Skip to content

Migrate OBO tests from old lab to ID4SLAB1#6021

Merged
RyAuld merged 7 commits into
mainfrom
ryauld/migrate-obo-tests-to-lab1
Jun 22, 2026
Merged

Migrate OBO tests from old lab to ID4SLAB1#6021
RyAuld merged 7 commits into
mainfrom
ryauld/migrate-obo-tests-to-lab1

Conversation

@RyAuld

@RyAuld RyAuld commented May 21, 2026

Copy link
Copy Markdown
Contributor

Summary

Migrates OBO integration tests from the old lab tenant app (23c64cd8) to the new ID4SLAB1 apps.

Changes

  • Switch OBO confidential client from client secret to LabAuth cert (msidlabs vault)
  • Replace old OBO app with new AppOBOService (MSAL-APP-TodoListService-JSON) in ID4SLAB1
  • Add \KeyVaultSecrets.AppOBOService\ constant
  • Enable SN+I (sendX5C) for regional endpoint test
  • Remove commented-out old app ID references
  • Remove unused \AppOBOClient\ constant per review feedback
  • Clarify \AppWebApi\ doc comment to distinguish from \AppOBOService\

Infrastructure (already done)

  • Created \MSAL-APP-TodoListService-JSON\ secret in id4skeyvault
  • Created \MSAL-APP-TodoListClient-JSON\ secret in id4skeyvault
  • Granted admin consent for AppS2S (54a2d933) to access_as_user scope on TodoListService (8837cde9)

Test Results

All 14 OBO tests pass locally (2 skipped by environment attribute).

- Switch OBO confidential client from client secret to LabAuth cert (msidlabs vault)
- Replace AppWebApi with new AppOBOService (MSAL-APP-TodoListService) in ID4SLAB1
- Add KeyVaultSecrets.AppOBOService and AppOBOClient constants
- Enable SN+I (sendX5C) for regional endpoint test
- Remove commented-out old app ID references

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 21, 2026 17:52

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR migrates On-Behalf-Of (OBO) integration tests from the legacy lab tenant/app configuration to the newer ID4SLAB1 app registrations, including moving the confidential client auth for the OBO middle-tier from client secret to the LabAuth certificate.

Changes:

  • Update OBO integration tests to use KeyVaultSecrets.AppOBOService instead of the legacy AppWebApi configuration.
  • Switch OBO confidential client authentication from client secret to LabAuth certificate retrieved from the MSIDLab Key Vault.
  • Add new lab Key Vault secret-name constants (AppOBOService, AppOBOClient, and additional app constants) and update the public API baseline accordingly.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfTests.cs Migrates OBO test app config to ID4SLAB1 and updates confidential client auth to use LabAuth certificate (plus sendX5C for regional case).
tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LongRunningOnBehalfOfTests.cs Migrates long-running OBO tests to ID4SLAB1 app config and switches confidential client auth to LabAuth certificate.
src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs Introduces new Key Vault secret-name constants for ID4SLAB1 OBO apps and related test apps.
src/client/Microsoft.Identity.Lab.Api/PublicAPI.Unshipped.txt Updates public API baseline for newly added KeyVaultSecrets constants.

@RyAuld RyAuld marked this pull request as ready for review May 21, 2026 22:58
@RyAuld RyAuld requested a review from a team as a code owner May 21, 2026 22:58
Addresses Copilot review feedback: _keyVault (MsalTeam instance) is no
longer referenced after switching to _keyVaultMsidLab for LabAuth cert.
Removing to avoid CS0169 warning with TreatWarningsAsErrors.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 21, 2026 23:20
@RyAuld RyAuld force-pushed the ryauld/migrate-obo-tests-to-lab1 branch from e782591 to 69656d5 Compare May 21, 2026 23:20

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

Comment thread src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs Outdated
Comment thread src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs Outdated
Comment thread src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs

@bgavrilMS bgavrilMS left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Too many apps. But otherwise the changes look good.

@bgavrilMS

Copy link
Copy Markdown
Member

@Avery-Dunn pls review this.

RyAuld and others added 2 commits May 27, 2026 09:25
The regional test already uses AppOBOService (TodoListService) via
BuildCcaAsync, making these dedicated region app constants dead code.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 27, 2026 17:24

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

@RyAuld RyAuld requested a review from bgavrilMS May 27, 2026 19:28
Comment thread src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs
…pOBOClient

- Resolve conflict in PublicAPI.Unshipped.txt
- Remove AppOBOClient constant (not used by any tests)
- Clarify AppWebApi doc comment to distinguish from AppOBOService

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 5, 2026 18:14
This was referenced Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants