@@ -48,7 +48,6 @@ void fmiPath_IncludedInTokenRequestBody() throws Exception {
4848 ClientCredentialParameters parameters = ClientCredentialParameters
4949 .builder (Collections .singleton ("api://AzureADTokenExchange/.default" ))
5050 .fmiPath ("agentAppId123" )
51- .skipCache (true )
5251 .build ();
5352
5453 // Act
@@ -81,7 +80,6 @@ void fmiPath_NotIncludedWhenNull() throws Exception {
8180
8281 ClientCredentialParameters parameters = ClientCredentialParameters
8382 .builder (Collections .singleton ("scopes" ))
84- .skipCache (true )
8583 .build ();
8684
8785 // Act
@@ -264,7 +262,6 @@ void assertionContext_FmiPathPassedToContextAwareCallback() throws Exception {
264262 ClientCredentialParameters params = ClientCredentialParameters
265263 .builder (Collections .singleton ("api://AzureADTokenExchange/.default" ))
266264 .fmiPath ("agentAppId456" )
267- .skipCache (true )
268265 .build ();
269266
270267 // Act
@@ -304,7 +301,6 @@ void assertionContext_NullFmiPathWhenNotSet() throws Exception {
304301
305302 ClientCredentialParameters params = ClientCredentialParameters
306303 .builder (Collections .singleton ("scopes" ))
307- .skipCache (true )
308304 .build ();
309305
310306 // Act
@@ -337,7 +333,6 @@ void assertionContext_LegacyCallableStillWorks() throws Exception {
337333 ClientCredentialParameters params = ClientCredentialParameters
338334 .builder (Collections .singleton ("scopes" ))
339335 .fmiPath ("agentApp" )
340- .skipCache (true )
341336 .build ();
342337
343338 // Act — should not throw, even with fmiPath set (legacy callback ignores context)
@@ -404,25 +399,14 @@ void fmiPath_CacheKeyFormat_MatchesCrossSDKFormat() throws Exception {
404399
405400 cca .acquireToken (params ).get ();
406401
407- // Verify the cache key structure
402+ // Verify the full cache key matches the expected cross-SDK format:
403+ // "{homeAccountId}-{env}-{credType}-{clientId}-{tenantId}-{scopes}-{hash}" (all lowercased)
408404 assertEquals (1 , cca .tokenCache .accessTokens .size ());
409405 String cacheKey = cca .tokenCache .accessTokens .keySet ().iterator ().next ();
410406
411- // Verify key uses "atext" credential type
412- assertTrue (cacheKey .contains ("-atext-" ),
413- "Cache key should contain 'atext' credential type, got: " + cacheKey );
414- // Verify key contains the clientId and tenantId
415- assertTrue (cacheKey .contains ("3bf56293-fbb5-42bd-a407-248ba7431a8c" ),
416- "Cache key should contain client ID" );
417- assertTrue (cacheKey .contains ("10c419d4-4a50-45b2-aa4e-919fb84df24f" ),
418- "Cache key should contain tenant ID" );
419- // Verify key ends with the lowercased hash of the fmi_path
420- String expectedHashLower = "zm2n0E62zwTsnNsozptLsoOoB_C7i-GfpxHYQQINJUw" .toLowerCase ();
421- assertTrue (cacheKey .endsWith (expectedHashLower ),
422- "Cache key should end with the fmi_path hash, got: " + cacheKey );
423- // Verify scope is in the key
424- assertTrue (cacheKey .contains ("api://azurefmitokenexchange/.default" ),
425- "Cache key should contain the requested scope (lowercased)" );
407+ String expectedKey = "-login.windows.net-atext-3bf56293-fbb5-42bd-a407-248ba7431a8c-10c419d4-4a50-45b2-aa4e-919fb84df24f-openid profile offline_access api://azurefmitokenexchange/.default-"
408+ + "zm2n0E62zwTsnNsozptLsoOoB_C7i-GfpxHYQQINJUw" .toLowerCase ();
409+ assertEquals (expectedKey , cacheKey , "Full cache key should match cross-SDK format" );
426410 }
427411
428412 @ Test
@@ -468,11 +452,12 @@ void fmiPath_NoFmiPath_CacheKeyUsesAccessTokenCredentialType() throws Exception
468452
469453 cca .acquireToken (params ).get ();
470454
455+ // Verify the full cache key uses "accesstoken" (no ext_cache_key_hash appended)
471456 assertEquals (1 , cca .tokenCache .accessTokens .size ());
472457 String cacheKey = cca .tokenCache .accessTokens .keySet ().iterator ().next ();
473- assertTrue ( cacheKey . contains ( "-accesstoken-" ),
474- "Cache key without fmi_path should use ' accesstoken' credential type, got: " + cacheKey ) ;
475- assertFalse ( cacheKey . contains ( "-atext-" ) ,
476- "Cache key without fmi_path should NOT use 'atext ' credential type" );
458+
459+ String expectedKey = "-login.windows.net- accesstoken-clientid-tenant-openid profile offline_access scope"
460+ assertEquals ( expectedKey , cacheKey ,
461+ "Cache key without fmi_path should use 'accesstoken ' credential type and no hash suffix " );
477462 }
478463}
0 commit comments