[v5] Remove usage of ID Labs API in msal-node tests#8319
Open
Avery-Dunn wants to merge 6 commits intodevfrom
Open
[v5] Remove usage of ID Labs API in msal-node tests#8319Avery-Dunn wants to merge 6 commits intodevfrom
Avery-Dunn wants to merge 6 commits intodevfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the msal-node sample E2E/integration tests to stop using the deprecated https://msidlab.com/api/ (via LabClient) and instead pull lab user/app configuration from Azure Key Vault via new helpers in samples/e2eTestUtils.
Changes:
- Added Key Vault-backed configuration helpers (
LabResponseHelper,KeyVaultSecretsProvider,KeyVaultSecrets,LabUser,AppConfig/UserConfig) toe2eTestUtils. - Updated msal-node sample integration tests to use
LabResponseHelper.getLabUser(...),getAppConfig(...), andLabUser.getPassword()instead ofLabClient+setupCredentials. - Updated client-credentials tests to use certificate-based auth material loaded via the new helpers.
Reviewed changes
Copilot reviewed 26 out of 27 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| samples/msal-node-samples/silent-flow/test/silent-flow-b2c-local.spec.ts | Switches B2C local silent-flow test to Key Vault lab user retrieval. |
| samples/msal-node-samples/silent-flow/test/silent-flow-b2c-aad.spec.ts | Switches B2C(AAD) silent-flow test to Key Vault lab user retrieval. |
| samples/msal-node-samples/silent-flow/test/silent-flow-adfs.spec.ts | Switches ADFS silent-flow test to Key Vault lab user retrieval. |
| samples/msal-node-samples/silent-flow/test/silent-flow-aad.spec.ts | Switches AAD silent-flow test to Key Vault lab user retrieval. |
| samples/msal-node-samples/silent-flow/test/silent-flow-aad-agc-public.spec.ts | Switches AGC public-cloud silent-flow test to Key Vault user/app config. |
| samples/msal-node-samples/silent-flow/test/silent-flow-aad-agc-confidential.spec.ts | Switches AGC confidential silent-flow test to Key Vault user/app config + secret retrieval. |
| samples/msal-node-samples/on-behalf-of/test/obo-aad.spec.ts | Switches OBO test to Key Vault lab user retrieval. |
| samples/msal-node-samples/device-code/test/device-code-adfs.spec.ts | Switches ADFS device-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/device-code/test/device-code-aad.spec.ts | Switches AAD device-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/device-code/test/device-code-aad-agc.spec.ts | Switches AGC device-code test to Key Vault user/app config. |
| samples/msal-node-samples/client-credentials/test/client-credentials-aad.spec.ts | Switches client-credentials test to Key Vault app config + certificate material helper. |
| samples/msal-node-samples/b2c-user-flows/test/user-flows-local.spec.ts | Switches B2C user-flows test to Key Vault user + secret retrieval. |
| samples/msal-node-samples/auth-code/test/auth-code-b2c-local.spec.ts | Switches B2C local auth-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/auth-code/test/auth-code-b2c-aad.spec.ts | Switches B2C(AAD) auth-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/auth-code/test/auth-code-adfs.spec.ts | Switches ADFS auth-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/auth-code/test/auth-code-aad.spec.ts | Switches AAD auth-code test to Key Vault lab user retrieval. |
| samples/msal-node-samples/auth-code/test/auth-code-aad-agc-public.spec.ts | Switches AGC public auth-code test to Key Vault user/app config. |
| samples/msal-node-samples/auth-code/test/auth-code-aad-agc-confidential.spec.ts | Switches AGC confidential auth-code test to Key Vault user/app config + secret retrieval. |
| samples/msal-node-samples/auth-code-cli-app/test/auth-code-cli.spec.ts | Switches auth-code CLI test to Key Vault lab user retrieval. |
| samples/msal-node-samples/ElectronSystemBrowserTestApp/tests/electron-code-aad.spec.ts | Switches Electron system-browser test to Key Vault lab user retrieval. |
| samples/e2eTestUtils/src/index.ts | Re-exports new Key Vault config helpers/types from the e2e utils package. |
| samples/e2eTestUtils/src/UserConfig.ts | Adds UserConfig and LabUser (password fetch + caching). |
| samples/e2eTestUtils/src/LabResponseHelper.ts | Adds cached Key Vault retrieval/parsing for user/app configs and secrets. |
| samples/e2eTestUtils/src/KeyVaultSecretsProvider.ts | Adds certificate-based Key Vault access + lab credential extraction/cache. |
| samples/e2eTestUtils/src/KeyVaultSecrets.ts | Adds strongly-typed Key Vault secret name constants. |
| samples/e2eTestUtils/src/AppConfig.ts | Adds AppConfig type for app configuration stored in Key Vault secrets. |
samples/msal-node-samples/silent-flow/test/silent-flow-aad-agc-public.spec.ts
Show resolved
Hide resolved
samples/msal-node-samples/silent-flow/test/silent-flow-aad-agc-confidential.spec.ts
Show resolved
Hide resolved
samples/msal-node-samples/client-credentials/test/client-credentials-aad.spec.ts
Show resolved
Hide resolved
Avery-Dunn
changed the title
RyAuld
previously approved these changes
Feb 20, 2026
…tication-library-for-js into avdunn/node-test-refactor
tnorling
reviewed
Feb 20, 2026
| const envResponse = await labClient.getVarsByCloudEnvironment( | ||
| labApiParms | ||
| ); | ||
| [username, accountPwd] = await setupCredentials( |
Collaborator
There was a problem hiding this comment.
Why didn't we just update the underlying implementation of this function? Wouldn't that have resulted in fewer changes?
tnorling
reviewed
Feb 20, 2026
| LabCertificateCredential, | ||
| } from "e2e-test-utils"; | ||
| import { ConfidentialClientApplication } from "@azure/msal-node"; | ||
| import config from "../config/AAD.json"; |
Collaborator
There was a problem hiding this comment.
What's going on here? This looks unrelated?
tnorling
reviewed
Feb 20, 2026
|
|
||
| // Load scenario configuration | ||
| const config = require("../config/AAD-AGC.json"); | ||
| config.authOptions = { |
Collaborator
There was a problem hiding this comment.
Same question here, why is this changing?
Contributor
|
Reminder: This PR appears to be stale. If this PR is still a work in progress please mark as draft. |
microsoft-github-policy-service
bot
added
the
Needs: Attention 👋
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR makes similar changes to what is being done in other MSALs:
AzureAD/microsoft-authentication-library-for-java#1002
AzureAD/microsoft-authentication-library-for-dotnet#5631
AzureAD/microsoft-authentication-library-for-go#593
AzureAD/microsoft-authentication-library-for-python#870
Historically, integration tests in MSAL and MISE retrieved user/app/tenant/etc. info from our API at "https://msidlab.com/api/"
That API is being deprecated in favor of a key vault-based system: instead of dynamic config based on query parameters, we have a simpler set of config stored as key vault secrets.
This PR refactors the integration tests to retrieve the config they need from those key vaults instead of the API, and makes the following changes:
e2eTestUtils: A few new helper classes were added to the existing utility module, existing behavior was not changedLabClientwas adjusted to use the new helpersTest coverage and core behavior of the tests was not changed: they simply retrieve the config they need from a different set of helpers.