diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index aabab068..4dfaa38a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -21,7 +21,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
@@ -29,7 +29,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/README.md b/README.md
index b442bd58..102b4dac 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 `main` branch    | `dev` branch    | Reference Docs
 --------------------|-----------------|---------------
-[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/msal4j)
+[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [MSAL Java reference](https://learn.microsoft.com/en-us/java/api/com.microsoft.aad.msal4j?view=msal-java-latest)
 
 The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
 
@@ -16,11 +16,11 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.13.2
+Current version - 1.13.8
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
-You can get the msal4j package through Maven or Gradle.
+You can get the com.microsoft.aad.msal4j package through Maven or Gradle.
 
 ### Maven
 Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/msal4j).
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.13.2</version>
+    <version>1.13.8</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.2'
+implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.8'
 ```
 
 ## Usage
diff --git a/.gitignore b/msal4j-brokers/.gitignore
similarity index 96%
rename from .gitignore
rename to msal4j-brokers/.gitignore
index aab120e4..8a97050b 100644
--- a/.gitignore
+++ b/msal4j-brokers/.gitignore
@@ -20,7 +20,7 @@
 *.rar
 
 # Intellij
-.idea/
+../.idea/
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
diff --git a/msal4j-brokers/README.md b/msal4j-brokers/README.md
new file mode 100644
index 00000000..b3db7afc
--- /dev/null
+++ b/msal4j-brokers/README.md
@@ -0,0 +1,15 @@
+#Microsoft Authentication Library Brokers
+### Maven
+Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/msal4j-brokers).
+```xml
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j-brokers</artifactId>
+    <version>0.0.1</version>
+</dependency>
+```
+### Gradle
+
+```gradle
+implementation group: 'com.microsoft.azure', name: 'msal4j-brokers', version: '0.0.1'
+```
\ No newline at end of file
diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml
new file mode 100644
index 00000000..060d756e
--- /dev/null
+++ b/msal4j-brokers/pom.xml
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j-brokers</artifactId>
+    <version>0.0.1</version>
+    <packaging>jar</packaging>
+    <name>msal4j-brokers</name>
+    <description>
+        Microsoft Authentication Library for Java - Brokers helps you integrate with the broker
+        on windows machine to secure Access tokens and refresh tokens.
+    </description>
+    <url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+    <licenses>
+        <license>
+            <name>MIT License</name>
+        </license>
+    </licenses>
+    <inceptionYear>2022</inceptionYear>
+    <scm>
+        <url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+    </scm>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <!-- https://mvnrepository.com/artifact/com.microsoft.azure/msal4j -->
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>msal4j</artifactId>
+            <version>1.13.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.6</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+    <!-- force https -->
+    <repositories>
+        <repository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </pluginRepository>
+    </pluginRepositories>
+    <build>
+        <sourceDirectory>${project.build.directory}/delombok</sourceDirectory>
+        <plugins>
+            <plugin>
+                <groupId>org.projectlombok</groupId>
+                <artifactId>lombok-maven-plugin</artifactId>
+                <version>1.18.2.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>delombok</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <sourceDirectory>src/main/java</sourceDirectory>
+                    <outputDirectory>${project.build.directory}/delombok</outputDirectory>
+                    <addOutputDirectory>false</addOutputDirectory>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.10</version>
+                <configuration>
+                    <argLine>-noverify</argLine>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>3.1.0</version>
+                <configuration>
+                    <sourcepath>${project.build.directory}/delombok</sourcepath>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2.1</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.7.0</version>
+                <configuration>
+                    <source>8</source>
+                    <target>8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
\ No newline at end of file
diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java
new file mode 100644
index 00000000..598b83ac
--- /dev/null
+++ b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java
@@ -0,0 +1,31 @@
+package com.microsoft.aad.msal4jbrokers;
+
+import com.microsoft.aad.msal4j.*;
+import lombok.extern.slf4j.Slf4j;
+
+import java.util.concurrent.CompletableFuture;
+
+@Slf4j
+public class MSALRuntimeBroker implements IBroker {
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) {
+        log.debug("Should not call this API if msal runtime init failed");
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public CompletableFuture removeAccount(IAccount account) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+}
diff --git a/msal4j-sdk/.gitignore b/msal4j-sdk/.gitignore
new file mode 100644
index 00000000..8a97050b
--- /dev/null
+++ b/msal4j-sdk/.gitignore
@@ -0,0 +1,29 @@
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# Intellij
+../.idea/
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# Lombok
+target/*
\ No newline at end of file
diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md
new file mode 100644
index 00000000..e1f75061
--- /dev/null
+++ b/msal4j-sdk/README.md
@@ -0,0 +1,80 @@
+# Microsoft Authentication Library (MSAL) for Java
+
+`main` branch    | `dev` branch    | Reference Docs
+--------------------|-----------------|---------------
+[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/com.microsoft.aad.msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/com.microsoft.aad.msal4j)
+
+The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
+
+Quick links:
+
+| [Getting Started](https://docs.microsoft.com/en-us/azure/active-directory/develop/web-app-quickstart?pivots=devlang-java) | [Home](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) | [Samples](https://github.com/Azure-Samples/ms-identity-msal-java-samples) | [Support](README.md#community-help-and-support) | [Feedback](https://forms.office.com/r/6AhHwQp3pe)
+| --- | --- | --- | --- | --- |
+
+## Install
+
+The library supports the following Java environments:
+- Java 8 (or higher)
+
+Current version - 1.13.8
+
+You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
+
+You can get the com.microsoft.aad.msal4j package through Maven or Gradle.
+
+### Maven
+Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/com.microsoft.aad.msal4j).
+```xml
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j</artifactId>
+    <version>1.13.8</version>
+</dependency>
+```
+### Gradle
+
+```gradle
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.8'
+```
+
+## Usage
+
+MSAL4J supports multiple [application types and authentication scenarios](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+
+Refer the [Wiki](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) pages for more details on the usage of MSAL Java and the supported scenarios.
+
+## Migrating from ADAL
+If your application is using ADAL for Java (ADAL4J), we recommend you to update to use MSAL4J. No new feature work will be done in ADAL4J.
+
+See the [ADAL to MSAL migration](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Migrate-to-MSAL-Java) guide.
+
+## Roadmap
+
+You can follow the latest updates and plans for MSAL Java in the [Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki#roadmap) published on our Wiki.
+
+## Contribution
+
+This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
+
+## Samples and Documentation
+
+We provide a [full suite of sample applications](https://aka.ms/aaddevsamplesv2) and [documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/) to help you get started with learning the Microsoft identity platform.
+
+## Community Help and Support
+
+We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.
+
+We recommend you use the "msal" tag so we can see it! Here is the latest Q&A on Stack Overflow for MSAL: [http://stackoverflow.com/questions/tagged/msal](http://stackoverflow.com/questions/tagged/msal)
+
+## Submit Feedback
+We'd like your thoughts on this library. Please complete [this short survey.](https://forms.office.com/r/6AhHwQp3pe)
+
+## Security Reporting
+
+If you find a security issue with our libraries or services please report it to [secure@microsoft.com](mailto:secure@microsoft.com) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/security/dd252948) and subscribing to Security Advisory Alerts.
+
+## We Value and Adhere to the Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd
new file mode 100644
index 00000000..d7cdd81e
--- /dev/null
+++ b/msal4j-sdk/bnd.bnd
@@ -0,0 +1,2 @@
+Export-Package: com.microsoft.aad.msal4j;version="1.13.8"
+Automatic-Module-Name: com.microsoft.aad.msal4j
diff --git a/changelog.txt b/msal4j-sdk/changelog.txt
similarity index 84%
rename from changelog.txt
rename to msal4j-sdk/changelog.txt
index ce01e93e..647918fd 100644
--- a/changelog.txt
+++ b/msal4j-sdk/changelog.txt
@@ -1,3 +1,45 @@
+Version 1.13.8
+=============
+- Added support for CIAM authority
+- Added refresh_in logic for managed identity flow
+- Better exception handling in interactive flow
+- Updated vulnerable dependency versions
+
+Version 1.13.7
+=============
+- Update json-smart library version to a secured one.
+
+Version 1.13.6
+=============
+- Added ExtraQueryParameters API.
+- added tests for a CIAM user.
+- updated condition to throw exception only for an invalid authority while performing instance discovery.
+
+Version 1.13.5
+=============
+- fixed url for admin consent.
+- added 2s timeout to IMDS endpoint call.
+- fixed url for regional endpoint calls.
+- added support for current and legacy B2c authority formats.
+
+Version 1.13.4
+=============
+- regional endpoint updates
+- fixed manifest
+- Expose instance discovery flag to perform instance discovery.
+
+Version 1.13.3
+=============
+- Update jackson-databind version to be in compatible with Azure-SDKs
+
+Version 1.13.2
+=============
+- Add IBroker interface
+- Update AppTokenProvider callback logging to be consistent with Azure SDK logging
+- Restructure library and add broker module
+- Update version of vulnerable libraries
+- Update README for broken links
+
 Version 1.13.1
 =============
 - Bug fixes and improvements for region API
diff --git a/contributing.md b/msal4j-sdk/contributing.md
similarity index 100%
rename from contributing.md
rename to msal4j-sdk/contributing.md
diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml
new file mode 100644
index 00000000..6ae70964
--- /dev/null
+++ b/msal4j-sdk/pom.xml
@@ -0,0 +1,291 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>com.microsoft.azure</groupId>
+	<artifactId>msal4j</artifactId>
+	<version>1.13.8</version>
+	<packaging>jar</packaging>
+	<name>msal4j</name>
+	<description>
+    Microsoft Authentication Library for Java gives you the ability to obtain tokens from Azure AD v2 (work and school
+		accounts, MSA) and Azure AD B2C, gaining access to Microsoft Cloud API and any other API secured by Microsoft
+		identities
+  </description>
+	<url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+	<developers>
+		<developer>
+			<id>msopentech</id>
+			<name>Microsoft Open Technologies, Inc.</name>
+		</developer>
+	</developers>
+	<licenses>
+		<license>
+			<name>MIT License</name>
+		</license>
+	</licenses>
+	<inceptionYear>2013</inceptionYear>
+	<scm>
+		<url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+	</scm>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.nimbusds</groupId>
+            <artifactId>oauth2-oidc-sdk</artifactId>
+            <version>10.7.1</version>
+        </dependency>
+        <dependency>
+            <groupId>net.minidev</groupId>
+            <artifactId>json-smart</artifactId>
+            <version>2.4.10</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.36</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.6</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.13.4.2</version>
+        </dependency>
+
+        <!-- test dependencies -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.10.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testng</groupId>
+            <artifactId>testng</artifactId>
+            <version>7.1.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-testng</artifactId>
+            <version>2.0.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-easymock</artifactId>
+            <version>2.0.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.easymock</groupId>
+            <artifactId>easymock</artifactId>
+            <version>4.0.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.skyscreamer</groupId>
+            <artifactId>jsonassert</artifactId>
+            <version>1.5.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.5.13</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-secrets</artifactId>
+            <version>4.3.5</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.seleniumhq.selenium</groupId>
+            <artifactId>selenium-java</artifactId>
+            <version>3.14.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>31.1-jre</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <version>1.2.3</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.7</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <!-- force https -->
+    <repositories>
+        <repository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </pluginRepository>
+    </pluginRepositories>
+
+    <build>
+        <sourceDirectory>${project.build.directory}/delombok</sourceDirectory>
+        <plugins>
+            <plugin>
+                <groupId>org.projectlombok</groupId>
+                <artifactId>lombok-maven-plugin</artifactId>
+                <version>1.18.2.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>delombok</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <sourceDirectory>src/main/java</sourceDirectory>
+                    <outputDirectory>${project.build.directory}/delombok</outputDirectory>
+                    <addOutputDirectory>false</addOutputDirectory>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                        </manifest>
+                        <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+                    </archive>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.10</version>
+                <configuration>
+                    <argLine>-noverify</argLine>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>3.1.0</version>
+                <configuration>
+                    <sourcepath>${project.build.directory}/delombok</sourcepath>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2.1</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.11</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.7.0</version>
+                <configuration>
+                    <source>8</source>
+                    <target>8</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <version>1.10</version>
+                <executions>
+                    <execution>
+                        <id>add-test-source</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>add-test-source</goal>
+                        </goals>
+                        <configuration>
+                            <sources>
+                                <source>src/integrationtest/java</source>
+                            </sources>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <version>2.22.1</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>integration-test</goal>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>biz.aQute.bnd</groupId>
+                <artifactId>bnd-maven-plugin</artifactId>
+                <version>4.3.1</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>bnd-process</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java
similarity index 77%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java
index 4de9bca4..edce1e88 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java
@@ -3,10 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import labapi.AzureEnvironment;
-import labapi.B2CProvider;
-import labapi.FederationProvider;
-import labapi.User;
+import labapi.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.testng.Assert;
@@ -16,6 +13,8 @@
 import java.net.URI;
 import java.net.URL;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.concurrent.ExecutionException;
 
 public class AcquireTokenInteractiveIT extends SeleniumTest {
@@ -28,13 +27,13 @@ public void acquireTokenInteractive_ManagedUser(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test()
     public void acquireTokenInteractive_ADFSv2019_OnPrem() {
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);
-        assertAcquireTokenADFS2019(user);
+        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -42,7 +41,7 @@ public void acquireTokenInteractive_ADFSv2019_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2019);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -50,7 +49,7 @@ public void acquireTokenInteractive_ADFSv4_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -58,7 +57,7 @@ public void acquireTokenInteractive_ADFSv3_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -66,7 +65,52 @@ public void acquireTokenInteractive_ADFSv2_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
+    }
+
+    @Test
+    public void acquireTokenInteractive_Ciam() {
+        User user = labUserProvider.getCiamUser();
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+        extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1");
+
+        PublicClientApplication pca;
+        try {
+            pca = PublicClientApplication.builder(
+                            user.getAppId()).
+                    authority("https://" + user.getLabName() + ".ciamlogin.com/")
+            .build();
+        } catch (MalformedURLException ex) {
+            throw new RuntimeException(ex.getMessage());
+        }
+
+        IAuthenticationResult result;
+        try {
+            URI url = new URI("http://localhost:8080");
+
+            SystemBrowserOptions browserOptions =
+                    SystemBrowserOptions
+                            .builder()
+                            .openBrowserAction(new SeleniumOpenBrowserAction(user, pca))
+                            .build();
+
+            InteractiveRequestParameters parameters = InteractiveRequestParameters
+                    .builder(url)
+                    .scopes(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE))
+                    .extraQueryParameters(extraQueryParameters)
+                    .systemBrowserOptions(browserOptions)
+                    .build();
+
+            result = pca.acquireToken(parameters).get();
+
+        } catch (Exception e) {
+            LOG.error("Error acquiring token with authCode: " + e.getMessage());
+            throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage());
+        }
+
+        assertTokenResultNotNull(result);
+        Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -74,7 +118,15 @@ public void acquireTokenWithAuthorizationCode_B2C_Local(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getB2cUser(cfg.azureEnvironment, B2CProvider.LOCAL);
-        assertAcquireTokenB2C(user);
+        assertAcquireTokenB2C(user, TestConstants.B2C_AUTHORITY);
+    }
+
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenWithAuthorizationCode_B2C_LegacyFormat(String environment) {
+        cfg = new Config(environment);
+
+        User user = labUserProvider.getB2cUser(cfg.azureEnvironment, B2CProvider.LOCAL);
+        assertAcquireTokenB2C(user, TestConstants.B2C_AUTHORITY_LEGACY_FORMAT);
     }
 
     @Test
@@ -85,12 +137,12 @@ public void acquireTokenInteractive_ManagedUser_InstanceAware() {
         assertAcquireTokenInstanceAware(user);
     }
 
-    private void assertAcquireTokenAAD(User user) {
+    private void assertAcquireTokenCommon(User user, String authority, String scope) {
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     user.getAppId()).
-                    authority(cfg.organizationsAuthority()).
+                    authority(authority).
                     build();
         } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
@@ -99,49 +151,26 @@ private void assertAcquireTokenAAD(User user) {
         IAuthenticationResult result = acquireTokenInteractive(
                 user,
                 pca,
-                cfg.graphDefaultScope());
-
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
-        Assert.assertEquals(user.getUpn(), result.account().username());
-    }
-
-    private void assertAcquireTokenADFS2019(User user) {
-        PublicClientApplication pca;
-        try {
-            pca = PublicClientApplication.builder(
-                    TestConstants.ADFS_APP_ID).
-                    authority(TestConstants.ADFS_AUTHORITY).
-                    build();
-        } catch (MalformedURLException ex) {
-            throw new RuntimeException(ex.getMessage());
-        }
-
-        IAuthenticationResult result = acquireTokenInteractive(user, pca, TestConstants.ADFS_SCOPE);
+                scope);
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
-    private void assertAcquireTokenB2C(User user) {
+    private void assertAcquireTokenB2C(User user, String authority) {
 
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     user.getAppId()).
-                    b2cAuthority(TestConstants.B2C_AUTHORITY_SIGN_IN).
+                    b2cAuthority(authority + TestConstants.B2C_SIGN_IN_POLICY).
                     build();
         } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
         }
 
         IAuthenticationResult result = acquireTokenInteractive(user, pca, user.getAppId());
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
     }
 
     private void assertAcquireTokenInstanceAware(User user) {
@@ -157,9 +186,7 @@ private void assertAcquireTokenInstanceAware(User user) {
 
         IAuthenticationResult result = acquireTokenInteractive_instanceAware(user, pca, cfg.graphDefaultScope());
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
 
         //This test is using a client app with the login.microsoftonline.com config to get tokens for a login.microsoftonline.us user,
@@ -179,12 +206,12 @@ private void assertAcquireTokenInstanceAware(User user) {
         Assert.assertEquals(result.account().environment(), cachedResult.environment());
     }
 
-    @Test
+    //@Test
     public void acquireTokensInHomeAndGuestClouds_ArlingtonAccount() throws MalformedURLException, ExecutionException, InterruptedException {
         acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_US_GOVERNMENT);
     }
 
-    @Test
+    //@Test
     public void acquireTokensInHomeAndGuestClouds_MooncakeAccount() throws MalformedURLException, ExecutionException, InterruptedException {
         acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_CHINA);
     }
@@ -223,9 +250,7 @@ public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext)
                 build();
 
         IAuthenticationResult result = acquireTokenInteractive(user, publicCloudPca, TestConstants.USER_READ_SCOPE);
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getHomeUPN(), result.account().username());
 
         publicCloudPca.removeAccount(publicCloudPca.getAccounts().join().iterator().next()).join();
@@ -263,6 +288,12 @@ private IAuthenticationResult acquireTokenInteractive(
         return result;
     }
 
+    private void assertTokenResultNotNull(IAuthenticationResult result) {
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
+    }
+
     private IAuthenticationResult acquireTokenInteractive_instanceAware(
             User user,
             PublicClientApplication pca,
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java
similarity index 97%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java
index 070ee6b2..56d5f7d5 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java
@@ -9,10 +9,7 @@
 import org.testng.annotations.Test;
 
 import java.net.MalformedURLException;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
 import java.util.concurrent.ExecutionException;
 
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
@@ -178,9 +175,12 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String envi
         cfg = new Config(environment);
 
         IConfidentialClientApplication cca = getConfidentialClientApplications();
-
+        //test that adding extra query parameters does not break the flow
+        Map<String, String> extraParameters = new HashMap<>();
+        extraParameters.put("test","test");
         IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
                 .builder(Collections.singleton(cfg.graphDefaultScope()))
+                        .extraQueryParameters(extraParameters)
                 .build())
                 .get();
 
@@ -191,6 +191,7 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String envi
 
         result = cca.acquireTokenSilently(SilentParameters
                 .builder(Collections.singleton(cfg.graphDefaultScope()))
+                        .extraQueryParameters(extraParameters)
                 .build())
                 .get();
 
@@ -401,10 +402,13 @@ private IAuthenticationResult acquireTokenSilently(IPublicClientApplication pca,
     }
 
     private IAuthenticationResult acquireTokenUsernamePassword(User user, IPublicClientApplication pca, String scope) throws InterruptedException, ExecutionException {
+        Map<String, String> map = new HashMap<>();
+        map.put("test","test");
         return pca.acquireToken(UserNamePasswordParameters.
                 builder(Collections.singleton(scope),
                         user.getUpn(),
                         user.getPassword().toCharArray())
+                        .extraQueryParameters(map)
                 .build())
                 .get();
     }
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
similarity index 99%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
index 80058c8e..26bbe6d3 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
@@ -229,6 +229,7 @@ private IAuthenticationResult acquireTokenInteractiveB2C(ConfidentialClientAppli
             result = cca.acquireToken(AuthorizationCodeParameters
                     .builder(authCode, new URI(TestConstants.LOCALHOST + httpListener.port()))
                     .scopes(Collections.singleton(TestConstants.B2C_LAB_SCOPE))
+                    .extraQueryParameters(new HashMap<>())
                     .build())
                     .get();
         } catch (Exception e) {
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java
similarity index 76%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java
index 6e12baeb..e5c5d157 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java
@@ -5,8 +5,11 @@
 
 import labapi.AppCredentialProvider;
 import labapi.AzureEnvironment;
+import labapi.LabUserProvider;
+import labapi.User;
 import org.testng.Assert;
 import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
 
 import java.io.IOException;
@@ -16,6 +19,8 @@
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.concurrent.Callable;
 
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
@@ -23,16 +28,18 @@
 @Test
 public class ClientCredentialsIT {
     private IClientCertificate certificate;
+    private LabUserProvider labUserProvider;
 
     @BeforeClass
     void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException {
         certificate = CertificateHelper.getClientCertificate();
+        labUserProvider = LabUserProvider.getInstance();
     }
 
     @Test
     public void acquireTokenClientCredentials_ClientCertificate() throws Exception {
         String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
-        assertAcquireTokenCommon(clientId, certificate);
+        assertAcquireTokenCommon(clientId, certificate, TestConstants.MICROSOFT_AUTHORITY);
     }
 
     @Test
@@ -42,7 +49,7 @@ public void acquireTokenClientCredentials_ClientSecret() throws Exception {
         final String password = appProvider.getLabVaultPassword();
         IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
     }
 
     @Test
@@ -53,7 +60,35 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception {
 
         IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(clientAssertion.assertion());
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
+    }
+
+    @Test
+    public void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
+
+        User user = labUserProvider.getCiamUser();
+        String clientId = user.getAppId();
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+        extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1");
+
+        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM);
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword());
+
+        ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
+                        clientId, credential).
+                authority("https://" + user.getLabName() + ".ciamlogin.com/").
+                build();
+
+        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
+                        .builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE))
+                        .extraQueryParameters(extraQueryParameters)
+                        .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        assertAcquireTokenCommon(clientId, credential, TestConstants.CIAM_AUTHORITY);
     }
 
     @Test
@@ -69,7 +104,7 @@ public void acquireTokenClientCredentials_Callback() throws Exception {
 
         IClientCredential credential = ClientCredentialFactory.createFromCallback(callable);
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
 
         // Creates an invalid client assertion to build the application, but overrides it with a valid client assertion
         //  in the request parameters in order to make a successful token request
@@ -118,13 +153,18 @@ public void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception
         Assert.assertNotEquals(result2.accessToken(), result3.accessToken());
     }
 
-    @Test
-    public void acquireTokenClientCredentials_Regional() throws Exception {
+    @DataProvider(name = "regionWithAuthority")
+    public static Object[][] createData() {
+        return new Object[][]{{"westus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS},
+                {"eastus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS}};
+    }
+
+    @Test(dataProvider = "regionWithAuthority")
+    public void acquireTokenClientCredentials_Regional(String[] regionWithAuthority) throws Exception {
         String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
 
-        assertAcquireTokenCommon_withRegion(clientId, certificate);
+        assertAcquireTokenCommon_withRegion(clientId, certificate, regionWithAuthority[0], regionWithAuthority[1]);
     }
-
     private ClientAssertion getClientAssertion(String clientId) {
         return JwtHelper.buildJwt(
                 clientId,
@@ -133,10 +173,10 @@ private ClientAssertion getClientAssertion(String clientId) {
                 true);
     }
 
-    private void assertAcquireTokenCommon(String clientId, IClientCredential credential) throws Exception {
+    private void assertAcquireTokenCommon(String clientId, IClientCredential credential, String authority) throws Exception {
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                 clientId, credential).
-                authority(TestConstants.MICROSOFT_AUTHORITY).
+                authority(authority).
                 build();
 
         IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
@@ -164,7 +204,7 @@ private void assertAcquireTokenCommon_withParameters(String clientId, IClientCre
         Assert.assertNotNull(result.accessToken());
     }
 
-    private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredential credential) throws Exception {
+    private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredential credential, String region, String regionalAuthority) throws Exception {
         ConfidentialClientApplication ccaNoRegion = ConfidentialClientApplication.builder(
                 clientId, credential).
                 authority(TestConstants.MICROSOFT_AUTHORITY).
@@ -172,7 +212,7 @@ private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredent
 
         ConfidentialClientApplication ccaRegion = ConfidentialClientApplication.builder(
                 clientId, credential).
-                authority(TestConstants.MICROSOFT_AUTHORITY).azureRegion("westus").
+                authority("https://login.microsoft.com/microsoft.onmicrosoft.com").azureRegion(region).
                 build();
 
         //Ensure behavior when region not specified
@@ -193,7 +233,7 @@ private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredent
 
         Assert.assertNotNull(resultRegion);
         Assert.assertNotNull(resultRegion.accessToken());
-        Assert.assertEquals(resultRegion.environment(), TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS);
+        Assert.assertEquals(resultRegion.environment(), regionalAuthority);
 
         IAuthenticationResult resultRegionCached = ccaRegion.acquireToken(ClientCredentialParameters
                 .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
similarity index 91%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
index cef021f7..5624c60c 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java
@@ -31,7 +31,6 @@
 import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.Future;
-import java.util.function.Function;
 
 import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE;
 import static org.easymock.EasyMock.*;
@@ -261,6 +260,8 @@ public void testClientAssertion_acquireToken() throws Exception{
         Assert.assertTrue(body.contains("client_assertion_type=" + URLEncoder.encode(JWTAuthentication.CLIENT_ASSERTION_TYPE, "utf-8")));
         Assert.assertTrue(body.contains("scope=" + URLEncoder.encode("openid profile offline_access " + scope, "utf-8")));
         Assert.assertTrue(body.contains("client_id=" + TestConfiguration.AAD_CLIENT_ID));
+        Assert.assertTrue(body.contains("test=test"));
+        Assert.assertTrue(body.contains("id_token_hint=token_hint_value"));
     }
 
     private ServiceBundle mockedServiceBundle(IHttpClient httpClientMock) {
@@ -274,7 +275,15 @@ private ServiceBundle mockedServiceBundle(IHttpClient httpClientMock) {
     private ClientCredentialRequest getClientCredentialRequest(ConfidentialClientApplication app, String scope) {
         Set<String> scopes = new HashSet<>();
         scopes.add(scope);
-        ClientCredentialParameters clientCredentials = ClientCredentialParameters.builder(scopes).tenant(IdToken.TENANT_IDENTIFIER).build();
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+        extraQueryParameters.put("id_token_hint", "token_hint_value");
+        extraQueryParameters.put("test", "test");
+
+        ClientCredentialParameters clientCredentials = ClientCredentialParameters.builder(scopes)
+                .tenant(IdToken.TENANT_IDENTIFIER)
+                .extraQueryParameters(extraQueryParameters)
+                .build();
         RequestContext requestContext = new RequestContext(
                 app,
                 PublicApi.ACQUIRE_TOKEN_FOR_CLIENT,
@@ -309,6 +318,7 @@ public void validateAppTokenProviderAsync() throws Exception{
         IClientCredential iClientCredential = ClientCredentialFactory.createFromClientAssertion(
                 clientAssertion.assertion());
 
+        Long refreshInSeconds = new Date().getTime() / 1000 + + 800000;
         //builds client with AppTokenProvider
         ConfidentialClientApplication cca = ConfidentialClientApplication.
                 builder(TestConfiguration.AAD_CLIENT_ID, iClientCredential)
@@ -316,7 +326,7 @@ public void validateAppTokenProviderAsync() throws Exception{
                     Assert.assertNotNull(parameters.scopes);
                     Assert.assertNotNull(parameters.correlationId);
                     Assert.assertNotNull(parameters.tenantId);
-                    return getAppTokenProviderResult("/default");
+                    return getAppTokenProviderResult("/default", refreshInSeconds);
                 })
                 .build();
 
@@ -329,6 +339,10 @@ public void validateAppTokenProviderAsync() throws Exception{
         Assert.assertNotNull(result1.accessToken());
 
         Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1);
+        //check that refreshOn is set correctly when provided by an app developer
+        Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
+        Assert.assertEquals(cca.tokenCache.accessTokens.values().iterator().next().refreshOn(), refreshInSeconds.toString());
+        System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
 
         //Acquire token from cache
 
@@ -347,7 +361,7 @@ public void validateAppTokenProviderAsync() throws Exception{
                     Assert.assertNotNull(parameters.scopes);
                     Assert.assertNotNull(parameters.correlationId);
                     Assert.assertNotNull(parameters.tenantId);
-                    return getAppTokenProviderResult("/newScope");
+                    return getAppTokenProviderResult("/newScope", 0L);
                 })
                 .build();
 
@@ -360,17 +374,20 @@ public void validateAppTokenProviderAsync() throws Exception{
 
         Assert.assertNotEquals(result2.accessToken(), result3.accessToken());
         Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1);
-
+        //check that refreshOn is set correctly when a value is not provided by an app developer
+        Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
+        System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn());
     }
 
-    private CompletableFuture<TokenProviderResult> getAppTokenProviderResult(String differentScopesForAt)
+    private CompletableFuture<TokenProviderResult> getAppTokenProviderResult(String differentScopesForAt,
+                                                                             long refreshInSeconds)
     {
         long currTimestampSec = new Date().getTime() / 1000;
         TokenProviderResult token = new TokenProviderResult();
         token.setAccessToken(TestConstants.DEFAULT_ACCESS_TOKEN + differentScopesForAt); //Used to indicate that there is a new access token for a different set of scopes
         token.setTenantId("tenantId");
         token.setExpiresInSeconds(currTimestampSec + 1000000);
-        token.setRefreshInSeconds(currTimestampSec + 800000);
+        token.setRefreshInSeconds(refreshInSeconds);
 
         return CompletableFuture.completedFuture(token);
     }
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/Config.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java
similarity index 87%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java
index aa23ffd3..4b1d10d1 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java
@@ -43,9 +43,7 @@ public void DeviceCodeFlowADTest(String environment) throws Exception {
                 authority(cfg.tenantSpecificAuthority()).
                 build();
 
-        Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
-            runAutomatedDeviceCodeFlow(deviceCode, user);
-        };
+        Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> runAutomatedDeviceCodeFlow(deviceCode, user);
 
         IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters
                 .builder(Collections.singleton(cfg.graphDefaultScope()),
@@ -113,6 +111,29 @@ public void DeviceCodeFlowMSATest() throws Exception {
         Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken()));
     }
 
+    @Test
+    public void DeviceCodeFlowCiamTest() throws Exception {
+        User user = labUserProvider.getCiamUser();
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority("https://" + user.getLabName() + ".ciamlogin.com/").
+                build();
+
+        Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
+            runAutomatedDeviceCodeFlow(deviceCode, user);
+        };
+
+        IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters
+                .builder(Collections.singleton(""),
+                        deviceCodeConsumer)
+                .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken()));
+    }
+
     private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user) {
         boolean isRunningLocally = true;//!Strings.isNullOrEmpty(
         //System.getenv(TestConstants.LOCAL_FLAG_ENV_VAR));
@@ -151,7 +172,7 @@ private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user) {
             if (isADFS2019) {
                 SeleniumExtensions.performADFS2019Login(seleniumDriver, user);
             } else {
-                SeleniumExtensions.performADLogin(seleniumDriver, user);
+                SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user);
             }
         } catch (Exception e) {
             if (!isRunningLocally) {
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java
diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java
new file mode 100644
index 00000000..57bc8fb3
--- /dev/null
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java
@@ -0,0 +1,235 @@
+package com.microsoft.aad.msal4j;
+
+import org.easymock.Capture;
+import org.easymock.EasyMock;
+import org.powermock.api.easymock.PowerMock;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.testng.Assert;
+import org.testng.IObjectFactory;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.ObjectFactory;
+import org.testng.annotations.Test;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.Date;
+import java.util.concurrent.CompletableFuture;
+
+@PrepareForTest({HttpHelper.class, PublicClientApplication.class})
+public class InstanceDiscoveryTest {
+
+    private PublicClientApplication app;
+
+    @ObjectFactory
+    public IObjectFactory getObjectFactory() {
+        return new org.powermock.modules.testng.PowerMockObjectFactory();
+    }
+
+    @DataProvider(name = "aadClouds")
+    private static Object[][] getAadClouds(){
+        return new Object[][] {{"https://login.microsoftonline.com/common"} , // #Known to Microsoft
+                {"https://private.cloud/foo"}//Private Cloud
+        };
+    }
+
+    /**
+     * when instance_discovery flag is set to true (by default), an instance_discovery is performed for authorityType = AAD
+     */
+    @Test(  dataProvider = "aadClouds")
+    public void aadInstanceDiscoveryTrue(String authority) throws Exception{
+        app = PowerMock.createPartialMock(PublicClientApplication.class,
+                new String[]{"acquireTokenCommon"},
+                PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID)
+                        .authority(authority));
+
+        Capture<MsalRequest> capturedMsalRequest = Capture.newInstance();
+
+        PowerMock.expectPrivate(app, "acquireTokenCommon",
+                EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn(
+                AuthenticationResult.builder().
+                        accessToken("accessToken").
+                        expiresOn(new Date().getTime() + 100).
+                        refreshToken("refreshToken").
+                        idToken("idToken").environment("environment").build());
+
+        PowerMock.mockStatic(HttpHelper.class);
+
+        HttpResponse instanceDiscoveryResponse = new HttpResponse();
+        instanceDiscoveryResponse.statusCode(200);
+        instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE);
+
+        Capture<HttpRequest> capturedHttpRequest = Capture.newInstance();
+
+        EasyMock.expect(
+                        HttpHelper.executeHttpRequest(
+                                EasyMock.capture(capturedHttpRequest),
+                                EasyMock.isA(RequestContext.class),
+                                EasyMock.isA(ServiceBundle.class)))
+                .andReturn(instanceDiscoveryResponse);
+
+        PowerMock.replay(HttpHelper.class, HttpResponse.class);
+
+        CompletableFuture<IAuthenticationResult> completableFuture = app.acquireToken(
+                AuthorizationCodeParameters.builder
+                                ("auth_code",
+                                        new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI))
+                        .scopes(Collections.singleton("default-scope"))
+                        .build());
+
+        completableFuture.get();
+        Assert.assertEquals(capturedHttpRequest.getValues().size(),1);
+
+    }
+
+    /**
+     * when instance_discovery flag is set to false, instance_discovery is not performed
+     */
+    @Test (dataProvider = "aadClouds")
+    public void aadInstanceDiscoveryFalse(String authority) throws Exception {
+
+        app = PowerMock.createPartialMock(PublicClientApplication.class,
+                new String[]{"acquireTokenCommon"},
+                PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID)
+                        .authority(authority)
+                        .instanceDiscovery(false));
+
+        Capture<MsalRequest> capturedMsalRequest = Capture.newInstance();
+
+        PowerMock.expectPrivate(app, "acquireTokenCommon",
+                EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn(
+                AuthenticationResult.builder().
+                        accessToken("accessToken").
+                        expiresOn(new Date().getTime() + 100).
+                        refreshToken("refreshToken").
+                        idToken("idToken").environment("environment").build());
+
+        PowerMock.mockStatic(HttpHelper.class);
+
+        HttpResponse instanceDiscoveryResponse = new HttpResponse();
+        instanceDiscoveryResponse.statusCode(200);
+        instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE);
+
+        Capture<HttpRequest> capturedHttpRequest = Capture.newInstance();
+
+        EasyMock.expect(
+                        HttpHelper.executeHttpRequest(
+                                EasyMock.capture(capturedHttpRequest),
+                                EasyMock.isA(RequestContext.class),
+                                EasyMock.isA(ServiceBundle.class)))
+                .andReturn(instanceDiscoveryResponse);
+
+        PowerMock.replay(HttpHelper.class, HttpResponse.class);
+
+        CompletableFuture<IAuthenticationResult> completableFuture = app.acquireToken(
+                AuthorizationCodeParameters.builder
+                                ("auth_code",
+                                        new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI))
+                        .scopes(Collections.singleton("default-scope"))
+                        .build());
+
+        completableFuture.get();
+        Assert.assertEquals(capturedHttpRequest.getValues().size(),0);
+    }
+
+    /**
+     * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for adfs.
+     */
+    @Test
+    public void adfsInstanceDiscoveryTrue() throws Exception{
+        app = PowerMock.createPartialMock(PublicClientApplication.class,
+                new String[]{"acquireTokenCommon"},
+                PublicClientApplication.builder(TestConstants.ADFS_APP_ID)
+                        .authority("https://contoso.com/adfs")
+                        .instanceDiscovery(true));
+
+        Capture<MsalRequest> capturedMsalRequest = Capture.newInstance();
+
+        PowerMock.expectPrivate(app, "acquireTokenCommon",
+                EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn(
+                AuthenticationResult.builder().
+                        accessToken("accessToken").
+                        expiresOn(new Date().getTime() + 100).
+                        refreshToken("refreshToken").
+                        idToken("idToken").environment("environment").build());
+
+        PowerMock.mockStatic(HttpHelper.class);
+
+        HttpResponse instanceDiscoveryResponse = new HttpResponse();
+        instanceDiscoveryResponse.statusCode(200);
+        instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE);
+
+        Capture<HttpRequest> capturedHttpRequest = Capture.newInstance();
+
+        EasyMock.expect(
+                        HttpHelper.executeHttpRequest(
+                                EasyMock.capture(capturedHttpRequest),
+                                EasyMock.isA(RequestContext.class),
+                                EasyMock.isA(ServiceBundle.class)))
+                .andReturn(instanceDiscoveryResponse);
+
+        PowerMock.replay(HttpHelper.class, HttpResponse.class);
+
+        CompletableFuture<IAuthenticationResult> completableFuture = app.acquireToken(
+                AuthorizationCodeParameters.builder
+                                ("auth_code",
+                                        new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI))
+                        .scopes(Collections.singleton("default-scope"))
+                        .build());
+
+        completableFuture.get();
+        Assert.assertEquals(capturedHttpRequest.getValues().size(),0);
+
+    }
+
+    /**
+     * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c.
+     */
+    @Test
+    public void b2cInstanceDiscoveryTrue() throws Exception{
+        app = PowerMock.createPartialMock(PublicClientApplication.class,
+                new String[]{"acquireTokenCommon"},
+                PublicClientApplication.builder(TestConstants.ADFS_APP_ID)
+                        .b2cAuthority(TestConstants.B2C_MICROSOFTLOGIN_ROPC)
+                        .instanceDiscovery(true));
+
+        Capture<MsalRequest> capturedMsalRequest = Capture.newInstance();
+
+        PowerMock.expectPrivate(app, "acquireTokenCommon",
+                EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn(
+                AuthenticationResult.builder().
+                        accessToken("accessToken").
+                        expiresOn(new Date().getTime() + 100).
+                        refreshToken("refreshToken").
+                        idToken("idToken").environment("environment").build());
+
+        PowerMock.mockStatic(HttpHelper.class);
+
+        HttpResponse instanceDiscoveryResponse = new HttpResponse();
+        instanceDiscoveryResponse.statusCode(200);
+        instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE);
+
+        Capture<HttpRequest> capturedHttpRequest = Capture.newInstance();
+
+        EasyMock.expect(
+                        HttpHelper.executeHttpRequest(
+                                EasyMock.capture(capturedHttpRequest),
+                                EasyMock.isA(RequestContext.class),
+                                EasyMock.isA(ServiceBundle.class)))
+                .andReturn(instanceDiscoveryResponse);
+
+        PowerMock.replay(HttpHelper.class, HttpResponse.class);
+
+        CompletableFuture<IAuthenticationResult> completableFuture = app.acquireToken(
+                AuthorizationCodeParameters.builder
+                                ("auth_code",
+                                        new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI))
+                        .scopes(Collections.singleton("default-scope"))
+                        .build());
+
+        completableFuture.get();
+        Assert.assertEquals(capturedHttpRequest.getValues().size(),0);
+
+    }
+
+
+}
diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java
new file mode 100644
index 00000000..07be1538
--- /dev/null
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java
@@ -0,0 +1,26 @@
+package com.microsoft.aad.msal4j;
+
+import org.testng.annotations.Test;
+
+import java.net.URI;
+import java.util.Collections;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ExecutionException;
+
+public class InvalidAuthorityIT extends SeleniumTest{
+
+    @Test(expectedExceptions = ExecutionException.class, expectedExceptionsMessageRegExp = ".*?invalid instance.*?")
+    public void acquireTokenWithAuthorizationCode_InvalidAuthority() throws Exception{
+        PublicClientApplication app;
+        app = PublicClientApplication.builder(
+                        TestConfiguration.AAD_CLIENT_ID)
+                .authority("https://dummy.microsoft.com/common") //invalid authority, request fails at instance discovery
+                .build();
+
+        CompletableFuture<IAuthenticationResult> future = app.acquireToken(
+                AuthorizationCodeParameters.builder("auth_code", new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI))
+                        .scopes(Collections.singleton("default-scope"))
+                        .authorizationCode("auth_code").redirectUri(new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)).build());
+        future.get();
+    }
+}
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java
similarity index 100%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java
similarity index 90%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java
index 62306e12..ccb218b1 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java
@@ -51,9 +51,11 @@ void runSeleniumAutomatedLogin(User user, AbstractClientApplicationBase app) {
                     break;
             }
         } else if (authorityType == AuthorityType.AAD) {
-            SeleniumExtensions.performADLogin(seleniumDriver, user);
+            SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user);
         } else if (authorityType == AuthorityType.ADFS) {
             SeleniumExtensions.performADFS2019Login(seleniumDriver, user);
+        } else if (authorityType == AuthorityType.CIAM) {
+            SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user);
         }
     }
 }
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java
similarity index 82%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java
index 950109dc..d11fcdf8 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java
@@ -30,26 +30,31 @@ public class TestConstants {
     public final static String COMMON_AUTHORITY_WITH_PORT = MICROSOFT_AUTHORITY_HOST_WITH_PORT + "msidlab4.onmicrosoft.com";
     public final static String MICROSOFT_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "microsoft.onmicrosoft.com";
     public final static String TENANT_SPECIFIC_AUTHORITY = MICROSOFT_AUTHORITY_HOST + MICROSOFT_AUTHORITY_TENANT;
-    public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS = "westus.r." + MICROSOFT_AUTHORITY_BASIC_HOST;
+    public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS = "westus.login.microsoft.com";
+
+    public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS = "eastus.login.microsoft.com";
+
+//    public final static String CIAM_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "msidlabciam1.onmicrosoft.com";
+    public final static String CIAM_AUTHORITY = "https://msidlabciam1.ciamlogin.com/" + "msidlabciam1.onmicrosoft.com";
+
+    public final static String CIAM_TEST_AUTHORITY = "https://contoso0781.ciamlogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/.well-known/openid-configuration?dc=ESTS-PUB-EUS-AZ1-FD000-TEST1&ciamhost=true";
 
     public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/";
-    public final static String ARLINGTON_COMMON_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "common/";
     public final static String ARLINGTON_TENANT_SPECIFIC_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + ARLINGTON_AUTHORITY_TENANT;
     public final static String ARLINGTON_GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.us/.default";
 
+    public final static String B2C_AUTHORITY = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/";
+    public final static String B2C_AUTHORITY_LEGACY_FORMAT = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/";
 
-    public final static String B2C_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/";
-    public final static String B2C_AUTHORITY_URL = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/";
     public final static String B2C_ROPC_POLICY = "B2C_1_ROPC_Auth";
     public final static String B2C_SIGN_IN_POLICY = "B2C_1_SignInPolicy";
     public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY;
     public final static String B2C_AUTHORITY_ROPC = B2C_AUTHORITY + B2C_ROPC_POLICY;
     public final static String B2C_READ_SCOPE = "https://msidlabb2c.onmicrosoft.com/msidlabb2capi/read";
-    public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/";
+    public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/";
     public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY;
 
     public final static String LOCALHOST = "http://localhost:";
-    public final static String LOCAL_FLAG_ENV_VAR = "MSAL_JAVA_RUN_LOCAL";
 
     public final static String ADFS_AUTHORITY = "https://fs.msidlab8.com/adfs/";
     public final static String ADFS_SCOPE = USER_READ_SCOPE;
@@ -57,11 +62,6 @@ public class TestConstants {
 
     public final static String CLAIMS = "{\"id_token\":{\"auth_time\":{\"essential\":true}}}";
     public final static Set<String> CLIENT_CAPABILITIES_EMPTY = new HashSet<>(Collections.emptySet());
-    public final static Set<String> CLIENT_CAPABILITIES_LLT = new HashSet<>(Collections.singletonList("llt"));
-
-    // cross cloud b2b settings
-    public final static String AUTHORITY_ARLINGTON = "https://login.microsoftonline.us/" + ARLINGTON_AUTHORITY_TENANT;
-    public final static String AUTHORITY_MOONCAKE = "https://login.chinacloudapi.cn/mncmsidlab1.partner.onmschina.cn";
     public final static String AUTHORITY_PUBLIC_TENANT_SPECIFIC = "https://login.microsoftonline.com/" + MICROSOFT_AUTHORITY_TENANT;
 
     public final static String DEFAULT_ACCESS_TOKEN = "defaultAccessToken";
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java
similarity index 96%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java
index 66bd6f90..70da5288 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java
@@ -9,6 +9,8 @@
 import org.testng.annotations.Test;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
 
 public class TokenCacheIT {
@@ -32,10 +34,14 @@ public void singleAccountInCache_RemoveAccountTest() throws Exception {
         // Check that cache is empty
         Assert.assertEquals(pca.getAccounts().join().size(), 0);
 
+        Map<String, String> extraQueryParameters = new HashMap<>();
+        extraQueryParameters.put("test", "test");
+
         pca.acquireToken(UserNamePasswordParameters.
                 builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE),
                         user.getUpn(),
                         user.getPassword().toCharArray())
+                        .extraQueryParameters(extraQueryParameters)
                 .build())
                 .get();
 
diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java
similarity index 81%
rename from src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java
rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java
index 498166aa..8b9c9fe0 100644
--- a/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java
+++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java
@@ -9,6 +9,8 @@
 import org.testng.annotations.Test;
 
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 @Test()
 public class UsernamePasswordIT {
@@ -27,7 +29,7 @@ public void acquireTokenWithUsernamePassword_Managed(String environment) throws
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -41,7 +43,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environm
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test
@@ -52,7 +54,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonADFS(user);
+        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE, TestConstants.ADFS_APP_ID);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -66,7 +68,7 @@ public void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws E
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -80,7 +82,7 @@ public void acquireTokenWithUsernamePassword_ADFSv3(String environment) throws E
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -97,6 +99,29 @@ public void acquireTokenWithUsernamePassword_ADFSv2(String environment) throws E
         assertAcquireTokenCommonAAD(user);
     }
 
+    @Test
+    public void acquireTokenWithUsernamePassword_Ciam() throws Exception {
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+        extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1");
+
+        User user = labUserProvider.getCiamUser();
+        PublicClientApplication pca = PublicClientApplication.builder(user.getAppId())
+                        .authority("https://" + user.getLabName() + ".ciamlogin.com/")
+                                .build();
+
+
+        IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
+                        builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE),
+                                user.getUpn(),
+                                user.getPassword().toCharArray())
+                       .extraQueryParameters(extraQueryParameters)
+                        .build())
+                .get();
+
+        Assert.assertNotNull(result.accessToken());
+    }
+
     @Test
     public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
         User user = labUserProvider.getDefaultUser();
@@ -108,10 +133,6 @@ public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exceptio
                 user.getAppId());
     }
 
-    private void assertAcquireTokenCommonADFS(User user) throws Exception {
-        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE,
-                TestConstants.ADFS_APP_ID);
-    }
 
     private void assertAcquireTokenCommonAAD(User user) throws Exception {
         assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(),
@@ -120,6 +141,7 @@ private void assertAcquireTokenCommonAAD(User user) throws Exception {
 
     private void assertAcquireTokenCommon(User user, String authority, String scope, String appId)
             throws Exception {
+
         PublicClientApplication pca = PublicClientApplication.builder(
                 appId).
                 authority(authority).
@@ -130,11 +152,10 @@ private void assertAcquireTokenCommon(User user, String authority, String scope,
                         user.getUpn(),
                         user.getPassword().toCharArray())
                 .build())
+
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
@@ -157,9 +178,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except
                 .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
 
         IAccount account = pca.getAccounts().join().iterator().next();
         SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
@@ -169,9 +188,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except
                         .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
     }
 
     @Test
@@ -193,9 +210,7 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E
                 .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
 
         IAccount account = pca.getAccounts().join().iterator().next();
         SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
@@ -205,6 +220,10 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E
                         .build())
                 .get();
 
+        assertTokenResultNotNull(result);
+    }
+
+    private void assertTokenResultNotNull(IAuthenticationResult result) {
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
         Assert.assertNotNull(result.idToken());
diff --git a/src/integrationtest/java/infrastructure/SeleniumConstants.java b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumConstants.java
similarity index 100%
rename from src/integrationtest/java/infrastructure/SeleniumConstants.java
rename to msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumConstants.java
diff --git a/src/integrationtest/java/infrastructure/SeleniumExtensions.java b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java
similarity index 96%
rename from src/integrationtest/java/infrastructure/SeleniumExtensions.java
rename to msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java
index f7084c01..c40784b5 100644
--- a/src/integrationtest/java/infrastructure/SeleniumExtensions.java
+++ b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java
@@ -65,8 +65,8 @@ public static WebElement waitForElementToBeVisibleAndEnable(WebDriver driver, By
         return waitForElementToBeVisibleAndEnable(driver, by, DEFAULT_TIMEOUT_IN_SEC);
     }
 
-    public static void performADLogin(WebDriver driver, User user) {
-        LOG.info("PerformADLogin");
+    public static void performADOrCiamLogin(WebDriver driver, User user) {
+        LOG.info("performADOrCiamLogin");
 
         UserInformationFields fields = new UserInformationFields(user);
 
@@ -76,7 +76,7 @@ public static void performADLogin(WebDriver driver, User user) {
         LOG.info("Loggin in ... Clicking <Next> after username");
         driver.findElement(new By.ById(fields.getAadSignInButtonId())).click();
 
-        if (user.getFederationProvider() == FederationProvider.ADFS_2 &&
+        if (user.getFederationProvider().equals(FederationProvider.ADFS_2) &&
                 !user.getLabName().equals(LabConstants.ARLINGTON_LAB_NAME)) {
 
             LOG.info("Loggin in ... ADFS-V2 - Entering the username in ADFSv2 form");
@@ -96,6 +96,7 @@ public static void performADLogin(WebDriver driver, User user) {
             checkAuthenticationCompletePage(driver);
             return;
         } catch (TimeoutException ex) {
+            LOG.error(ex.getMessage());
         }
 
         LOG.info("Checking optional questions");
@@ -107,6 +108,7 @@ public static void performADLogin(WebDriver driver, User user) {
             LOG.info("Are you trying to sign in to ... ? click Continue");
 
         } catch (TimeoutException ex) {
+            LOG.error(ex.getMessage());
         }
 
         try {
@@ -115,6 +117,7 @@ public static void performADLogin(WebDriver driver, User user) {
                     click();
             LOG.info("Stay signed in?  click NO");
         } catch (TimeoutException ex) {
+            LOG.error(ex.getMessage());
         }
     }
 
diff --git a/src/integrationtest/java/infrastructure/UserInformationFields.java b/msal4j-sdk/src/integrationtest/java/infrastructure/UserInformationFields.java
similarity index 100%
rename from src/integrationtest/java/infrastructure/UserInformationFields.java
rename to msal4j-sdk/src/integrationtest/java/infrastructure/UserInformationFields.java
diff --git a/src/integrationtest/java/labapi/App.java b/msal4j-sdk/src/integrationtest/java/labapi/App.java
similarity index 100%
rename from src/integrationtest/java/labapi/App.java
rename to msal4j-sdk/src/integrationtest/java/labapi/App.java
diff --git a/src/integrationtest/java/labapi/AppCredentialProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java
similarity index 88%
rename from src/integrationtest/java/labapi/AppCredentialProvider.java
rename to msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java
index af949eec..2a458449 100644
--- a/src/integrationtest/java/labapi/AppCredentialProvider.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java
@@ -35,8 +35,11 @@ public AppCredentialProvider(String azureEnvironment) {
                 oboClientId = LabConstants.ARLINGTON_OBO_APP_ID;
                 oboAppIdURI = "https://arlmsidlab1.us/IDLABS_APP_Confidential_Client";
 
-                oboPassword = keyVaultSecretsProvider.
-                        getSecret(LabService.getApp(oboClientId).clientSecret);
+                oboPassword = keyVaultSecretsProvider.getSecret(LabService.getApp(oboClientId).clientSecret);
+                break;
+            case AzureEnvironment.CIAM:
+                oboPassword = keyVaultSecretsProvider.getSecret(LabConstants.CIAM_KEY_VAULT_SECRET_KEY);
+
                 break;
             default:
                 throw new UnsupportedOperationException("Azure Environment - " + azureEnvironment + " unsupported");
diff --git a/src/integrationtest/java/labapi/AzureEnvironment.java b/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java
similarity index 90%
rename from src/integrationtest/java/labapi/AzureEnvironment.java
rename to msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java
index 3b1dbb7f..6faa0e54 100644
--- a/src/integrationtest/java/labapi/AzureEnvironment.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java
@@ -10,4 +10,5 @@ public class AzureEnvironment {
     public static final String AZURE = "azurecloud";
     public static final String AZURE_PPE = "azureppe";
     public static final String AZURE_US_GOVERNMENT = "azureusgovernment";
+    public static final String CIAM = "ciam";
 }
diff --git a/src/integrationtest/java/labapi/B2CProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/B2CProvider.java
similarity index 100%
rename from src/integrationtest/java/labapi/B2CProvider.java
rename to msal4j-sdk/src/integrationtest/java/labapi/B2CProvider.java
diff --git a/src/integrationtest/java/labapi/FederationProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java
similarity index 91%
rename from src/integrationtest/java/labapi/FederationProvider.java
rename to msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java
index e586fe5b..39291622 100644
--- a/src/integrationtest/java/labapi/FederationProvider.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java
@@ -12,6 +12,7 @@ public class FederationProvider {
     public static final String ADFS_2019 = "adfsv2019";
     public static final String PING = "ping";
     public static final String SHIBBOLETH = "shibboleth";
+    public static final String CIAM = "ciam";
 
 }
 
diff --git a/src/integrationtest/java/labapi/HttpClientHelper.java b/msal4j-sdk/src/integrationtest/java/labapi/HttpClientHelper.java
similarity index 100%
rename from src/integrationtest/java/labapi/HttpClientHelper.java
rename to msal4j-sdk/src/integrationtest/java/labapi/HttpClientHelper.java
diff --git a/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java
similarity index 100%
rename from src/integrationtest/java/labapi/KeyVaultSecretsProvider.java
rename to msal4j-sdk/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java
diff --git a/src/integrationtest/java/labapi/Lab.java b/msal4j-sdk/src/integrationtest/java/labapi/Lab.java
similarity index 100%
rename from src/integrationtest/java/labapi/Lab.java
rename to msal4j-sdk/src/integrationtest/java/labapi/Lab.java
diff --git a/src/integrationtest/java/labapi/LabConstants.java b/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java
similarity index 92%
rename from src/integrationtest/java/labapi/LabConstants.java
rename to msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java
index ba3ddf81..569acafd 100644
--- a/src/integrationtest/java/labapi/LabConstants.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java
@@ -14,6 +14,7 @@ public class LabConstants {
     public final static String USER_MSA_USERNAME_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-UserName";
     public final static String USER_MSA_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-Password";
     public final static String OBO_APP_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/TodoListServiceV2-OBO";
+    public final static String CIAM_KEY_VAULT_SECRET_KEY = "https://msidlabs.vault.azure.net/secrets/MSIDLABCIAM1-cc";
 
     public final static String ARLINGTON_APP_ID = "cb7faed4-b8c0-49ee-b421-f5ed16894c83";
     public final static String ARLINGTON_OBO_APP_ID = "c0555d2d-02f2-4838-802e-3463422e571d";
diff --git a/src/integrationtest/java/labapi/LabService.java b/msal4j-sdk/src/integrationtest/java/labapi/LabService.java
similarity index 100%
rename from src/integrationtest/java/labapi/LabService.java
rename to msal4j-sdk/src/integrationtest/java/labapi/LabService.java
diff --git a/src/integrationtest/java/labapi/LabUserProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java
similarity index 91%
rename from src/integrationtest/java/labapi/LabUserProvider.java
rename to msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java
index c169d8a7..68eca889 100644
--- a/src/integrationtest/java/labapi/LabUserProvider.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java
@@ -105,6 +105,16 @@ public User getUserByGuestHomeAzureEnvironments(String guestEnvironment, String
         return getLabUser(query);
     }
 
+    public User getCiamUser() {
+
+        UserQueryParameters query = new UserQueryParameters();
+        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.CIAM);
+        query.parameters.put(UserQueryParameters.SIGN_IN_AUDIENCE, "azureadmyorg");
+        query.parameters.put(UserQueryParameters.PUBLIC_CLIENT, "no");
+
+        return getLabUser(query);
+    }
+
     public User getLabUser(UserQueryParameters userQuery) {
         if (userCache.containsKey(userQuery)) {
             return userCache.get(userQuery);
diff --git a/src/integrationtest/java/labapi/User.java b/msal4j-sdk/src/integrationtest/java/labapi/User.java
similarity index 100%
rename from src/integrationtest/java/labapi/User.java
rename to msal4j-sdk/src/integrationtest/java/labapi/User.java
diff --git a/src/integrationtest/java/labapi/UserQueryParameters.java b/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java
similarity index 94%
rename from src/integrationtest/java/labapi/UserQueryParameters.java
rename to msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java
index 56243152..b25c46cb 100644
--- a/src/integrationtest/java/labapi/UserQueryParameters.java
+++ b/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java
@@ -22,6 +22,7 @@ public class UserQueryParameters {
     public static final String HOME_AZURE_ENVIRONMENT = "guesthomeazureenvironment";
     public static final String GUEST_HOME_DIN = "guesthomedin";
     public static final String SIGN_IN_AUDIENCE = "signInAudience";
+    public static final String PUBLIC_CLIENT = "publicClient";
 
     public Map<String, String> parameters = new HashMap<>();
 }
diff --git a/src/integrationtest/java/labapi/UserSecret.java b/msal4j-sdk/src/integrationtest/java/labapi/UserSecret.java
similarity index 100%
rename from src/integrationtest/java/labapi/UserSecret.java
rename to msal4j-sdk/src/integrationtest/java/labapi/UserSecret.java
diff --git a/src/integrationtest/java/labapi/UserType.java b/msal4j-sdk/src/integrationtest/java/labapi/UserType.java
similarity index 100%
rename from src/integrationtest/java/labapi/UserType.java
rename to msal4j-sdk/src/integrationtest/java/labapi/UserType.java
diff --git a/src/integrationtest/resources/logback-test.xml b/msal4j-sdk/src/integrationtest/resources/logback-test.xml
similarity index 100%
rename from src/integrationtest/resources/logback-test.xml
rename to msal4j-sdk/src/integrationtest/resources/logback-test.xml
diff --git a/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AADAuthority.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
similarity index 82%
rename from src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
index 11b2628b..a66094e9 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
@@ -14,7 +14,7 @@
 import java.util.TreeSet;
 import java.util.Map;
 import java.util.HashMap;
-import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.*;
 
 class AadInstanceDiscoveryProvider {
 
@@ -22,19 +22,24 @@ class AadInstanceDiscoveryProvider {
     private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize";
     private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance";
     private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}";
-    private final static String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}";
+    private final static String HOST_TEMPLATE_WITH_REGION = "{region}.login.microsoft.com";
     private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}";
     private final static String REGION_NAME = "REGION_NAME";
     private final static int PORT_NOT_SET = -1;
+
     // For information of the current api-version refer: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service#versioning
-    private final static String DEFAULT_API_VERSION = "2020-06-01";
-    private final static String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text";
+    private static final String DEFAULT_API_VERSION = "2020-06-01";
+    private static final String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text";
 
-    final static TreeSet<String> TRUSTED_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
-    final static TreeSet<String> TRUSTED_SOVEREIGN_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+    private static final int IMDS_TIMEOUT = 2;
+    private static final TimeUnit IMDS_TIMEOUT_UNIT = TimeUnit.SECONDS;
+    static final TreeSet<String> TRUSTED_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
+    static final TreeSet<String> TRUSTED_SOVEREIGN_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
 
-    private final static Logger log = LoggerFactory.getLogger(HttpHelper.class);
+    private static final Logger log = LoggerFactory.getLogger(AadInstanceDiscoveryProvider.class);
 
+    //flag to check if instance discovery has failed
+    private static boolean instanceDiscoveryFailed = false;
     static ConcurrentHashMap<String, InstanceDiscoveryMetadataEntry> cache = new ConcurrentHashMap<>();
 
     static {
@@ -46,7 +51,9 @@ class AadInstanceDiscoveryProvider {
 
         TRUSTED_HOSTS_SET.addAll(Arrays.asList(
                 "login.windows.net",
-                "login.microsoftonline.com"));
+                "login.microsoftonline.com",
+                "login.microsoft.com",
+                "sts.windows.net"));
 
         TRUSTED_HOSTS_SET.addAll(TRUSTED_SOVEREIGN_HOSTS_SET);
     }
@@ -67,10 +74,9 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl,
 
             //If region autodetection is enabled and a specific region not already set,
             // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call
-            if (msalRequest.application().azureRegion() == null && msalRequest.application().autoDetectRegion()) {
-                if (detectedRegion != null) {
-                    msalRequest.application().azureRegion = detectedRegion;
-                }
+            if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion()
+                    && null != detectedRegion) {
+                msalRequest.application().azureRegion = detectedRegion;
             }
             cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion());
             serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome(
@@ -80,7 +86,16 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl,
         InstanceDiscoveryMetadataEntry result = cache.get(host);
 
         if (result == null) {
-            doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle);
+            if(msalRequest.application().instanceDiscovery() && !instanceDiscoveryFailed){
+                doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle);
+            } else {
+                // instanceDiscovery flag is set to False. Do not perform instanceDiscovery.
+                return InstanceDiscoveryMetadataEntry.builder().
+                        preferredCache(host).
+                        preferredNetwork(host).
+                        aliases(Collections.singleton(host)).
+                        build();
+            }
         }
 
         return cache.get(host);
@@ -178,8 +193,7 @@ private static String getRegionalizedHost(String host, String region) {
         //  whereas sovereign cloud endpoints and any non-Microsoft authorities are assumed to follow another template
         if (TRUSTED_HOSTS_SET.contains(host) && !TRUSTED_SOVEREIGN_HOSTS_SET.contains(host)){
             regionalizedHost = HOST_TEMPLATE_WITH_REGION.
-                    replace("{region}", region).
-                    replace("{host}", host);
+                    replace("{region}", region);
 
         } else {
             regionalizedHost = SOVEREIGN_HOST_TEMPLATE_WITH_REGION.
@@ -222,12 +236,18 @@ private static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL aut
 
         httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle);
 
+        AadInstanceDiscoveryResponse response = JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class);
+
         if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) {
-            throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
+            if(httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && response.error().equals("invalid_instance")){
+                // instance discovery failed due to an invalid authority, throw an exception.
+                throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
+            }
+            // instance discovery failed due to reasons other than an invalid authority, do not perform instance discovery again in this environment.
+            instanceDiscoveryFailed = true;
         }
 
-
-        return JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class);
+        return response;
     }
 
     private static int determineRegionOutcome(String detectedRegion, String providedRegion, boolean autoDetect) {
@@ -281,33 +301,39 @@ private static String discoverRegion(MsalRequest msalRequest, ServiceBundle serv
             return System.getenv(REGION_NAME);
         }
 
-        try {
-            //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM)
-            Map<String, String> headers = new HashMap<>();
-            headers.put("Metadata", "true");
-            IHttpResponse httpResponse = executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle);
+        //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM)
+        Map<String, String> headers = new HashMap<>();
+        headers.put("Metadata", "true");
 
+        ExecutorService executor = Executors.newSingleThreadExecutor();
+        Future<IHttpResponse> future = executor.submit(() -> executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle));
+
+        try {
+            log.info("Starting call to IMDS endpoint.");
+            IHttpResponse httpResponse = future.get(IMDS_TIMEOUT, IMDS_TIMEOUT_UNIT);
             //If call to IMDS endpoint was successful, return region from response body
             if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_200 && !httpResponse.body().isEmpty()) {
-                log.info("Region retrieved from IMDS endpoint: " + httpResponse.body());
+                log.info(String.format("Region retrieved from IMDS endpoint: %s", httpResponse.body()));
                 currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_IMDS.telemetryValue);
 
                 return httpResponse.body();
             }
-
             log.warn(String.format("Call to local IMDS failed with status code: %s, or response was empty", httpResponse.statusCode()));
             currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue);
-
-            return null;
-        } catch (Exception e) {
+        } catch (Exception ex) {
+            // handle other exceptions
             //IMDS call failed, cannot find region
             //The IMDS endpoint is only available from within an Azure environment, so the most common cause of this
             //  exception will likely be java.net.SocketException: Network is unreachable: connect
-            log.warn(String.format("Exception during call to local IMDS endpoint: %s", e.getMessage()));
+            log.warn(String.format("Exception during call to local IMDS endpoint: %s", ex.getMessage()));
             currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue);
+            future.cancel(true);
 
-            return null;
+        } finally {
+            executor.shutdownNow();
         }
+
+        return null;
     }
 
     private static void doInstanceDiscoveryAndCache(URL authorityUrl,
diff --git a/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
similarity index 93%
rename from src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
index 862a3ce8..37ee24d5 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
@@ -104,6 +104,10 @@ public abstract class AbstractClientApplicationBase implements IClientApplicatio
     @Getter
     protected String azureRegion;
 
+    @Accessors(fluent = true)
+    @Getter
+    private boolean instanceDiscovery;
+
     @Override
     public CompletableFuture<IAuthenticationResult> acquireToken(AuthorizationCodeParameters parameters) {
 
@@ -325,6 +329,7 @@ public abstract static class Builder<T extends Builder<T>> {
         private String azureRegion;
         private Integer connectTimeoutForDefaultHttpClient;
         private Integer readTimeoutForDefaultHttpClient;
+        private boolean instanceDiscovery = true;
 
         /**
          * Constructor to create instance of Builder of client application
@@ -352,7 +357,7 @@ public T authority(String val) throws MalformedURLException {
             authority = Authority.enforceTrailingSlash(val);
 
             URL authorityURL = new URL(authority);
-            Authority.validateAuthority(authorityURL);
+
 
             switch (Authority.detectAuthorityType(authorityURL)) {
                 case AAD:
@@ -361,13 +366,30 @@ public T authority(String val) throws MalformedURLException {
                 case ADFS:
                     authenticationAuthority = new ADFSAuthority(authorityURL);
                     break;
+                case CIAM:
+                    authenticationAuthority = new CIAMAuthority(authorityURL);
+                    break;
                 default:
                     throw new IllegalArgumentException("Unsupported authority type.");
             }
 
+            Authority.validateAuthority(authenticationAuthority.canonicalAuthorityUrl());
+
             return self();
         }
 
+        /**
+         * Set URL of the authenticating B2C authority from which MSAL will acquire tokens
+         *
+         * Valid B2C authorities should look like: https://&lt;something.b2clogin.com/&lt;tenant&gt;/&lt;policy&gt;
+         *
+         * MSAL Java also supports a legacy B2C authority format, which looks like: https://&lt;host&gt;/tfp/&lt;tenant&gt;/&lt;policy&gt;
+         *
+         * However, MSAL Java will eventually stop supporting the legacy format. See here for information on how to migrate to the new format: https://aka.ms/msal4j-b2c
+         *
+         * @param val a boolean value for validateAuthority
+         * @return instance of the Builder on which method was called
+         */
         public T b2cAuthority(String val) throws MalformedURLException {
             authority = Authority.enforceTrailingSlash(val);
 
@@ -643,6 +665,18 @@ public T azureRegion(String val) {
             return self();
         }
 
+        /** Historically, MSAL would connect to a central endpoint located at
+            ``https://login.microsoftonline.com`` to acquire some metadata, especially when using an unfamiliar authority.
+        This behavior is known as Instance Discovery.
+        This parameter defaults to true, which enables the Instance Discovery.
+        If you do not know some authorities beforehand,
+        yet still want MSAL to accept any authority that you will provide,
+        you can use a ``False`` to unconditionally disable Instance Discovery. */
+        public T instanceDiscovery(boolean val) {
+            instanceDiscovery = val;
+            return self();
+        }
+
         abstract AbstractClientApplicationBase build();
     }
 
@@ -671,6 +705,7 @@ public T azureRegion(String val) {
         clientCapabilities = builder.clientCapabilities;
         autoDetectRegion = builder.autoDetectRegion;
         azureRegion = builder.azureRegion;
+        instanceDiscovery = builder.instanceDiscovery;
 
         if (aadAadInstanceDiscoveryResponse != null) {
             AadInstanceDiscoveryProvider.cacheInstanceDiscoveryMetadata(
diff --git a/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/Account.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Account.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/Account.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Account.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
similarity index 73%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
index ca57bdf6..e63fb37d 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java
@@ -6,8 +6,13 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;
 
+/** Disclaimer - This  class is meant to be used by the Azure SDK team only.
+ *  Any other teams are discouraged from using this class to prevent any side effects.
+ */
 class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier {
 
+    private static final int TWO_HOURS = 2*3600;
+
     private AppTokenProviderParameters appTokenProviderParameters;
 
     private ClientCredentialRequest clientCredentialRequest;
@@ -20,7 +25,7 @@ class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier {
         this.appTokenProviderParameters = appTokenProviderParameters;
     }
 
-    private static void validateTokenProviderResult(TokenProviderResult tokenProviderResult) {
+    private static void validateAndUpdateTokenProviderResult(TokenProviderResult tokenProviderResult) {
         if (null == tokenProviderResult.getAccessToken() || tokenProviderResult.getAccessToken().isEmpty()) {
             handleInvalidExternalValueError(tokenProviderResult.getAccessToken());
         }
@@ -32,6 +37,13 @@ private static void validateTokenProviderResult(TokenProviderResult tokenProvide
         if (null == tokenProviderResult.getTenantId() || tokenProviderResult.getTenantId().isEmpty()) {
             handleInvalidExternalValueError(tokenProviderResult.getTenantId());
         }
+
+        if (0 == tokenProviderResult.getRefreshInSeconds()){
+            long expireInSeconds = tokenProviderResult.getExpiresInSeconds();
+            if(expireInSeconds >= TWO_HOURS){
+                tokenProviderResult.setRefreshInSeconds(expireInSeconds/2);
+            }
+        }
     }
 
     private static void handleInvalidExternalValueError(String nameOfValue) {
@@ -56,11 +68,16 @@ AuthenticationResult execute() throws Exception {
 
     public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderParameters appTokenProviderParameters) throws ExecutionException, InterruptedException {
 
-        CompletableFuture<TokenProviderResult> completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters);
+        TokenProviderResult tokenProviderResult;
+        try{
+            CompletableFuture<TokenProviderResult> completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters);
+            tokenProviderResult = completableFuture.get();
 
-        TokenProviderResult tokenProviderResult = completableFuture.get();
+        } catch (Exception ex){
+            throw new MsalAzureSDKException(ex);
+        }
 
-        validateTokenProviderResult(tokenProviderResult);
+        validateAndUpdateTokenProviderResult(tokenProviderResult);
 
         return AuthenticationResult.builder()
                 .accessToken(tokenProviderResult.getAccessToken())
@@ -69,6 +86,5 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara
                 .expiresOn(tokenProviderResult.getExpiresInSeconds())
                 .refreshOn(tokenProviderResult.getRefreshInSeconds())
                 .build();
-
     }
 }
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ApiEvent.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
similarity index 93%
rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
index 8db6d69a..78f5260c 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
@@ -115,4 +115,9 @@ public class AuthenticationErrorCode {
      * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format.
      */
     public final static String INVALID_JWT = "invalid_jwt";
+    /**
+     * Indicates that a Broker implementation is missing from the device, such as when an app developer
+     * does not include one of our broker packages as a dependency in their project, or otherwise cannot
+     * be accessed by MSAL Java*/
+    public final static String MISSING_BROKER = "missing_broker";
 }
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java
similarity index 93%
rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java
index 07ab4e8d..c7770620 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java
@@ -4,16 +4,14 @@
 package com.microsoft.aad.msal4j;
 
 
-import java.nio.charset.StandardCharsets;
 import java.net.MalformedURLException;
-import java.util.Base64;
-
-import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
 import java.util.concurrent.CompletionException;
 import java.util.function.Supplier;
 
@@ -114,8 +112,8 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) {
                         .refreshToken());
                 if (clientApplication.logPii()) {
                     clientApplication.log.debug(LogHelper.createMessage(String.format(
-                            "Access Token with hash '%s' and Refresh Token with hash '%s' returned",
-                            accessTokenHash, refreshTokenHash),
+                                    "Access Token with hash '%s' and Refresh Token with hash '%s' returned",
+                                    accessTokenHash, refreshTokenHash),
                             headers.getHeaderCorrelationIdValue()));
                 } else {
                     clientApplication.log.debug(
@@ -126,7 +124,7 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) {
             } else {
                 if (clientApplication.logPii()) {
                     clientApplication.log.debug(LogHelper.createMessage(String.format(
-                            "Access Token with hash '%s' returned", accessTokenHash),
+                                    "Access Token with hash '%s' returned", accessTokenHash),
                             headers.getHeaderCorrelationIdValue()));
                 } else {
                     clientApplication.log.debug(LogHelper.createMessage(
@@ -149,6 +147,9 @@ private void logException(Exception ex) {
                 clientApplication.log.debug(logMessage, ex);
                 return;
             }
+        } else if (ex instanceof MsalAzureSDKException) {
+            clientApplication.log.debug(ex.getMessage(), ex);
+            return;
         }
 
         clientApplication.log.error(logMessage, ex);
@@ -163,11 +164,7 @@ private ApiEvent initializeApiEvent(MsalRequest msalRequest) {
         apiEvent.setRequestId(msalRequest.requestContext().telemetryRequestId());
         apiEvent.setWasSuccessful(false);
 
-        if (clientApplication instanceof ConfidentialClientApplication) {
-            apiEvent.setIsConfidentialClient(true);
-        } else {
-            apiEvent.setIsConfidentialClient(false);
-        }
+        apiEvent.setIsConfidentialClient(clientApplication instanceof ConfidentialClientApplication);
 
         try {
             Authority authenticationAuthority = clientApplication.authenticationAuthority;
diff --git a/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java
similarity index 77%
rename from src/main/java/com/microsoft/aad/msal4j/Authority.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java
index 0a15a355..5644db45 100644
--- a/src/main/java/com/microsoft/aad/msal4j/Authority.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java
@@ -20,6 +20,7 @@ abstract class Authority {
 
     private static final String ADFS_PATH_SEGMENT = "adfs";
     private static final String B2C_PATH_SEGMENT = "tfp";
+    private static final String B2C_HOST_SEGMENT = "b2clogin.com";
 
     private final static String USER_REALM_ENDPOINT = "common/userrealm";
     private final static String userRealmEndpointFormat = "https://%s/" + USER_REALM_ENDPOINT + "/%s?api-version=1.0";
@@ -53,19 +54,22 @@ private void setCommonAuthorityProperties() {
         this.host = canonicalAuthorityUrl.getAuthority().toLowerCase();
     }
 
-    static Authority createAuthority(URL authorityUrl) {
-        validateAuthority(authorityUrl);
-
+    static Authority createAuthority(URL authorityUrl) throws MalformedURLException{
+        Authority createdAuthority;
         AuthorityType authorityType = detectAuthorityType(authorityUrl);
         if (authorityType == AuthorityType.AAD) {
-            return new AADAuthority(authorityUrl);
+            createdAuthority = new AADAuthority(authorityUrl);
         } else if (authorityType == AuthorityType.B2C) {
-            return new B2CAuthority(authorityUrl);
+            createdAuthority = new B2CAuthority(authorityUrl);
         } else if (authorityType == AuthorityType.ADFS) {
-            return new ADFSAuthority(authorityUrl);
+            createdAuthority = new ADFSAuthority(authorityUrl);
+        } else if(authorityType == AuthorityType.CIAM){
+            createdAuthority = new CIAMAuthority(authorityUrl);
         } else {
             throw new IllegalArgumentException("Unsupported Authority Type");
         }
+        validateAuthority(createdAuthority.canonicalAuthorityUrl());
+        return createdAuthority;
     }
 
     static AuthorityType detectAuthorityType(URL authorityUrl) {
@@ -75,17 +79,23 @@ static AuthorityType detectAuthorityType(URL authorityUrl) {
 
         final String path = authorityUrl.getPath().substring(1);
         if (StringHelper.isBlank(path)) {
+            if(isCiamAuthority(authorityUrl.getHost())){
+                return AuthorityType.CIAM;
+            }
             throw new IllegalArgumentException(
                     "authority Uri should have at least one segment in the path (i.e. https://<host>/<path>/...)");
         }
 
+        final String host = authorityUrl.getHost();
         final String firstPath = path.substring(0, path.indexOf("/"));
 
-        if (isB2CAuthority(firstPath)) {
+        if (isB2CAuthority(host, firstPath)) {
             return AuthorityType.B2C;
         } else if (isAdfsAuthority(firstPath)) {
             return AuthorityType.ADFS;
-        } else {
+        } else if(isCiamAuthority(host)){
+            return AuthorityType.CIAM;
+        } else{
             return AuthorityType.AAD;
         }
     }
@@ -131,7 +141,11 @@ static void validateAuthority(URL authorityUrl) {
     static String getTenant(URL authorityUrl, AuthorityType authorityType) {
         String[] segments = authorityUrl.getPath().substring(1).split("/");
         if (authorityType == AuthorityType.B2C) {
-            return segments[1];
+            if (segments.length < 3){
+                return segments[0];
+            } else {
+                return segments[1];
+            }
         }
         return segments[0];
     }
@@ -144,8 +158,12 @@ private static boolean isAdfsAuthority(final String firstPath) {
         return firstPath.compareToIgnoreCase(ADFS_PATH_SEGMENT) == 0;
     }
 
-    private static boolean isB2CAuthority(final String firstPath) {
-        return firstPath.compareToIgnoreCase(B2C_PATH_SEGMENT) == 0;
+    private static boolean isB2CAuthority(final String host, final String firstPath) {
+        return host.contains(B2C_HOST_SEGMENT) || firstPath.compareToIgnoreCase(B2C_PATH_SEGMENT) == 0;
+    }
+
+    private static boolean isCiamAuthority(final String host){
+        return host.endsWith(CIAMAuthority.CIAM_HOST_SEGMENT);
     }
 
     String deviceCodeEndpoint() {
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java
similarity index 86%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorityType.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java
index aa442d74..f686f2f2 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java
@@ -4,5 +4,5 @@
 package com.microsoft.aad.msal4j;
 
 enum AuthorityType {
-    AAD, ADFS, B2C
+    AAD, ADFS, B2C, CIAM
 }
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java
similarity index 95%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java
index 85d2fc3c..73a1b0c3 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java
@@ -57,6 +57,11 @@ public class AuthorizationCodeParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
similarity index 87%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
index 48045b1e..da1feccc 100644
--- a/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
@@ -7,6 +7,8 @@
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.experimental.Accessors;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -34,8 +36,15 @@ public class AuthorizationRequestUrlParameters {
     private String correlationId;
     private boolean instanceAware;
 
+    //Unlike other prompts (which are sent as query parameters), admin consent has its own endpoint format
+    private static final String ADMIN_CONSENT_ENDPOINT = "https://login.microsoftonline.com/{tenant}/adminconsent";
+
+    Map<String, String> extraQueryParameters;
+
     Map<String, List<String>> requestParameters = new HashMap<>();
 
+    Logger log = LoggerFactory.getLogger(AuthorizationRequestUrlParameters.class);
+
     public static Builder builder(String redirectUri,
                                   Set<String> scopes) {
 
@@ -149,13 +158,32 @@ private AuthorizationRequestUrlParameters(Builder builder) {
             this.instanceAware = builder.instanceAware;
             requestParameters.put("instance_aware", Collections.singletonList(String.valueOf(instanceAware)));
         }
+
+        if(null != builder.extraQueryParameters && !builder.extraQueryParameters.isEmpty()){
+            this.extraQueryParameters = builder.extraQueryParameters;
+            for(Map.Entry<String, String> entry: this.extraQueryParameters.entrySet()){
+                String key = entry.getKey();
+                String value = entry.getValue();
+                if(requestParameters.containsKey(key)){
+                    log.warn("A query parameter {} has been provided with values multiple times.", key);
+                }
+                requestParameters.put(key, Collections.singletonList(value));
+            }
+        }
     }
 
     URL createAuthorizationURL(Authority authority,
                                Map<String, List<String>> requestParameters) {
         URL authorizationRequestUrl;
         try {
-            String authorizationCodeEndpoint = authority.authorizationEndpoint();
+            String authorizationCodeEndpoint;
+            if (prompt == Prompt.ADMIN_CONSENT) {
+                authorizationCodeEndpoint = ADMIN_CONSENT_ENDPOINT
+                        .replace("{tenant}", authority.tenant);
+            } else {
+                authorizationCodeEndpoint = authority.authorizationEndpoint();
+            }
+
             String uriString = authorizationCodeEndpoint + "?" +
                     URLUtils.serializeParameters(requestParameters);
 
@@ -184,6 +212,7 @@ public static class Builder {
         private Prompt prompt;
         private String correlationId;
         private boolean instanceAware;
+        private Map<String, String> extraQueryParameters;
 
         public AuthorizationRequestUrlParameters build() {
             return new AuthorizationRequestUrlParameters(this);
@@ -330,5 +359,14 @@ public Builder instanceAware(boolean val) {
             this.instanceAware = val;
             return self();
         }
+
+        /**
+         * Query parameters that you can add to the request,
+         * in addition to the list of parameters already provided.
+         */
+        public Builder extraQueryParameters(Map<String, String> val) {
+            this.extraQueryParameters = val;
+            return self();
+        }
     }
 }
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java
new file mode 100644
index 00000000..3d15c846
--- /dev/null
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java
@@ -0,0 +1,70 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.experimental.Accessors;
+
+import java.net.URL;
+
+@Accessors(fluent = true)
+@Getter(AccessLevel.PACKAGE)
+class B2CAuthority extends Authority {
+
+    private final static String AUTHORIZATION_ENDPOINT = "/oauth2/v2.0/authorize";
+    private final static String TOKEN_ENDPOINT = "/oauth2/v2.0/token";
+
+    private final static String B2C_AUTHORIZATION_ENDPOINT_FORMAT = "https://%s/%s/%s" + AUTHORIZATION_ENDPOINT;
+    private final static String B2C_TOKEN_ENDPOINT_FORMAT = "https://%s/%s" + TOKEN_ENDPOINT + "?p=%s";
+    private String policy;
+
+    B2CAuthority(final URL authorityUrl) {
+        super(authorityUrl, AuthorityType.B2C);
+        setAuthorityProperties();
+    }
+
+    private void validatePathSegments(String[] segments) {
+        if (segments.length < 2) {
+            throw new IllegalArgumentException(
+                    "Valid B2C 'authority' URLs should follow either of these formats: https://<host>/<tenant>/<policy>/... or https://<host>/something/<tenant>/<policy>/...");
+        }
+    }
+
+    private void setAuthorityProperties() {
+        String[] segments = canonicalAuthorityUrl.getPath().substring(1).split("/");
+
+        // In the early days of MSAL, the only way for the library to identify a B2C authority was whether or not the authority
+        //   had three segments in the path, and the first segment was 'tfp'. Valid B2C authorities looked like: https://<host>/tfp/<tenant>/<policy>/...
+        //
+        // More recent changes to B2C should ensure that any new B2C authorities have 'b2clogin.com' in the host of the URL,
+        //   so app developers shouldn't need to add 'tfp' and the first path segment should just be the tenant: https://<something>.b2clogin.com/<tenant>/<policy>/...
+        //
+        // However, legacy URLs using the old format must still be supported by these sorts of checks here and elsewhere, so for the near
+        //   future at least we must consider both formats as valid until we're either sure all customers are swapped,
+        //   or until we're comfortable with a potentially breaking change
+        validatePathSegments(segments);
+
+        try {
+            policy = segments[2];
+            this.authority = String.format(
+                    "https://%s/%s/%s/%s/",
+                    canonicalAuthorityUrl.getAuthority(),
+                    segments[0],
+                    segments[1],
+                    segments[2]);
+        } catch (IndexOutOfBoundsException e){
+            policy = segments[1];
+            this.authority = String.format(
+                    "https://%s/%s/%s/",
+                    canonicalAuthorityUrl.getAuthority(),
+                    segments[0],
+                    segments[1]);
+        }
+
+        this.authorizationEndpoint = String.format(B2C_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant, policy);
+        this.tokenEndpoint = String.format(B2C_TOKEN_ENDPOINT_FORMAT, host, tenant, policy);
+        this.selfSignedJwtAudience = this.tokenEndpoint;
+    }
+}
diff --git a/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java
new file mode 100644
index 00000000..5d4795a6
--- /dev/null
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java
@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+public class CIAMAuthority extends Authority{
+
+    public static final String CIAM_HOST_SEGMENT = ".ciamlogin.com";
+
+    static final String AUTHORIZATION_ENDPOINT = "oauth2/v2.0/authorize";
+    static final String TOKEN_ENDPOINT = "oauth2/v2.0/token";
+    static final String DEVICE_CODE_ENDPOINT = "oauth2/v2.0/devicecode";
+
+    private static final String CIAM_AUTHORITY_FORMAT = "https://%s/%s/";
+    private static final String DEVICE_CODE_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + DEVICE_CODE_ENDPOINT;
+
+    private static final String CIAM_AUTHORIZATION_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + AUTHORIZATION_ENDPOINT;
+    private static final String CIAM_TOKEN_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + TOKEN_ENDPOINT;
+
+    CIAMAuthority(URL authorityUrl) throws MalformedURLException {
+        super(transformAuthority(authorityUrl), AuthorityType.CIAM);
+        setAuthorityProperties();
+        this.authority = String.format(CIAM_AUTHORITY_FORMAT,host,tenant);
+    }
+
+    /** This method takes a CIAM authority string of format "tenant.ciamlogin.com" or "https://tenant.ciamlogin.com"
+     and converts it into a full authority url with a path segment of format "/tenant.onmicrosoft.com"
+     * @param originalAuthority authority to be transformed
+     * @return full CIAM authority with path
+     */
+    protected static URL transformAuthority(URL originalAuthority) throws MalformedURLException {
+        String host = originalAuthority.getHost() + originalAuthority.getPath();
+        String transformedAuthority = originalAuthority.toString();
+        if(originalAuthority.getPath().equals("/")){
+            int ciamHostIndex = host.indexOf(CIAMAuthority.CIAM_HOST_SEGMENT);
+            String tenant = host.substring(0 , ciamHostIndex);
+            transformedAuthority = originalAuthority + tenant + ".onmicrosoft.com/";
+        }
+        return new URL(transformedAuthority);
+    }
+
+    private void setAuthorityProperties() {
+        this.authorizationEndpoint = String.format(CIAM_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant);
+        this.tokenEndpoint = String.format(CIAM_TOKEN_ENDPOINT_FORMAT, host, tenant);
+        this.deviceCodeEndpoint = String.format(DEVICE_CODE_ENDPOINT_FORMAT, host, tenant);
+        this.selfSignedJwtAudience = this.tokenEndpoint;
+    }
+}
diff --git a/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java
similarity index 87%
rename from src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java
index 536b9765..10cd3f93 100644
--- a/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java
@@ -3,6 +3,9 @@
 
 package com.microsoft.aad.msal4j;
 
+import lombok.Getter;
+import lombok.experimental.Accessors;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
@@ -19,10 +22,11 @@
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.*;
-
-import lombok.Getter;
-import lombok.experimental.Accessors;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Enumeration;
+import java.util.List;
 
 final class ClientCertificate implements IClientCertificate {
 
@@ -97,14 +101,7 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password)
         final KeyStore keystore = KeyStore.getInstance("PKCS12");
         keystore.load(pkcs12Certificate, password.toCharArray());
 
-        final Enumeration<String> aliases = keystore.aliases();
-        if (!aliases.hasMoreElements()) {
-            throw new IllegalArgumentException("certificate not loaded from input stream");
-        }
-        String alias = aliases.nextElement();
-        if (aliases.hasMoreElements()) {
-            throw new IllegalArgumentException("more than one certificate alias found in input stream");
-        }
+        String alias = getPrivateKeyAlias(keystore);
 
         ArrayList<X509Certificate> publicKeyCertificateChain = new ArrayList<>();
         PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray());
@@ -123,6 +120,26 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password)
         return new ClientCertificate(privateKey, publicKeyCertificateChain);
     }
 
+    static String getPrivateKeyAlias(KeyStore keystore) throws KeyStoreException {
+        String alias = null;
+        final Enumeration<String> aliases = keystore.aliases();
+        while (aliases.hasMoreElements()) {
+            String currentAlias = aliases.nextElement();
+            if (keystore.entryInstanceOf(currentAlias, KeyStore.PrivateKeyEntry.class)) {
+                if (alias != null) {
+                    throw new IllegalArgumentException("more than one certificate alias found in input stream");
+                }
+                alias = currentAlias;
+            }
+        }
+
+        if (alias == null) {
+            throw new IllegalArgumentException("certificate not loaded from input stream");
+        }
+
+        return alias;
+    }
+
     static ClientCertificate create(final PrivateKey key, final X509Certificate publicKeyCertificate) {
         return new ClientCertificate(key, Arrays.asList(publicKeyCertificate));
     }
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java
similarity index 93%
rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java
index 367516c0..440c5e08 100644
--- a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java
@@ -44,6 +44,11 @@ public class ClientCredentialParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientInfo.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ClientSecret.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/Constants.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/Constants.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/Credential.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Credential.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/Credential.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Credential.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/DeviceCode.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java
similarity index 94%
rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java
index daede3d7..63f9c8e3 100644
--- a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java
@@ -49,6 +49,11 @@ public class DeviceCodeFlowParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/Event.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Event.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/Event.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Event.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/EventKey.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/EventKey.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/EventKey.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/EventKey.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpEvent.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java
similarity index 99%
rename from src/main/java/com/microsoft/aad/msal4j/HttpHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java
index 2c088fd5..cc6b4e7d 100644
--- a/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java
@@ -22,6 +22,9 @@ class HttpHelper {
     public static final int RETRY_DELAY_MS = 1000;
 
     public static final int HTTP_STATUS_200 = 200;
+
+    public static final int HTTP_STATUS_400 = 400;
+
     public static final int HTTP_STATUS_429 = 429;
     public static final int HTTP_STATUS_500 = 500;
 
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpListener.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpListener.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpListener.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpListener.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpMethod.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/HttpUtils.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IAccount.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAccount.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IAccount.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAccount.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java
similarity index 88%
rename from src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java
index d226ed3f..f79219f9 100644
--- a/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java
@@ -16,4 +16,6 @@ interface IAcquireTokenParameters {
 
     Map<String, String> extraHttpHeaders();
     String tenant();
+
+    Map<String, String> extraQueryParameters();
 }
diff --git a/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java
new file mode 100644
index 00000000..919a8092
--- /dev/null
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java
@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import java.util.Set;
+import java.util.concurrent.CompletableFuture;
+
+/**
+ * Used to define the basic set of methods that all Brokers must implement
+ *
+ * All methods are so they can be referenced by MSAL Java without an implementation, and by default simply throw an
+ * exception saying that a broker implementation is missing
+ */
+public interface IBroker {
+
+    /**
+     * checks if a IBroker implementation exists
+     */
+
+    default boolean isAvailable(){
+        return false;
+    }
+    /**
+     * Acquire a token silently, i.e. without direct user interaction
+     *
+     * This may be accomplished by returning tokens from a token cache, using cached refresh tokens to get new tokens,
+     * or via any authentication flow where a user is not prompted to enter credentials
+     *
+     * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request
+     * @return IBroker implementations will return an AuthenticationResult object
+     */
+    default IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER);
+    }
+
+    /**
+     * Acquire a token interactively, by prompting users to enter their credentials in some way
+     *
+     * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request
+     * @return IBroker implementations will return an AuthenticationResult object
+     */
+    default IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER);
+    }
+
+    /**
+     * Acquire a token silently, i.e. without direct user interaction, using username/password authentication
+     *
+     * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request
+     * @return IBroker implementations will return an AuthenticationResult object
+     */
+    default IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER);
+    }
+
+    default CompletableFuture removeAccount(IAccount account) {
+        throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IClientCredential.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IClientSecret.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IHttpClient.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITelemetry.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITokenCache.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IdToken.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdToken.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IdToken.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdToken.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java
similarity index 94%
rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java
index bd245fd3..cee5865d 100644
--- a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java
@@ -46,6 +46,11 @@ public class IntegratedWindowsAuthenticationParameters implements IAcquireTokenP
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java
similarity index 63%
rename from src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java
index 2c024bb9..36149e2e 100644
--- a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java
@@ -10,6 +10,7 @@
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.URL;
+import java.net.UnknownHostException;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.UUID;
@@ -55,24 +56,31 @@ URL authorizationUrl() {
     }
 
     private void validateRedirectUrl(URI redirectUri) {
+        String host = redirectUri.getHost();
+        String scheme = redirectUri.getScheme();
+        InetAddress address;
+
+        //Validate URI scheme. Only http is valid, as determined by the HttpListener created in AcquireTokenByInteractiveFlowSupplier.startHttpListener()
+        if (scheme == null || !scheme.equals("http")) {
+            throw new MsalClientException(String.format(
+                    "Only http://localhost or http://localhost:port is supported for the redirect URI of an interactive request using a browser, but \"%s\" was found. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", scheme),
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
+        }
+
+        //Ensure that the given redirect URI has a known address
         try {
-            if (!InetAddress.getByName(redirectUri.getHost()).isLoopbackAddress()) {
-                throw new MsalClientException(String.format(
-                        "Only loopback redirect uri is supported, but %s was found " +
-                                "Configure http://localhost or http://localhost:port both during app registration" +
-                                "and when you create the create the InteractiveRequestParameters object", redirectUri.getHost()),
-                        AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
-            }
-
-            if (!redirectUri.getScheme().equals("http")) {
-                throw new MsalClientException(String.format(
-                        "Only http uri scheme is supported but %s was found. Configure http://localhost" +
-                                "or http://localhost:port both during app registration and when you create" +
-                                " the create the InteractiveRequestParameters object", redirectUri.toString()),
-                        AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
-            }
-        } catch (Exception exception) {
-            throw new MsalClientException(exception);
+            address = InetAddress.getByName(host);
+        } catch (UnknownHostException e) {
+            throw new MsalClientException(String.format(
+                    "Unknown host exception for host \"%s\". For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", host),
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
+        }
+
+        //Ensure that the redirect URI is considered a loopback address
+        if (address == null || !address.isLoopbackAddress()) {
+            throw new MsalClientException(
+                    "Only loopback redirect URI is supported for interactive requests. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request",
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
         }
     }
 
@@ -87,11 +95,15 @@ private URL createAuthorizationUrl() {
                         .loginHint(interactiveRequestParameters.loginHint())
                         .domainHint(interactiveRequestParameters.domainHint())
                         .correlationId(publicClientApplication.correlationId())
-                        .instanceAware(interactiveRequestParameters.instanceAware());
+                        .instanceAware(interactiveRequestParameters.instanceAware())
+                        .extraQueryParameters(interactiveRequestParameters.extraQueryParameters());
 
         addPkceAndState(authorizationRequestUrlBuilder);
+        AuthorizationRequestUrlParameters authorizationRequestUrlParameters =
+                authorizationRequestUrlBuilder.build();
+
         return publicClientApplication.getAuthorizationRequestUrl(
-                authorizationRequestUrlBuilder.build());
+                authorizationRequestUrlParameters);
     }
 
     private void addPkceAndState(AuthorizationRequestUrlParameters.Builder builder) {
diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java
similarity index 96%
rename from src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java
index acdb638a..33e89eab 100644
--- a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java
@@ -80,6 +80,11 @@ public class InteractiveRequestParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/JsonHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/JwtHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/LogHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/LogHelper.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/LogHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/LogHelper.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MexParser.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MexParser.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MexParser.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MexParser.java
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java
new file mode 100644
index 00000000..0157d696
--- /dev/null
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java
@@ -0,0 +1,14 @@
+package com.microsoft.aad.msal4j;
+
+/**
+ * Exception type thrown when Azure SDK returns an error response.
+ */
+public class MsalAzureSDKException extends MsalException{
+    public MsalAzureSDKException(Throwable throwable) {
+        super(throwable);
+    }
+
+    public MsalAzureSDKException(String message, String errorCode) {
+        super(message, errorCode);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalClientException.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalException.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalException.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalException.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java
similarity index 94%
rename from src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java
index 633b41dc..1c929bc4 100644
--- a/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java
@@ -46,6 +46,11 @@ public class OnBehalfOfParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/Prompt.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
similarity index 83%
rename from src/main/java/com/microsoft/aad/msal4j/Prompt.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
index 1c5efd7b..7670f3da 100644
--- a/src/main/java/com/microsoft/aad/msal4j/Prompt.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
@@ -25,14 +25,6 @@ public enum Prompt {
      */
     CONSENT("consent"),
 
-    /**
-     * An administrator should be prompted to consent on behalf of all users in their organization.
-     * <p>
-     * Deprecated, instead use Prompt.ADMIN_CONSENT
-     */
-    @Deprecated
-    ADMING_CONSENT("admin_consent"),
-
     /**
      * An administrator should be prompted to consent on behalf of all users in their organization.
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/PublicApi.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicApi.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/PublicApi.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicApi.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
similarity index 95%
rename from src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
index a7f18dda..80fa1c31 100644
--- a/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
@@ -66,10 +66,9 @@ public CompletableFuture<IAuthenticationResult> acquireToken(IntegratedWindowsAu
     @Override
     public CompletableFuture<IAuthenticationResult> acquireToken(DeviceCodeFlowParameters parameters) {
 
-        if (!(AuthorityType.AAD.equals(authenticationAuthority.authorityType()) ||
-                AuthorityType.ADFS.equals(authenticationAuthority.authorityType()))) {
+        if (AuthorityType.B2C.equals(authenticationAuthority.authorityType())) {
             throw new IllegalArgumentException(
-                    "Invalid authority type. Device Flow is only supported by AAD and ADFS authorities");
+                    "Invalid authority type. Device Flow is not supported by B2C authority.");
         }
 
         validateNotNull("parameters", parameters);
diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java
similarity index 94%
rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java
index 5a9750b0..862462a4 100644
--- a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java
@@ -48,6 +48,11 @@ public class RefreshTokenParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestContext.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RequestContext.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestContext.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ResponseMode.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java
similarity index 96%
rename from src/main/java/com/microsoft/aad/msal4j/SilentParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java
index 8778a07b..429c5dbb 100644
--- a/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java
@@ -54,6 +54,11 @@ public class SilentParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/SilentRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/StringHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/StringHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TenantProfile.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TokenCache.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
similarity index 92%
rename from src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
index a8ab5194..50805df2 100644
--- a/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java
@@ -34,7 +34,7 @@ class TokenRequestExecutor {
 
     AuthenticationResult executeTokenRequest() throws ParseException, IOException {
 
-        log.debug("Sending token request to: " + requestAuthority.canonicalAuthorityUrl());
+        log.debug("Sending token request to: {}", requestAuthority.canonicalAuthorityUrl());
         OAuthHttpRequest oAuthHttpRequest = createOauthHttpRequest();
         HTTPResponse oauthHttpResponse = oAuthHttpRequest.send();
         return createAuthenticationResultFromOauthHttpResponse(oauthHttpResponse);
@@ -67,6 +67,15 @@ OAuthHttpRequest createOauthHttpRequest() throws SerializeException, MalformedUR
             params.put("claims", Collections.singletonList(claimsRequest));
         }
 
+        if(msalRequest.requestContext().apiParameters().extraQueryParameters() != null ){
+            for(String key: msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()){
+                    if(params.containsKey(key)){
+                       log.warn("A query parameter {} has been provided with values multiple times.", key);
+                    }
+                    params.put(key, Collections.singletonList(msalRequest.requestContext().apiParameters().extraQueryParameters().get(key)));
+            }
+        }
+
         oauthHttpRequest.setQuery(URLUtils.serializeParameters(params));
       
         if (msalRequest.application().clientAuthentication() != null) {
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/TokenResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/UserAssertion.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
similarity index 95%
rename from src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
index b7f70f55..cc4dab0c 100644
--- a/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
@@ -53,6 +53,11 @@ public class UserNamePasswordParameters implements IAcquireTokenParameters {
      */
     private Map<String, String> extraHttpHeaders;
 
+    /**
+     * Adds additional query parameters to the token request
+     */
+    private Map<String, String> extraQueryParameters;
+
     /**
      * Overrides the tenant value in the authority URL for this request
      */
diff --git a/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java
diff --git a/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java
similarity index 100%
rename from src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java
rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java
diff --git a/src/samples/cache/TokenCacheAspect.java b/msal4j-sdk/src/samples/cache/TokenCacheAspect.java
similarity index 100%
rename from src/samples/cache/TokenCacheAspect.java
rename to msal4j-sdk/src/samples/cache/TokenCacheAspect.java
diff --git a/src/samples/cache/sample_cache.json b/msal4j-sdk/src/samples/cache/sample_cache.json
similarity index 100%
rename from src/samples/cache/sample_cache.json
rename to msal4j-sdk/src/samples/cache/sample_cache.json
diff --git a/src/samples/confidential-client/ClientCredentialGrant.java b/msal4j-sdk/src/samples/confidential-client/ClientCredentialGrant.java
similarity index 100%
rename from src/samples/confidential-client/ClientCredentialGrant.java
rename to msal4j-sdk/src/samples/confidential-client/ClientCredentialGrant.java
diff --git a/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml
similarity index 97%
rename from src/samples/msal-b2c-web-sample/pom.xml
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml
index a63252b5..44fb595f 100644
--- a/src/samples/msal-b2c-web-sample/pom.xml
+++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml
@@ -23,7 +23,7 @@
 		<dependency>
 			<groupId>com.microsoft.azure</groupId>
 			<artifactId>msal4j</artifactId>
-			<version>1.13.1</version>
+			<version>1.13.8</version>
 		</dependency>
 		<dependency>
 			<groupId>com.nimbusds</groupId>
@@ -33,7 +33,7 @@
 		<dependency>
 			<groupId>org.json</groupId>
 			<artifactId>json</artifactId>
-			<version>20090211</version>
+			<version>20230227</version>
 		</dependency>
 
 		<dependency>
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/application.properties
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/resources/application.properties
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/application.properties
diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html
diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html
diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html
similarity index 100%
rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html
rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html
diff --git a/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml
similarity index 94%
rename from src/samples/msal-obo-sample/pom.xml
rename to msal4j-sdk/src/samples/msal-obo-sample/pom.xml
index 68d81077..83de76a6 100644
--- a/src/samples/msal-obo-sample/pom.xml
+++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml
@@ -23,7 +23,7 @@
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>msal4j</artifactId>
-            <version>1.13.1</version>
+            <version>1.13.8</version>
         </dependency>
         <dependency>
             <groupId>com.nimbusds</groupId>
@@ -33,7 +33,7 @@
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>
-            <version>20090211</version>
+            <version>20230227</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -58,7 +58,7 @@
         <dependency>
             <groupId>org.springframework.security.oauth</groupId>
             <artifactId>spring-security-oauth2</artifactId>
-            <version>2.3.6.RELEASE</version>
+            <version>2.5.2</version>
         </dependency>
 
         <dependency>
@@ -75,7 +75,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>29.0-jre</version>
+            <version>31.1-jre</version>
         </dependency>
 
     </dependencies>
diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java
diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java
diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java
diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java
diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java
diff --git a/src/samples/msal-obo-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-obo-sample/src/main/resources/application.properties
similarity index 100%
rename from src/samples/msal-obo-sample/src/main/resources/application.properties
rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/resources/application.properties
diff --git a/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml
similarity index 97%
rename from src/samples/msal-web-sample/pom.xml
rename to msal4j-sdk/src/samples/msal-web-sample/pom.xml
index 891c6aed..4c5eb86e 100644
--- a/src/samples/msal-web-sample/pom.xml
+++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml
@@ -23,7 +23,7 @@
 		<dependency>
 			<groupId>com.microsoft.azure</groupId>
 			<artifactId>msal4j</artifactId>
-			<version>1.13.1</version>
+			<version>1.13.8</version>
 		</dependency>
 		<dependency>
 			<groupId>com.nimbusds</groupId>
@@ -33,7 +33,7 @@
 		<dependency>
 			<groupId>org.json</groupId>
 			<artifactId>json</artifactId>
-			<version>20090211</version>
+			<version>20230227</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java
diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java
similarity index 100%
rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java
diff --git a/src/samples/msal-web-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/application.properties
similarity index 100%
rename from src/samples/msal-web-sample/src/main/resources/application.properties
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/application.properties
diff --git a/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html
similarity index 100%
rename from src/samples/msal-web-sample/src/main/resources/templates/auth_page.html
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html
diff --git a/src/samples/msal-web-sample/src/main/resources/templates/error.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/error.html
similarity index 100%
rename from src/samples/msal-web-sample/src/main/resources/templates/error.html
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/error.html
diff --git a/src/samples/msal-web-sample/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/index.html
similarity index 100%
rename from src/samples/msal-web-sample/src/main/resources/templates/index.html
rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/index.html
diff --git a/src/samples/public-client/DeviceCodeFlow.java b/msal4j-sdk/src/samples/public-client/DeviceCodeFlow.java
similarity index 100%
rename from src/samples/public-client/DeviceCodeFlow.java
rename to msal4j-sdk/src/samples/public-client/DeviceCodeFlow.java
diff --git a/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java b/msal4j-sdk/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java
similarity index 100%
rename from src/samples/public-client/IntegratedWindowsAuthenticationFlow.java
rename to msal4j-sdk/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java
diff --git a/src/samples/public-client/InteractiveFlow.java b/msal4j-sdk/src/samples/public-client/InteractiveFlow.java
similarity index 100%
rename from src/samples/public-client/InteractiveFlow.java
rename to msal4j-sdk/src/samples/public-client/InteractiveFlow.java
diff --git a/src/samples/public-client/InteractiveFlowB2C.java b/msal4j-sdk/src/samples/public-client/InteractiveFlowB2C.java
similarity index 100%
rename from src/samples/public-client/InteractiveFlowB2C.java
rename to msal4j-sdk/src/samples/public-client/InteractiveFlowB2C.java
diff --git a/src/samples/public-client/UsernamePasswordFlow.java b/msal4j-sdk/src/samples/public-client/UsernamePasswordFlow.java
similarity index 100%
rename from src/samples/public-client/UsernamePasswordFlow.java
rename to msal4j-sdk/src/samples/public-client/UsernamePasswordFlow.java
diff --git a/src/samples/public-client/application.properties b/msal4j-sdk/src/samples/public-client/application.properties
similarity index 100%
rename from src/samples/public-client/application.properties
rename to msal4j-sdk/src/samples/public-client/application.properties
diff --git a/src/samples/spring-security-web-app/pom.xml b/msal4j-sdk/src/samples/spring-security-web-app/pom.xml
similarity index 100%
rename from src/samples/spring-security-web-app/pom.xml
rename to msal4j-sdk/src/samples/spring-security-web-app/pom.xml
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java
diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java
diff --git a/src/samples/spring-security-web-app/src/main/resources/application.properties b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/application.properties
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/resources/application.properties
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/application.properties
diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/index.html
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/resources/templates/index.html
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/index.html
diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html
similarity index 100%
rename from src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html
rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html
diff --git a/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/AccountTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AccountTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/AccountTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AccountTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java
similarity index 80%
rename from src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java
index 0db1b159..cd0a8bf4 100644
--- a/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java
@@ -34,11 +34,37 @@ public void testDetectAuthorityType_B2C() throws Exception {
         Assert.assertEquals(Authority.detectAuthorityType(url), AuthorityType.B2C);
     }
 
+    @DataProvider(name = "ciamAuthorities")
+    public static Object[][] createCiamAuthorityData() throws MalformedURLException {
+        return new Object[][]{{new URL("https://msidlabciam1.ciamlogin.com/")},
+                {new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d/")},
+                {new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com/")},
+                {new URL("https://msidlabciam1.ciamlogin.com/aDomain/")}};
+    }
+
+    @Test(dataProvider = "ciamAuthorities")
+    public void testDetectAuthorityType_CIAM(URL authority) throws Exception {
+        Assert.assertEquals(Authority.detectAuthorityType(authority), AuthorityType.CIAM);
+    }
+
+    @DataProvider(name = "validCiamAuthoritiesAndTransformedAuthority")
+    public static Object[][] createCiamAndTransformedAuthorityData() throws MalformedURLException {
+        return new Object[][]{{new URL("https://msidlabciam1.ciamlogin.com/"),new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com/")},
+                {new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d"),new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d")},
+                {new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com"),new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com")},
+                {new URL("https://msidlabciam1.ciamlogin.com/aDomain"),new URL("https://msidlabciam1.ciamlogin.com/aDomain")}};
+    }
+
+    @Test(dataProvider = "validCiamAuthoritiesAndTransformedAuthority")
+    public void testCiamAuthorityTransformation(URL authority, URL transformedAuthority) throws Exception{
+        Assert.assertEquals(CIAMAuthority.transformAuthority(authority), transformedAuthority);
+    }
+
     @Test(expectedExceptions = IllegalArgumentException.class,
             expectedExceptionsMessageRegExp =
-                    "B2C 'authority' Uri should have at least 3 segments in the path \\(i.e. https://<host>/tfp/<tenant>/<policy>/...\\)")
+                    "Valid B2C 'authority' URLs should follow either of these formats.*")
     public void testB2CAuthorityConstructor_NotEnoughSegments() throws MalformedURLException {
-        new B2CAuthority(new URL("https://something.com/tfp/somethingelse/"));
+        new B2CAuthority(new URL("https://something.com/somethingelse/"));
     }
 
     @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "authority should use the 'https' scheme")
diff --git a/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java
similarity index 87%
rename from src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java
index 589bb339..66dd4f3a 100644
--- a/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java
@@ -20,14 +20,20 @@ public void testBuilder_onlyRequiredParameters() throws UnsupportedEncodingExcep
         String redirectUri = "http://localhost:8080";
         Set<String> scope = Collections.singleton("scope");
 
+        Map<String, String> extraParameters = new HashMap<>();
+        extraParameters.put("id_token_hint", "test");
+        extraParameters.put("another_param", "some_value");
+
         AuthorizationRequestUrlParameters parameters =
                 AuthorizationRequestUrlParameters
                         .builder(redirectUri, scope)
+                        .extraQueryParameters(extraParameters)
                         .build();
 
         Assert.assertEquals(parameters.responseMode(), ResponseMode.FORM_POST);
         Assert.assertEquals(parameters.redirectUri(), redirectUri);
         Assert.assertEquals(parameters.scopes().size(), 4);
+        Assert.assertEquals(parameters.extraQueryParameters.size(), 2);
 
         Assert.assertNull(parameters.loginHint());
         Assert.assertNull(parameters.codeChallenge());
@@ -58,6 +64,7 @@ public void testBuilder_onlyRequiredParameters() throws UnsupportedEncodingExcep
         Assert.assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080");
         Assert.assertEquals(queryParameters.get("client_id"), "client_id");
         Assert.assertEquals(queryParameters.get("response_mode"), "form_post");
+        Assert.assertEquals(queryParameters.get("id_token_hint"),"test");
     }
 
     @Test(expectedExceptions = IllegalArgumentException.class)
@@ -71,6 +78,22 @@ public void testBuilder_invalidRequiredParameters() {
                         .build();
     }
 
+    @Test
+    public void testBuilder_conflictingParameters() {
+        PublicClientApplication app = PublicClientApplication.builder("client_id").build();
+
+        String redirectUri = "http://localhost:8080";
+        Set<String> scope = Collections.singleton("scope");
+
+        Map<String, String> extraParameters = new HashMap<>();
+        extraParameters.put("scope", "scope");
+
+        AuthorizationRequestUrlParameters
+                .builder(redirectUri, scope)
+                .extraQueryParameters(extraParameters)
+                .build();
+    }
+
     @Test
     public void testBuilder_optionalParameters() throws UnsupportedEncodingException {
         Set<String> clientCapabilities = new HashSet<>();
diff --git a/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java
similarity index 98%
rename from src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java
index af09cb91..6714b82b 100644
--- a/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java
@@ -3,8 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.http.HTTPResponse;
 import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
@@ -26,9 +24,6 @@
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.sql.Time;
-import java.time.Duration;
-import java.time.Instant;
 import java.util.*;
 
 import static com.microsoft.aad.msal4j.Constants.POINT_DELIMITER;
diff --git a/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java
diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java
new file mode 100644
index 00000000..112a8f11
--- /dev/null
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java
@@ -0,0 +1,75 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import org.easymock.EasyMock;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.Test;
+
+import java.security.KeyStore;
+import java.security.KeyStoreSpi;
+import java.util.Arrays;
+import java.util.Collections;
+
+import static org.testng.AssertJUnit.assertEquals;
+
+@Test
+public class ClientCertificatePkcs12Test extends AbstractMsalTests {
+
+    private KeyStoreSpi keyStoreSpi;
+    private KeyStore keystore;
+
+    @BeforeMethod
+    public void setUp() throws Exception {
+        keyStoreSpi = EasyMock.createMock(KeyStoreSpi.class);
+        keystore = new KeyStore(keyStoreSpi, null, "PKCS12") {};
+        keystore.load(null);
+    }
+
+    @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "certificate not loaded from input stream")
+    public void testNoEntries() throws Exception {
+        EasyMock.expect(keyStoreSpi.engineAliases())
+                .andReturn(Collections.enumeration(Collections.emptyList())).times(1);
+        EasyMock.replay(keyStoreSpi);
+
+        ClientCertificate.getPrivateKeyAlias(keystore);
+    }
+
+    @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "certificate not loaded from input stream")
+    public void testNoPrivateKey() throws Exception {
+        EasyMock.expect(keyStoreSpi.engineAliases())
+                .andReturn(Collections.enumeration(Arrays.asList("CA_cert1", "CA_cert2"))).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert1", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert2", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1);
+        EasyMock.replay(keyStoreSpi);
+
+        ClientCertificate.getPrivateKeyAlias(keystore);
+    }
+
+    @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "more than one certificate alias found in input stream")
+    public void testMultiplePrivateKeyAliases() throws Exception {
+        EasyMock.expect(keyStoreSpi.engineAliases())
+                .andReturn(Collections.enumeration(Arrays.asList("private_key1", "private_key2", "CA_cert"))).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key1", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key2", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1);
+        EasyMock.replay(keyStoreSpi);
+
+        ClientCertificate.getPrivateKeyAlias(keystore);
+    }
+
+    @Test
+    public void testMultipleEntriesButOnlyOnePrivateKey() throws Exception {
+        EasyMock.expect(keyStoreSpi.engineAliases())
+                .andReturn(Collections.enumeration(Arrays.asList("CA_cert1", "private_key", "CA_cert2"))).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert1", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1);
+        EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert2", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1);
+        EasyMock.replay(keyStoreSpi);
+
+        String privateKeyAlias = ClientCertificate.getPrivateKeyAlias(keystore);
+        assertEquals("private_key", privateKeyAlias);
+    }
+
+}
\ No newline at end of file
diff --git a/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java
similarity index 98%
rename from src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java
index 6328df36..12ea22eb 100644
--- a/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java
@@ -9,7 +9,6 @@
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.testng.PowerMockTestCase;
 import org.testng.Assert;
-import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
 import javax.net.ssl.HttpsURLConnection;
diff --git a/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java
similarity index 93%
rename from src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java
index 91cebf30..1ac60c59 100644
--- a/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java
@@ -24,8 +24,6 @@
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Consumer;
 
-import static com.microsoft.aad.msal4j.TestConfiguration.*;
-
 
 @Test(groups = {"checkin"})
 @PrepareForTest({HttpHelper.class, PublicClientApplication.class})
@@ -76,7 +74,7 @@ public void deviceCodeFlowTest() throws Exception {
 
         HttpResponse instanceDiscoveryResponse = new HttpResponse();
         instanceDiscoveryResponse.statusCode(200);
-        instanceDiscoveryResponse.body(INSTANCE_DISCOVERY_RESPONSE);
+        instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE);
 
         EasyMock.expect(
                 HttpHelper.executeHttpRequest(
@@ -121,19 +119,19 @@ public void deviceCodeFlowTest() throws Exception {
         PowerMock.replay(app);
 
         IAuthenticationResult authResult = app.acquireToken(
-                DeviceCodeFlowParameters.builder(Collections.singleton(AAD_RESOURCE_ID), deviceCodeConsumer)
+                DeviceCodeFlowParameters.builder(Collections.singleton(TestConfiguration.AAD_RESOURCE_ID), deviceCodeConsumer)
                         .build())
                 .get();
 
         // validate HTTP GET request used to get device code
         URL url = capturedHttpRequest.getValue().url();
-        Assert.assertEquals(url.getAuthority(), AAD_PREFERRED_NETWORK_ENV_ALIAS);
+        Assert.assertEquals(url.getAuthority(), TestConfiguration.AAD_PREFERRED_NETWORK_ENV_ALIAS);
         Assert.assertEquals(url.getPath(),
-                "/" + AAD_TENANT_NAME + "/" + AADAuthority.DEVICE_CODE_ENDPOINT);
+                "/" + TestConfiguration.AAD_TENANT_NAME + "/" + AADAuthority.DEVICE_CODE_ENDPOINT);
 
         String expectedScope = URLEncoder.encode(AbstractMsalAuthorizationGrant.COMMON_SCOPES_PARAM +
-                AbstractMsalAuthorizationGrant.SCOPES_DELIMITER + AAD_RESOURCE_ID, "UTF-8");
-        String expectedBody = String.format("scope=%s&client_id=%s", expectedScope, AAD_CLIENT_ID);
+                AbstractMsalAuthorizationGrant.SCOPES_DELIMITER + TestConfiguration.AAD_RESOURCE_ID, "UTF-8");
+        String expectedBody = String.format("scope=%s&client_id=%s", expectedScope, TestConfiguration.AAD_CLIENT_ID);
 
         String body = capturedHttpRequest.getValue().body();
         Assert.assertEquals(body, expectedBody);
@@ -147,7 +145,7 @@ public void deviceCodeFlowTest() throws Exception {
     }
 
     @Test(expectedExceptions = IllegalArgumentException.class,
-            expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is only supported by AAD and ADFS authorities")
+            expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is not supported by B2C authority.")
     public void executeAcquireDeviceCode_B2CAuthorityUsed_IllegalArgumentExceptionThrown()
             throws Exception {
 
@@ -157,7 +155,7 @@ public void executeAcquireDeviceCode_B2CAuthorityUsed_IllegalArgumentExceptionTh
 
         app.acquireToken
                 (DeviceCodeFlowParameters
-                        .builder(Collections.singleton(AAD_RESOURCE_ID), (DeviceCode deviceCode) -> {
+                        .builder(Collections.singleton(TestConfiguration.AAD_RESOURCE_ID), (DeviceCode deviceCode) -> {
                         })
                         .build());
     }
@@ -175,7 +173,7 @@ public void executeAcquireDeviceCode_AuthenticaionPendingErrorReturned_Authentic
         };
 
         app = PublicClientApplication.builder("client_id")
-                .authority(AAD_TENANT_ENDPOINT)
+                .authority(TestConfiguration.AAD_TENANT_ENDPOINT)
                 .validateAuthority(false)
                 .correlationId("corr_id")
                 .build();
diff --git a/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/MexParserTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java
similarity index 95%
rename from src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java
index dd8433a9..e465b409 100644
--- a/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java
+++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java
@@ -11,8 +11,6 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
 
 /**
  *
diff --git a/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/TestHelper.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/TestHelper.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java
diff --git a/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java
similarity index 100%
rename from src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java
rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java
diff --git a/src/test/resources/AAD_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/account_cache_entity.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity.json
diff --git a/src/test/resources/AAD_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/AAD_cache_data/account_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity_key.txt
diff --git a/src/test/resources/AAD_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/at_cache_entity.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity.json
diff --git a/src/test/resources/AAD_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/AAD_cache_data/at_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity_key.txt
diff --git a/src/test/resources/AAD_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/id_token_cache_entity.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity.json
diff --git a/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt
diff --git a/src/test/resources/AAD_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/rt_cache_entity.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity.json
diff --git a/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/AAD_cache_data/rt_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt
diff --git a/src/test/resources/AAD_cache_data/token_response.json b/msal4j-sdk/src/test/resources/AAD_cache_data/token_response.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/token_response.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/token_response.json
diff --git a/src/test/resources/AAD_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/AAD_cache_data/token_response_id_token.json
similarity index 100%
rename from src/test/resources/AAD_cache_data/token_response_id_token.json
rename to msal4j-sdk/src/test/resources/AAD_cache_data/token_response_id_token.json
diff --git a/src/test/resources/Foci_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/account_cache_entity.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity.json
diff --git a/src/test/resources/Foci_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/Foci_cache_data/account_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity_key.txt
diff --git a/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/app_metadata_cache_entity.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json
diff --git a/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt
diff --git a/src/test/resources/Foci_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/at_cache_entity.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity.json
diff --git a/src/test/resources/Foci_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/Foci_cache_data/at_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity_key.txt
diff --git a/src/test/resources/Foci_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/id_token_cache_entity.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity.json
diff --git a/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt
diff --git a/src/test/resources/Foci_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/rt_cache_entity.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity.json
diff --git a/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/Foci_cache_data/rt_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt
diff --git a/src/test/resources/Foci_cache_data/token_response.json b/msal4j-sdk/src/test/resources/Foci_cache_data/token_response.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/token_response.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/token_response.json
diff --git a/src/test/resources/Foci_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/Foci_cache_data/token_response_id_token.json
similarity index 100%
rename from src/test/resources/Foci_cache_data/token_response_id_token.json
rename to msal4j-sdk/src/test/resources/Foci_cache_data/token_response_id_token.json
diff --git a/src/test/resources/MSA_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/account_cache_entity.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity.json
diff --git a/src/test/resources/MSA_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/MSA_cache_data/account_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity_key.txt
diff --git a/src/test/resources/MSA_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/at_cache_entity.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity.json
diff --git a/src/test/resources/MSA_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/MSA_cache_data/at_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity_key.txt
diff --git a/src/test/resources/MSA_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/id_token_cache_entity.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity.json
diff --git a/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt
diff --git a/src/test/resources/MSA_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/rt_cache_entity.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity.json
diff --git a/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt
similarity index 100%
rename from src/test/resources/MSA_cache_data/rt_cache_entity_key.txt
rename to msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt
diff --git a/src/test/resources/MSA_cache_data/token_response.json b/msal4j-sdk/src/test/resources/MSA_cache_data/token_response.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/token_response.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/token_response.json
diff --git a/src/test/resources/MSA_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/MSA_cache_data/token_response_id_token.json
similarity index 100%
rename from src/test/resources/MSA_cache_data/token_response_id_token.json
rename to msal4j-sdk/src/test/resources/MSA_cache_data/token_response_id_token.json
diff --git a/src/test/resources/cache_data/multi-cloud-account-cache.json b/msal4j-sdk/src/test/resources/cache_data/multi-cloud-account-cache.json
similarity index 100%
rename from src/test/resources/cache_data/multi-cloud-account-cache.json
rename to msal4j-sdk/src/test/resources/cache_data/multi-cloud-account-cache.json
diff --git a/src/test/resources/cache_data/multi-tenant-account-cache.json b/msal4j-sdk/src/test/resources/cache_data/multi-tenant-account-cache.json
similarity index 100%
rename from src/test/resources/cache_data/multi-tenant-account-cache.json
rename to msal4j-sdk/src/test/resources/cache_data/multi-tenant-account-cache.json
diff --git a/src/test/resources/cache_data/remove-account-test-cache.json b/msal4j-sdk/src/test/resources/cache_data/remove-account-test-cache.json
similarity index 100%
rename from src/test/resources/cache_data/remove-account-test-cache.json
rename to msal4j-sdk/src/test/resources/cache_data/remove-account-test-cache.json
diff --git a/src/test/resources/cache_data/serialized_cache.json b/msal4j-sdk/src/test/resources/cache_data/serialized_cache.json
similarity index 100%
rename from src/test/resources/cache_data/serialized_cache.json
rename to msal4j-sdk/src/test/resources/cache_data/serialized_cache.json
diff --git a/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json b/msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json
similarity index 100%
rename from src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json
rename to msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json
diff --git a/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json b/msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json
similarity index 100%
rename from src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json
rename to msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json
diff --git a/src/test/resources/mex-2005-response.xml b/msal4j-sdk/src/test/resources/mex-2005-response.xml
similarity index 100%
rename from src/test/resources/mex-2005-response.xml
rename to msal4j-sdk/src/test/resources/mex-2005-response.xml
diff --git a/src/test/resources/mex-response-integrated.xml b/msal4j-sdk/src/test/resources/mex-response-integrated.xml
similarity index 100%
rename from src/test/resources/mex-response-integrated.xml
rename to msal4j-sdk/src/test/resources/mex-response-integrated.xml
diff --git a/src/test/resources/mex-response.xml b/msal4j-sdk/src/test/resources/mex-response.xml
similarity index 100%
rename from src/test/resources/mex-response.xml
rename to msal4j-sdk/src/test/resources/mex-response.xml
diff --git a/src/test/resources/token-error.xml b/msal4j-sdk/src/test/resources/token-error.xml
similarity index 100%
rename from src/test/resources/token-error.xml
rename to msal4j-sdk/src/test/resources/token-error.xml
diff --git a/src/test/resources/token.xml b/msal4j-sdk/src/test/resources/token.xml
similarity index 100%
rename from src/test/resources/token.xml
rename to msal4j-sdk/src/test/resources/token.xml
diff --git a/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java b/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java
deleted file mode 100644
index bc94f7bf..00000000
--- a/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java
+++ /dev/null
@@ -1,55 +0,0 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License.
-
-package com.microsoft.aad.msal4j;
-
-import lombok.AccessLevel;
-import lombok.Getter;
-import lombok.experimental.Accessors;
-
-import java.net.URL;
-
-@Accessors(fluent = true)
-@Getter(AccessLevel.PACKAGE)
-class B2CAuthority extends Authority {
-
-    private final static String AUTHORIZATION_ENDPOINT = "/oauth2/v2.0/authorize";
-    private final static String TOKEN_ENDPOINT = "/oauth2/v2.0/token";
-
-    private final static String B2C_AUTHORIZATION_ENDPOINT_FORMAT = "https://%s/%s/%s" + AUTHORIZATION_ENDPOINT;
-    private final static String B2C_TOKEN_ENDPOINT_FORMAT = "https://%s/%s" + TOKEN_ENDPOINT + "?p=%s";
-    private String policy;
-
-    B2CAuthority(final URL authorityUrl) {
-        super(authorityUrl, AuthorityType.B2C);
-        setAuthorityProperties();
-    }
-
-    private void validatePathSegments(String[] segments) {
-        if (segments.length < 3) {
-            throw new IllegalArgumentException(
-                    "B2C 'authority' Uri should have at least 3 segments in the path " +
-                            "(i.e. https://<host>/tfp/<tenant>/<policy>/...)");
-        }
-    }
-
-    private void setAuthorityProperties() {
-        String[] segments = canonicalAuthorityUrl.getPath().substring(1).split("/");
-
-        validatePathSegments(segments);
-
-        policy = segments[2];
-
-        final String b2cAuthorityFormat = "https://%s/%s/%s/%s/";
-        this.authority = String.format(
-                b2cAuthorityFormat,
-                canonicalAuthorityUrl.getAuthority(),
-                segments[0],
-                segments[1],
-                segments[2]);
-
-        this.authorizationEndpoint = String.format(B2C_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant, policy);
-        this.tokenEndpoint = String.format(B2C_TOKEN_ENDPOINT_FORMAT, host, tenant, policy);
-        this.selfSignedJwtAudience = this.tokenEndpoint;
-    }
-}