diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs
index 2b0d08af25..b954bef968 100644
--- a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs
+++ b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs
@@ -96,8 +96,6 @@ public AcquireTokenForClientParameterBuilder WithSendX5C(bool withSendX5C)
/// The current instance of to enable method chaining.
public AcquireTokenForClientParameterBuilder WithMtlsProofOfPossession()
{
- ValidateUseOfExperimentalFeature();
-
if (ServiceBundle.Config.ClientCredential is not CertificateClientCredential certificateCredential)
{
throw new MsalClientException(
diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs
index 80cc1c97f8..6ef75ad9e5 100644
--- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs
+++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs
@@ -40,7 +40,6 @@ public async Task Sni_Gets_Pop_Token_Successfully_TestAsync()
.WithAuthority("https://login.microsoftonline.com/bea21ebe-8b64-4d06-9f6d-6a889b120a7c")
.WithAzureRegion("westus3") //test slice region
.WithCertificate(cert, true)
- .WithExperimentalFeatures()
.WithTestLogging()
.Build();
diff --git a/tests/Microsoft.Identity.Test.Unit/ExceptionTests/ExperimentalFeatureTests.cs b/tests/Microsoft.Identity.Test.Unit/ExceptionTests/ExperimentalFeatureTests.cs
index 5ad4b1a385..c6603d7ee8 100644
--- a/tests/Microsoft.Identity.Test.Unit/ExceptionTests/ExperimentalFeatureTests.cs
+++ b/tests/Microsoft.Identity.Test.Unit/ExceptionTests/ExperimentalFeatureTests.cs
@@ -5,10 +5,12 @@
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
+using System.Net.Http;
using System.Reflection;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Identity.Client;
+using Microsoft.Identity.Client.AppConfig;
using Microsoft.Identity.Test.Common.Core.Helpers;
using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -22,12 +24,16 @@ public class ExperimentalFeatureTests
[TestMethod]
public async Task ExperimentalFeatureExceptionAsync()
{
+ PoPAuthenticationConfiguration popConfig = new PoPAuthenticationConfiguration(new Uri("https://www.contoso.com/path1/path2?queryParam1=a&queryParam2=b"));
+ popConfig.HttpMethod = HttpMethod.Get;
+
IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder
.Create(Guid.NewGuid().ToString())
.WithCertificate(CertHelper.GetOrCreateTestCert()).Build();
MsalClientException ex = await AssertException.TaskThrowsAsync(
- () => cca.AcquireTokenForClient(s_scopes).WithMtlsProofOfPossession().ExecuteAsync())
+ () => cca.AcquireTokenForClient(s_scopes)
+ .WithSignedHttpRequestProofOfPossession(popConfig).ExecuteAsync())
.ConfigureAwait(false);
Assert.AreEqual(MsalError.ExperimentalFeature, ex.ErrorCode);
diff --git a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs
index d4dba3501e..c27255b2c0 100644
--- a/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs
+++ b/tests/Microsoft.Identity.Test.Unit/ManagedIdentityTests/ManagedIdentityTests.cs
@@ -369,7 +369,6 @@ public async Task ManagedIdentityWithClaimsTestAsync(
SetEnvironmentVariables(managedIdentitySource, endpoint);
var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned)
- .WithExperimentalFeatures(true)
.WithHttpManager(httpManager);
// Disabling shared cache options to avoid cross test pollution.
@@ -811,7 +810,6 @@ public async Task ManagedIdentityInvalidRefreshOnThrowsAsync()
SetEnvironmentVariables(ManagedIdentitySource.AppService, AppServiceEndpoint);
var miBuilder = ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager);
// Disabling shared cache options to avoid cross test pollution.
diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs
index 7ed05927a0..50543fef1d 100644
--- a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs
+++ b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs
@@ -55,7 +55,6 @@ public async Task MtlsPop_AadAuthorityWithoutCertificateAsync()
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority("https://login.microsoftonline.com/123456-1234-2345-1234561234")
- .WithExperimentalFeatures()
.Build();
MsalClientException ex = await AssertException.TaskThrowsAsync(() =>
@@ -74,7 +73,6 @@ public async Task MtlsPopWithoutCertificateAsync()
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithClientSecret(TestConstants.ClientSecret)
- .WithExperimentalFeatures()
.Build();
// Set WithMtlsProofOfPossession on the request without a certificate
@@ -98,7 +96,6 @@ public async Task MtlsPopWithoutCertificateWithClientClaimsAsync()
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithClientClaims(s_testCertificate, ipAddress)
- .WithExperimentalFeatures()
.Build();
// Expecting an exception because MTLS PoP requires a certificate to sign the claims
@@ -117,7 +114,6 @@ public async Task MtlsPopWithoutCertificateWithClientAssertionAsync()
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithClientAssertion(() => { return TestConstants.DefaultClientAssertion; })
- .WithExperimentalFeatures()
.Build();
// Expecting an exception because MTLS PoP requires a certificate to sign the claims
@@ -146,7 +142,6 @@ public async Task MtlsPop_WithoutRegion_ThrowsException(bool setAzureRegion)
.WithCertificate(s_testCertificate)
// Setting Azure region to ConfidentialClientApplicationBuilder.DisableForceRegion overrides the AzureRegion to null.
.WithAzureRegion(ConfidentialClientApplicationBuilder.DisableForceRegion)
- .WithExperimentalFeatures()
.Build();
}
else
@@ -155,7 +150,6 @@ public async Task MtlsPop_WithoutRegion_ThrowsException(bool setAzureRegion)
.Create(TestConstants.ClientId)
.WithAuthority(TestConstants.AuthorityTenant)
.WithCertificate(s_testCertificate)
- .WithExperimentalFeatures()
.Build();
}
@@ -177,7 +171,6 @@ public async Task MtlsPop_WithUnsupportedNonTenantedAuthorityAsync_ThrowsExcepti
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithCertificate(s_testCertificate)
- .WithExperimentalFeatures()
.Build();
// Set WithMtlsProofOfPossession on the request without specifying an authority
@@ -220,7 +213,7 @@ private static string ComputeExpectedKeyId(X509Certificate2 certificate)
public void GetTokenRequestParams_ExpectedValues()
{
var scheme = new MtlsPopAuthenticationOperation(s_testCertificate);
- System.Collections.Generic.IReadOnlyDictionary parameters = scheme.GetTokenRequestParams();
+ IReadOnlyDictionary parameters = scheme.GetTokenRequestParams();
Assert.AreEqual(Constants.MtlsPoPTokenType, parameters[OAuth2Parameter.TokenType]);
}
@@ -248,7 +241,6 @@ public async Task AcquireTokenForClient_WithMtlsProofOfPossession_SuccessAsync()
.WithCertificate(s_testCertificate)
.WithAuthority($"https://login.microsoftonline.com/123456-1234-2345-1234561234")
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
@@ -308,7 +300,6 @@ public async Task AcquireMtlsPopTokenForClientWithTenantId_SuccessAsync()
.WithCertificate(s_testCertificate)
.WithTenantId("123456-1234-2345-1234561234")
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
@@ -355,7 +346,6 @@ public async Task MtlsPop_KnownRegionAsync()
.WithAuthority(authorityUrl)
.WithAzureRegion(region)
.WithHttpManager(httpManager)
- .WithExperimentalFeatures()
.BuildConcrete();
AuthenticationResult result = await app.AcquireTokenForClient(TestConstants.s_scope)
@@ -388,7 +378,6 @@ public async Task MtlsPop_RegionalTokenCacheInterchangeabilityAsync()
.WithAzureRegion(region)
.WithAuthority(authority)
.WithHttpManager(httpManager)
- .WithExperimentalFeatures()
.BuildConcrete();
IConfidentialClientApplication regionalApp2 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
@@ -396,7 +385,6 @@ public async Task MtlsPop_RegionalTokenCacheInterchangeabilityAsync()
.WithAzureRegion(region)
.WithAuthority(authority)
.WithHttpManager(httpManager)
- .WithExperimentalFeatures()
.BuildConcrete();
var memoryTokenCache = new InMemoryTokenCache();
@@ -443,7 +431,6 @@ public async Task MtlsPop_ThrowsExceptionWhenRegionAutoDetectFailsAsync()
.WithCertificate(s_testCertificate)
.WithAuthority("https://login.microsoftonline.com/123456-1234-2345-1234561234")
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
@@ -471,7 +458,6 @@ public async Task MtlsPop_NonAadAuthorityAsync(string authorityUrl, string autho
.Create(TestConstants.ClientId)
.WithCertificate(s_testCertificate)
.WithAuthority(authorityUrl)
- .WithExperimentalFeatures()
.Build();
// Set WithMtlsProofOfPossession on the request with a non-AAD authority
@@ -510,7 +496,6 @@ public async Task MtlsPop_WithUnsupportedNonTenantedAuthorityAsync_ThrowsExcepti
.WithCertificate(s_testCertificate)
.WithAuthority($"{authorityUrl}/{nonTenantValue}")
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
@@ -567,7 +552,6 @@ public async Task MtlsPop_ValidateExpectedUrlAsync()
.WithHttpManager(harness.HttpManager)
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
.WithCertificate(s_testCertificate)
- .WithExperimentalFeatures(true)
.Build();
// Act
@@ -615,7 +599,6 @@ public async Task PublicAndSovereignCloud_UsesPreferredNetwork_AndNoDiscovery_As
.WithHttpManager(harness.HttpManager)
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
.WithCertificate(s_testCertificate)
- .WithExperimentalFeatures(true)
.Build();
AuthenticationResult result = await app
@@ -678,7 +661,6 @@ public async Task AcquireTokenForClient_WithMtlsPop_NonStandardCloudAsync()
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
.WithCertificate(s_testCertificate)
.WithInstanceDiscovery(false)
- .WithExperimentalFeatures(true)
.Build();
AuthenticationResult result = await app
@@ -727,7 +709,6 @@ public async Task AcquireTokenForClient_WithMtlsPop_Dsts_SuccessAsync()
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithCertificate(s_testCertificate)
.WithAuthority(authorityUrl)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
@@ -763,7 +744,6 @@ public async Task MtlsPop_WithUnsupportedNonTenantedAuthorityAsyncForDsts_Throws
.Create(TestConstants.ClientId)
.WithAuthority(authorityUrl)
.WithCertificate(s_testCertificate)
- .WithExperimentalFeatures()
.Build();
// Set WithMtlsProofOfPossession on the request specifying an authority
@@ -793,7 +773,6 @@ public async Task BindingCertificate_PopulatedForMtlsPop_AndNullForBearerAsync()
.WithCertificate(s_testCertificate)
.WithAuthority("https://login.microsoftonline.com/123456-1234-2345-1234561234")
.WithAzureRegion(ConfidentialClientApplication.AttemptRegionDiscovery)
- .WithExperimentalFeatures()
.WithHttpManager(httpManager)
.BuildConcrete();
diff --git a/tests/devapps/NetCoreTestApp/Program.cs b/tests/devapps/NetCoreTestApp/Program.cs
index cad25f06d4..f9d312fad3 100644
--- a/tests/devapps/NetCoreTestApp/Program.cs
+++ b/tests/devapps/NetCoreTestApp/Program.cs
@@ -437,9 +437,6 @@ private static IConfidentialClientApplication CreateCcaForMtlsPop(string region)
ccaBuilder = ccaBuilder.WithCertificate(s_confidentialClientCertificate, true);
- //Add Experimental feature for MTLS PoP
- ccaBuilder = ccaBuilder.WithExperimentalFeatures();
-
IConfidentialClientApplication ccapp = ccaBuilder.Build();
// Optionally set cache settings or other configurations if needed