Fix two issues with dSTS authority, one when using WithTenantId, and …

…adding dSTS as a supported tenant override. Add a test

src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs

@@ -274,11 +274,23 @@ public T WithTenantId(string tenantId)
                     MsalErrorMessage.TenantOverrideNonAad);
             }
 
-            AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority;
-            string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true);
-            var newAuthorityInfo = AuthorityInfo.FromAadAuthority(
-                tenantedAuthority,
-                ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);
+            AuthorityInfo newAuthorityInfo;
+            if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType == AuthorityType.Dsts)
+            {
+                DstsAuthority dSTSAuthority = (DstsAuthority)ServiceBundle.Config.Authority;
+                string tenantedAuthority = dSTSAuthority.GetTenantedAuthority(tenantId, true);
+                newAuthorityInfo = AuthorityInfo.FromDstsAuthority(
+                    tenantedAuthority,
+                    ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);
+            }
+            else
+            {
+                AadAuthority aadAuthority = (AadAuthority)ServiceBundle.Config.Authority;
+                string tenantedAuthority = aadAuthority.GetTenantedAuthority(tenantId, true);
+                newAuthorityInfo = AuthorityInfo.FromAadAuthority(
+                    tenantedAuthority,
+                    ServiceBundle.Config.Authority.AuthorityInfo.ValidateAuthority);
+            }
 
             CommonParameters.AuthorityOverride = newAuthorityInfo;
 

src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs

@@ -138,7 +138,7 @@ private AuthorityInfo(
 
         internal bool IsUserAssertionSupported => AuthorityType != AuthorityType.Adfs && AuthorityType != AuthorityType.B2C;
 
-        internal bool IsTenantOverrideSupported => AuthorityType == AuthorityType.Aad;
+        internal bool IsTenantOverrideSupported => AuthorityType == AuthorityType.Aad || AuthorityType == AuthorityType.Dsts;
         internal bool IsMultiTenantSupported => AuthorityType != AuthorityType.Adfs;
         internal bool IsClientInfoSupported => AuthorityType == AuthorityType.Aad || AuthorityType == AuthorityType.Dsts || AuthorityType == AuthorityType.B2C;
 
@@ -238,6 +238,11 @@ internal static AuthorityInfo FromAdfsAuthority(string authorityUri, bool valida
             return new AuthorityInfo(AuthorityType.Adfs, authorityUri, validateAuthority);
         }
 
+        internal static AuthorityInfo FromDstsAuthority(string authorityUri, bool validateAuthority)
+        {
+            return new AuthorityInfo(AuthorityType.Dsts, authorityUri, validateAuthority);
+        }
+
         internal static AuthorityInfo FromB2CAuthority(string authorityUri)
         {
             return new AuthorityInfo(AuthorityType.B2C, authorityUri, false);

tests/Microsoft.Identity.Test.Common/TestConstants.cs

@@ -104,7 +104,7 @@ public static HashSet<string> s_scope
         public const string ADFSAuthority2 = "https://someAdfs.com/adfs/";
 
         public const string DstsAuthorityTenantless = "https://some.url.dsts.core.azure-test.net/dstsv2/";
-        public const string DstsAuthorityTenanted = "https://some.url.dsts.core.azure-test.net/dstsv2/" + TenantIdString;
+        public const string DstsAuthorityTenanted = "https://some.url.dsts.core.azure-test.net/dstsv2/" + TenantId;
         public const string DstsAuthorityCommon = "https://some.url.dsts.core.azure-test.net/dstsv2/" + Common;
 
         public const string B2CLoginGlobal = ".b2clogin.com";

tests/Microsoft.Identity.Test.Common/TestData.cs

@@ -37,7 +37,7 @@ public static IEnumerable<object[]> GetAuthorityWithExpectedTenantId()
             yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AuthorityTestTenant), ExpectedTenantId = TestConstants.Utid }.ToObjectArray();
             yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AadAuthorityWithTestTenantId), ExpectedTenantId = TestConstants.AadTenantId }.ToObjectArray();
             yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.AuthorityWindowsNet), ExpectedTenantId = TestConstants.Utid }.ToObjectArray();
-            yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.DstsAuthorityTenanted), ExpectedTenantId = TestConstants.TenantIdString }.ToObjectArray();
+            yield return new AuthorityWithExpectedTenantId { Authority = new Uri(TestConstants.DstsAuthorityTenanted), ExpectedTenantId = TestConstants.TenantId }.ToObjectArray();
         }
     }
 }

tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs

@@ -11,7 +11,6 @@
 using Microsoft.Identity.Test.Common.Core.Helpers;
 using Microsoft.Identity.Test.Common.Core.Mocks;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
-using NSubstitute.ReceivedExtensions;
 
 namespace Microsoft.Identity.Test.Unit.ApiConfigTests
 {
@@ -78,6 +77,25 @@ public void WithTenantIdExceptions()
             Assert.AreEqual(ex2.ErrorCode, MsalError.TenantOverrideNonAad);
         }
 
+        [TestMethod]
+        public void DstsAuthority_WithTenantId_Success()
+        {
+            var app = ConfidentialClientApplicationBuilder
+                .Create(TestConstants.ClientId)
+                .WithAuthority(TestConstants.DstsAuthorityTenanted)
+                .WithClientSecret("secret")
+                .Build();
+
+            var parameterBuilder = app.AcquireTokenByAuthorizationCode(TestConstants.s_scope, "code")
+                    .WithTenantId(TestConstants.TenantId);
+
+            // Verify Host still matches the original Authority
+            Assert.AreEqual(new Uri(TestConstants.DstsAuthorityTenanted).Host, parameterBuilder.CommonParameters.AuthorityOverride.Host);
+
+            // Verify the Tenant Id matches
+            Assert.AreEqual(TestConstants.TenantId, AuthorityHelpers.GetTenantId(parameterBuilder.CommonParameters.AuthorityOverride.CanonicalAuthority));
+        }
+
         [DataTestMethod]
         [DynamicData(nameof(TestData.GetAuthorityWithExpectedTenantId), typeof(TestData), DynamicDataSourceType.Method)]
         public void WithTenantId_Success(Uri authorityValue, string tenantId)

tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs

@@ -118,10 +118,9 @@ public void Validate_MinNumberOfSegments()
 
         [TestMethod]
         public void CreateAuthorityFromTenantedWithTenantTest()
-        {
-
+        {            
             Authority authority = AuthorityTestHelper.CreateAuthorityFromUrl(TestConstants.DstsAuthorityTenanted);
-            Assert.AreEqual("tenantid", authority.TenantId);
+            Assert.AreEqual(TestConstants.TenantId, authority.TenantId);
 
             string updatedAuthority = authority.GetTenantedAuthority("tenant2");            
 

tests/Microsoft.Identity.Test.Unit/PublicApiTests/TenantIdTests.cs

@@ -38,7 +38,7 @@ public void TestInitialize()
         [DataRow(TestConstants.B2CLoginAuthorityMoonCake, TestConstants.SomeTenantId, DisplayName = "B2C MoonCake Tenant Id")]
         [DataRow(TestConstants.AuthoritySovereignCNTenant, TestConstants.TenantId, DisplayName = "Sovereign Tenant Id")]
         [DataRow(TestConstants.AuthoritySovereignDETenant, TestConstants.TenantId, DisplayName = "Sovereign Tenant Id")]
-        [DataRow(TestConstants.DstsAuthorityTenanted, "tenantid", DisplayName = "DSTS Tenant Id")]
+        [DataRow(TestConstants.DstsAuthorityTenanted, TestConstants.TenantId, DisplayName = "DSTS Tenant Id")]
         [DataRow(TestConstants.DstsAuthorityCommon, TestConstants.Common, DisplayName = "DSTS Common Tenant Id")]
         public void ParseTest_Success(string authorityUrl, string expectedTenantId)
         {