AzureAD
diff --git a/‎msal4j-sdk/src/integrationtest/java/com/microsoft/aad/msal4j/AgenticIT.java‎
Lines changed: 33 additions & 44 deletions b/‎msal4j-sdk/src/integrationtest/java/com/microsoft/aad/msal4j/AgenticIT.java‎
Lines changed: 33 additions & 44 deletions
@@ -28,9 +28,9 @@
  *
  * <p>Test configuration:
  * <ul>
- *   <li>RMA app: {@link #RMA_CLIENT_ID}</li>
- *   <li>Agent app: {@link #AGENT_APP_ID}</li>
- *   <li>Tenant: {@link #TENANT_ID}</li>
+ *   <li>RMA app: see {@link TestConstants#AGENTIC_RMA_CLIENT_ID}</li>
+ *   <li>Agent app: see {@link TestConstants#AGENTIC_AGENT_APP_ID}</li>
+ *   <li>Tenant: see {@link TestConstants#AGENTIC_TENANT_ID}</li>
  * </ul>
  *
  * <p>Flows tested:
@@ -44,18 +44,7 @@
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 class AgenticIT {
 
-    // Lab test configuration
-    private static final String BLUEPRINT_CLIENT_ID = "aab5089d-e764-47e3-9f28-cc11c2513821";
-    private static final String RMA_CLIENT_ID = "3bf56293-fbb5-42bd-a407-248ba7431a8c";
-    private static final String TENANT_ID = "10c419d4-4a50-45b2-aa4e-919fb84df24f";
-    private static final String AGENT_APP_ID = "ab18ca07-d139-4840-8b3b-4be9610c6ed5";
-    private static final String USER_UPN = "agentuser1@id4slab1.onmicrosoft.com";
-    private static final String TOKEN_EXCHANGE_SCOPE = "api://AzureADTokenExchange/.default";
-    private static final String FMI_EXCHANGE_SCOPE = "api://AzureFMITokenExchange/.default";
-    private static final String GRAPH_SCOPE = "https://graph.microsoft.com/.default";
-    private static final String AZURE_REGION = "westus3";
-
-    private static final String AUTHORITY = "https://login.microsoftonline.com/" + TENANT_ID + "/";
+    private static final String AUTHORITY = "https://login.microsoftonline.com/" + TestConstants.AGENTIC_TENANT_ID + "/";
 
     private PrivateKey privateKey;
     private X509Certificate certificate;
@@ -88,20 +77,20 @@ void agentGetsAppToken_UsingFmiAssertion() throws Exception {
         // it calls the blueprint app to get an FMI credential for the agent
         Function<AssertionRequestOptions, String> assertionProvider = options -> {
             try {
-                return acquireFmiCredentialForAgent(AGENT_APP_ID);
+                return acquireFmiCredentialForAgent(TestConstants.AGENTIC_AGENT_APP_ID);
             } catch (Exception e) {
                 throw new RuntimeException("Failed to acquire FMI credential", e);
             }
         };
 
         IClientCredential credential = ClientCredentialFactory.createFromCallback(assertionProvider);
 
-        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(AGENT_APP_ID, credential)
+        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(TestConstants.AGENTIC_AGENT_APP_ID, credential)
                 .authority(AUTHORITY)
                 .build();
 
         IAuthenticationResult result = agentCca.acquireToken(ClientCredentialParameters
-                        .builder(Collections.singleton(GRAPH_SCOPE))
+                        .builder(Collections.singleton(TestConstants.AGENTIC_GRAPH_SCOPE))
                         .build())
                 .get();
 
@@ -135,20 +124,20 @@ void assertionCallback_ReceivesFmiPathContext() throws Exception {
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                         "urn:microsoft:identity:fmi", credential)
                 .authority(AUTHORITY)
-                .azureRegion(AZURE_REGION)
+                .azureRegion(TestConstants.AGENTIC_AZURE_REGION)
                 .build();
 
         ClientCredentialParameters params = ClientCredentialParameters
-                .builder(Collections.singleton(FMI_EXCHANGE_SCOPE))
-                .fmiPath(AGENT_APP_ID)
+                .builder(Collections.singleton(TestConstants.AGENTIC_FMI_EXCHANGE_SCOPE))
+                .fmiPath(TestConstants.AGENTIC_AGENT_APP_ID)
                 .skipCache(true)
                 .build();
 
         IAuthenticationResult result = cca.acquireToken(params).get();
 
         // Verify assertion callback received the correct context
         assertNotNull(capturedOptions.get(), "AssertionRequestOptions should have been passed to callback");
-        assertEquals(AGENT_APP_ID, capturedOptions.get().clientAssertionFmiPath(),
+        assertEquals(TestConstants.AGENTIC_AGENT_APP_ID, capturedOptions.get().clientAssertionFmiPath(),
                 "clientAssertionFmiPath in callback should match the one set in parameters");
         assertEquals("urn:microsoft:identity:fmi", capturedOptions.get().clientId(),
                 "clientId in callback should match the CCA client ID");
@@ -178,19 +167,19 @@ void agentFmiToken_CacheIsolation_DifferentFmiPaths() throws Exception {
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                         "urn:microsoft:identity:fmi", credential)
                 .authority(AUTHORITY)
-                .azureRegion(AZURE_REGION)
+                .azureRegion(TestConstants.AGENTIC_AZURE_REGION)
                 .build();
 
         // Acquire with first fmi_path
         ClientCredentialParameters params1 = ClientCredentialParameters
-                .builder(Collections.singleton(FMI_EXCHANGE_SCOPE))
-                .fmiPath(AGENT_APP_ID)
+                .builder(Collections.singleton(TestConstants.AGENTIC_FMI_EXCHANGE_SCOPE))
+                .fmiPath(TestConstants.AGENTIC_AGENT_APP_ID)
                 .build();
         IAuthenticationResult result1 = cca.acquireToken(params1).get();
 
         // Acquire with different fmi_path
         ClientCredentialParameters params2 = ClientCredentialParameters
-                .builder(Collections.singleton(FMI_EXCHANGE_SCOPE))
+                .builder(Collections.singleton(TestConstants.AGENTIC_FMI_EXCHANGE_SCOPE))
                 .fmiPath("SomeFmiPath/DifferentAgent")
                 .build();
         IAuthenticationResult result2 = cca.acquireToken(params2).get();
@@ -212,15 +201,15 @@ void agentUserIdentity_GetsTokenForGraph() throws Exception {
         // Build agent CCA with assertion callback that acquires FMI credential
         Function<AssertionRequestOptions, String> assertionProvider = options -> {
             try {
-                return acquireFmiCredentialForAgent(AGENT_APP_ID);
+                return acquireFmiCredentialForAgent(TestConstants.AGENTIC_AGENT_APP_ID);
             } catch (Exception e) {
                 throw new RuntimeException("Failed to acquire FMI credential", e);
             }
         };
 
         IClientCredential credential = ClientCredentialFactory.createFromCallback(assertionProvider);
 
-        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(AGENT_APP_ID, credential)
+        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(TestConstants.AGENTIC_AGENT_APP_ID, credential)
                 .authority(AUTHORITY)
                 .build();
 
@@ -229,7 +218,7 @@ void agentUserIdentity_GetsTokenForGraph() throws Exception {
 
         // Exchange T2 for user-scoped token via user_fic grant
         UserFederatedIdentityCredentialParameters params = UserFederatedIdentityCredentialParameters
-                .builder(Collections.singleton(GRAPH_SCOPE), USER_UPN, t2)
+                .builder(Collections.singleton(TestConstants.AGENTIC_GRAPH_SCOPE), TestConstants.AGENTIC_USER_UPN, t2)
                 .build();
 
         IAuthenticationResult result = agentCca.acquireToken(params).get();
@@ -245,7 +234,7 @@ void agentUserIdentity_GetsTokenForGraph() throws Exception {
 
         IAccount account = accounts.iterator().next();
         IAuthenticationResult silentResult = agentCca.acquireTokenSilently(
-                SilentParameters.builder(Collections.singleton(GRAPH_SCOPE), account).build()).get();
+                SilentParameters.builder(Collections.singleton(TestConstants.AGENTIC_GRAPH_SCOPE), account).build()).get();
 
         assertEquals(result.accessToken(), silentResult.accessToken(),
                 "Silent call should return cached token");
@@ -260,29 +249,29 @@ void agentUserIdentity_GetsTokenForGraph() throws Exception {
     void agentCca_AppAndUserTokens_CacheIsolation() throws Exception {
         Function<AssertionRequestOptions, String> assertionProvider = options -> {
             try {
-                return acquireFmiCredentialForAgent(AGENT_APP_ID);
+                return acquireFmiCredentialForAgent(TestConstants.AGENTIC_AGENT_APP_ID);
             } catch (Exception e) {
                 throw new RuntimeException("Failed to acquire FMI credential", e);
             }
         };
 
         IClientCredential credential = ClientCredentialFactory.createFromCallback(assertionProvider);
 
-        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(AGENT_APP_ID, credential)
+        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(TestConstants.AGENTIC_AGENT_APP_ID, credential)
                 .authority(AUTHORITY)
                 .build();
 
         // Acquire app-only token
         IAuthenticationResult appResult = agentCca.acquireToken(ClientCredentialParameters
-                        .builder(Collections.singleton(GRAPH_SCOPE))
+                        .builder(Collections.singleton(TestConstants.AGENTIC_GRAPH_SCOPE))
                         .build())
                 .get();
         assertNotNull(appResult.accessToken());
 
         // Acquire user token via user_fic (needs T2 = instance token)
         String t2 = acquireInstanceTokenForAgent();
         UserFederatedIdentityCredentialParameters userParams = UserFederatedIdentityCredentialParameters
-                .builder(Collections.singleton(GRAPH_SCOPE), USER_UPN, t2)
+                .builder(Collections.singleton(TestConstants.AGENTIC_GRAPH_SCOPE), TestConstants.AGENTIC_USER_UPN, t2)
                 .build();
 
         IAuthenticationResult userResult = agentCca.acquireToken(userParams).get();
@@ -300,21 +289,21 @@ void agentCca_AppAndUserTokens_CacheIsolation() throws Exception {
 
     /**
      * Helper: acquires an FMI credential from the RMA (Resource Management Application).
-     * Uses FMI_EXCHANGE_SCOPE, matching FmiIT's Flow3 pattern.
+     * Uses TestConstants.AGENTIC_FMI_EXCHANGE_SCOPE, matching FmiIT's Flow3 pattern.
      * Suitable for use as client_assertion when client_id = "urn:microsoft:identity:fmi".
      */
     private String acquireFmiCredentialFromRma() throws Exception {
         IClientCertificate clientCert = ClientCredentialFactory.createFromCertificate(privateKey, certificate);
 
         ConfidentialClientApplication rmaCca = ConfidentialClientApplication.builder(
-                        RMA_CLIENT_ID, clientCert)
+                        TestConstants.AGENTIC_RMA_CLIENT_ID, clientCert)
                 .authority(AUTHORITY)
                 .sendX5c(true)
-                .azureRegion(AZURE_REGION)
+                .azureRegion(TestConstants.AGENTIC_AZURE_REGION)
                 .build();
 
         ClientCredentialParameters params = ClientCredentialParameters
-                .builder(Collections.singleton(FMI_EXCHANGE_SCOPE))
+                .builder(Collections.singleton(TestConstants.AGENTIC_FMI_EXCHANGE_SCOPE))
                 .fmiPath("SomeFmiPath/FmiCredentialPath")
                 .build();
 
@@ -330,14 +319,14 @@ private String acquireFmiCredentialForAgent(String agentAppId) throws Exception
         IClientCertificate clientCert = ClientCredentialFactory.createFromCertificate(privateKey, certificate);
 
         ConfidentialClientApplication blueprintCca = ConfidentialClientApplication.builder(
-                        BLUEPRINT_CLIENT_ID, clientCert)
+                        TestConstants.AGENTIC_BLUEPRINT_CLIENT_ID, clientCert)
                 .authority(AUTHORITY)
                 .sendX5c(true)
-                .azureRegion(AZURE_REGION)
+                .azureRegion(TestConstants.AGENTIC_AZURE_REGION)
                 .build();
 
         ClientCredentialParameters params = ClientCredentialParameters
-                .builder(Collections.singleton(TOKEN_EXCHANGE_SCOPE))
+                .builder(Collections.singleton(TestConstants.AGENTIC_TOKEN_EXCHANGE_SCOPE))
                 .fmiPath(agentAppId)
                 .build();
 
@@ -352,16 +341,16 @@ private String acquireFmiCredentialForAgent(String agentAppId) throws Exception
      * T2 is used as the user_federated_identity_credential in Leg 3 (user_fic exchange).
      */
     private String acquireInstanceTokenForAgent() throws Exception {
-        String t1 = acquireFmiCredentialForAgent(AGENT_APP_ID);
+        String t1 = acquireFmiCredentialForAgent(TestConstants.AGENTIC_AGENT_APP_ID);
 
         IClientCredential agentCredential = ClientCredentialFactory.createFromClientAssertion(t1);
 
-        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(AGENT_APP_ID, agentCredential)
+        ConfidentialClientApplication agentCca = ConfidentialClientApplication.builder(TestConstants.AGENTIC_AGENT_APP_ID, agentCredential)
                 .authority(AUTHORITY)
                 .build();
 
         ClientCredentialParameters instanceParams = ClientCredentialParameters
-                .builder(Collections.singleton(TOKEN_EXCHANGE_SCOPE))
+                .builder(Collections.singleton(TestConstants.AGENTIC_TOKEN_EXCHANGE_SCOPE))
                 .skipCache(true)
                 .build();