +1077,6 @@ public async Task CorrelationId_FlowsToSignedAssertionCallback_WithUserProvidedI
10931077

10941078
var app = ConfidentialClientApplicationBuilder
10951079
.Create(TestConstants.ClientId)
1096-
.WithExperimentalFeatures(true)
10971080
.WithHttpManager(httpManager)
10981081
.WithClientAssertion((AssertionRequestOptions opts, CancellationToken ct) =>
10991082
{

tests/Microsoft.Identity.Test.Unit/PublicApiTests/ConfidentialClientApplicationTests.cs

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -899,7 +899,6 @@ public async Task AcquireTokenForClient_EmptyAssertion_ThrowsArgumentExceptionAs
899899
{
900900
// Build a CCA whose assertion‑delegate returns NO JWT (error case)
901901
var cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
902-
.WithExperimentalFeatures(true)
903902
.WithClientSecret(TestConstants.ClientSecret)
904903
.WithClientAssertion(
905904
(opts, ct) => Task.FromResult(new ClientSignedAssertion

0 commit comments

Comments
 (0)