[Region] Redesign regional

[bgavrilMS]

Work remaining:

• emit telemetry
• refactor the existing unit tests
• refactor the existing integration tests
• more testing

An important improvement can also be made:

• we now attempt region discovery every single time, i.e. for each request and once region discovery is done once, it is cached (even if it failed). So there is an oportunity to block all but one requsets from making region discovery, instead of letting them all go for it.

[jmprieur]

LGTM, thanks @bgavrilMS
I've proposed a few suggestions

[bgavrilMS]

Actual discovery logic was just copied, no review required.

[pmaytak]

Some comments. (Disregard my previous accidental approval).

[henrik-me]

lgtm as well. mostly wondering about the tests as those didn't pass (I would also have assumed a few updates to tests would be needed).

[bgavrilMS]

@henrik-me - because I'm adding new tests as I have full understanding of the feature. There were a few missed scenarios, and I am logging bugs for them.

I also refactored the existing logic a bit to decouple a few things....

[henrik-me]

Like the refactorings for sure. Before signing off, would like to see the tests. Assuming someone is helping to also do manual verification.

---

In reply to: 808589600 [](ancestors = 808589600)

[pmaytak]

Pushed 2 commits.

• Partially refactored RegionalAuthIntegrationTests but still needs more work.
• Refactored RegionalTestApp and added test cases.

Tested with the app on my PC and also on a VM. Everything worked except the invalid user-provided region.

• If a user passes in an invalid region (ex. invalidregion), then the token request will be send to https://invalidregion.login.microsoft.com...
  • STS returns 401 Unauthorized. AADSTS700023: Client assertion audience claim does not match Realm issuer.
• Also a minor thing, but we seem to be checking for auto-discovery twice (probably fine).

[Region discovery] Auto-discovery already ran and found centralus.
[Region discovery] Returning user provided region: westus.
Resolving authority endpoints... Already resolved? - FALSE
[Region discovery] Auto-discovery already ran and found centralus.
[Region discovery] Returning user provided region: westus.

[henrik-me]

[henrik-me]

If invalidregion is passed in, it's expected that we go to the above authority. The authority exists (it will point to global for now).
Wondering why we have the autodicovery code running more than once, also it returns westus, but you passed in invalidregion, right?

---

In reply to: 808673645 [](ancestors = 808673645)

[bgavrilMS]

@henrik-me - the "auto-discovery" code runs more than once because we "resolve the authority" many times during an auth request. It's not a great design, but seemed too much to refactor now.

Note that the auto-discovery does all the work the first time, but afteerwards reads from the cached static var.

[bgavrilMS]

That's a good test @pmaytak ! I expect a log message like [Region discovery] Auto-discovery already ran and found {s_autoDiscoveredRegion}. to be printed a few times.

I think it's also automated here:

microsoft-authentication-library-for-dotnet/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ClientCredentialWithRegionTests.cs

Line 256 in d17db23

public async Task UserRegionAsync()