AzureAD · Avery-Dunn · Sep 16, 2025 · Sep 15, 2025 · Sep 15, 2025
@@ -38,8 +38,6 @@ class AadInstanceDiscoveryProvider {
 
     private static final Logger log = LoggerFactory.getLogger(AadInstanceDiscoveryProvider.class);
 
-    //flag to check if instance discovery has failed
-    private static boolean instanceDiscoveryFailed = false;
     static ConcurrentHashMap<String, InstanceDiscoveryMetadataEntry> cache = new ConcurrentHashMap<>();
 
     static {
@@ -50,8 +48,8 @@ class AadInstanceDiscoveryProvider {
                 "login.microsoftonline.us"));
 
         TRUSTED_HOSTS_SET.addAll(Arrays.asList(
+                DEFAULT_TRUSTED_HOST,
                 "login.windows.net",
-                "login.microsoftonline.com",
                 "login.microsoft.com",
                 "sts.windows.net"));
 

@@ -4,7 +4,6 @@
 package com.microsoft.aad.msal4j;
 
 import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.net.URL;
 import java.util.Set;
 import java.util.concurrent.CompletionException;
 import java.util.function.Supplier;

@@ -31,7 +31,7 @@ private static void validateAndUpdateTokenProviderResult(TokenProviderResult tok
         }
 
         if (tokenProviderResult.getExpiresInSeconds() == 0 || tokenProviderResult.getExpiresInSeconds() < 0) {
-            handleInvalidExternalValueError(Long.valueOf(tokenProviderResult.getExpiresInSeconds()).toString());
+            handleInvalidExternalValueError(Long.toString(tokenProviderResult.getExpiresInSeconds()));
         }
 
         if (null == tokenProviderResult.getTenantId() || tokenProviderResult.getTenantId().isEmpty()) {

@@ -6,9 +6,7 @@
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 
 class AcquireTokenByAuthorizationGrantSupplier extends AuthenticationResultSupplier {

@@ -104,7 +104,7 @@ AuthenticationResult execute() throws Exception {
         }
     }
 
-    private AuthenticationResult fetchNewAccessTokenAndSaveToCache(TokenRequestExecutor tokenRequestExecutor, CacheRefreshReason cacheRefreshReason) throws Exception {
+    private AuthenticationResult fetchNewAccessTokenAndSaveToCache(TokenRequestExecutor tokenRequestExecutor, CacheRefreshReason cacheRefreshReason) {
 
         ManagedIdentityClient managedIdentityClient = new ManagedIdentityClient(msalRequest, tokenRequestExecutor.getServiceBundle());
 

@@ -8,7 +8,6 @@
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.Collections;
 import java.util.HashMap;
 
 class AppServiceManagedIdentitySource extends AbstractManagedIdentitySource{

@@ -111,7 +111,7 @@ static void validateAuthority(URL authorityUrl) {
 
         final String path = authorityUrl.getPath();
 
-        if (path.length() == 0) {
+        if (path.isEmpty()) {
             throw new IllegalArgumentException(
                     IllegalArgumentExceptionMessages.AUTHORITY_URI_EMPTY_PATH);
         }

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 
 class AuthorizationCodeRequest extends MsalRequest {

@@ -78,7 +78,7 @@ private AuthorizationRequestUrlParameters(Builder builder) {
             requestParameters.put("claims", claimsParam);
         }
 
-        if (builder.claimsChallenge != null && builder.claimsChallenge.trim().length() > 0) {
+        if (builder.claimsChallenge != null && !builder.claimsChallenge.trim().isEmpty()) {
             JsonHelper.validateJsonFormat(builder.claimsChallenge);
             requestParameters.put("claims", builder.claimsChallenge);
         }

@@ -13,6 +13,7 @@
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
 import java.util.concurrent.BlockingQueue;
 import java.util.stream.Collectors;
 
@@ -96,7 +97,7 @@ private void send302Response(HttpExchange httpExchange, String redirectUri) thro
     }
 
     private void send200Response(HttpExchange httpExchange, String response) throws IOException {
-        byte[] responseBytes = response.getBytes("UTF-8");
+        byte[] responseBytes = response.getBytes(StandardCharsets.UTF_8);
         httpExchange.getResponseHeaders().set("Content-Type", "text/html; charset=UTF-8");
         httpExchange.sendResponseHeaders(HttpStatus.HTTP_OK, responseBytes.length);
         OutputStream os = httpExchange.getResponseBody();

@@ -56,7 +56,7 @@ public List<String> getEncodedPublicKeyCertificateChain() throws CertificateEnco
     }
 
     static ClientCertificate create(InputStream pkcs12Certificate, String password)
-            throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException,
+            throws KeyStoreException, NoSuchAlgorithmException,
             CertificateException, IOException, UnrecoverableKeyException {
         // treat null password as default one - empty string
         if (password == null) {

@@ -73,7 +73,7 @@ public static IClientCertificate createFromCertificate(final PrivateKey key, fin
      * @return {@link ClientCertificate}
      */
     public static IClientCertificate createFromCertificateChain(PrivateKey key, List<X509Certificate> publicKeyCertificateChain) {
-        if (key == null || publicKeyCertificateChain == null || publicKeyCertificateChain.size() == 0) {
+        if (key == null || publicKeyCertificateChain == null || publicKeyCertificateChain.isEmpty()) {
             throw new IllegalArgumentException("null or empty input parameter");
         }
         return new ClientCertificate(key, publicKeyCertificateChain);

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
 import java.util.function.Function;

@@ -8,7 +8,6 @@
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.Collections;
 import java.util.HashMap;
 
 class CloudShellManagedIdentitySource extends AbstractManagedIdentitySource{

@@ -4,11 +4,7 @@
 package com.microsoft.aad.msal4j;
 
 import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.time.Instant;
-import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
 

@@ -3,10 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.azure.json.JsonProviders;
-import com.azure.json.JsonReader;
-
-import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;

@@ -4,9 +4,7 @@
 package com.microsoft.aad.msal4j;
 
 import javax.net.ssl.SSLSocketFactory;
-import java.net.MalformedURLException;
 import java.net.Proxy;
-import java.util.concurrent.CompletableFuture;
 
 /**
  * Base interface representing a client application that can acquire tokens from the Microsoft identity platform.

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import javax.net.ssl.SSLSocketFactory;
 import java.net.MalformedURLException;
-import java.net.Proxy;
 import java.net.URL;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;

@@ -9,7 +9,6 @@
 import java.net.HttpURLConnection;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.Collections;
 import java.util.HashMap;
 
 class IMDSManagedIdentitySource extends AbstractManagedIdentitySource{

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 

@@ -88,7 +88,6 @@ public static Builder builder(ManagedIdentityId managedIdentityId) {
 
     public static class Builder extends AbstractApplicationBase.Builder<Builder> {
 
-        private String resource;
         private ManagedIdentityId managedIdentityId;
         private List<String> clientCapabilities;
 
@@ -99,8 +98,16 @@ private Builder(ManagedIdentityId managedIdentityId) {
             this.managedIdentityId = managedIdentityId;
         }
 
+        /**
+         * @deprecated This method has no effect as the resource field is not used in the ManagedIdentityApplication itself.
+         * Use {@link ManagedIdentityParameters#builder(String)} to set the resource when calling
+         * {@link ManagedIdentityApplication#acquireTokenForManagedIdentity(ManagedIdentityParameters)}.
+         *
+         * @param resource Resource to access (unused)
+         * @return instance of Builder of ManagedIdentityApplication
+         */
+        @Deprecated
         public Builder resource(String resource) {
-            this.resource = resource;
             return self();
         }
 

@@ -10,7 +10,6 @@
  * Class to initialize a managed identity and identify the service.
  */
 class ManagedIdentityClient {
-    private static final Logger LOG = LoggerFactory.getLogger(ManagedIdentityClient.class);
 
     static ManagedIdentitySourceType getManagedIdentitySource() {
         IEnvironmentVariables environmentVariables = AbstractManagedIdentitySource.getEnvironmentVariables();

@@ -10,7 +10,6 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -98,7 +97,7 @@ void addTokenRevocationParametersToQuery(ManagedIdentityParameters parameters) {
                 // Add client capabilities as a comma separated string for all the values in client capabilities
                 String clientCapabilities = String.join(",", managedIdentityApplication.getClientCapabilities());
 
-                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, clientCapabilities.toString());
+                queryParameters.put(Constants.CLIENT_CAPABILITY_REQUEST_PARAM, clientCapabilities);
             }
 
             // Pass the token revocation parameter if the claims are present and there is a token to revoke

@@ -14,8 +14,6 @@
 
 class ManagedIdentityResponse implements JsonSerializable<ManagedIdentityResponse> {
 
-    private static final Logger LOG = LoggerFactory.getLogger(ManagedIdentityResponse.class);
-
     String tokenType;
     String accessToken;
     String expiresOn;

@@ -10,7 +10,6 @@
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 import java.io.ByteArrayInputStream;
-import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.*;
 import java.util.Map.Entry;

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 class OnBehalfOfRequest extends MsalRequest {
 

@@ -214,13 +214,12 @@ private boolean validateBrokerUsage(InteractiveRequestParameters parameters) {
 
         //Check if broker-only parameters are being used when a broker is not enabled. If they are, either throw an
         // exception saying a broker is required, or provide a clear log message saying the parameter will be ignored
-        if (!brokerEnabled) {
-            if (parameters.proofOfPossession() != null) {
+        if (!brokerEnabled && parameters.proofOfPossession() != null) {
                 throw new MsalClientException(
                         "InteractiveRequestParameters.proofOfPossession should not be used when broker is not available, see https://aka.ms/msal4j-pop for more information",
                         AuthenticationErrorCode.MSALJAVA_BROKERS_ERROR );
             }
-        }
+
 
         return brokerEnabled;
     }
@@ -233,13 +232,12 @@ private boolean validateBrokerUsage(UserNamePasswordParameters parameters) {
 
         //Check if broker-only parameters are being used when a broker is not enabled. If they are, either throw an
         // exception saying a broker is required, or provide a clear log message saying the parameter will be ignored
-        if (!brokerEnabled) {
-            if (parameters.proofOfPossession() != null) {
+        if (!brokerEnabled && parameters.proofOfPossession() != null) {
                 throw new MsalClientException(
                         "UserNamePasswordParameters.proofOfPossession should not be used when broker is not available, see https://aka.ms/msal4j-pop for more information",
                         AuthenticationErrorCode.MSALJAVA_BROKERS_ERROR );
             }
-        }
+
 
         return brokerEnabled;
     }
@@ -252,13 +250,12 @@ private boolean validateBrokerUsage(SilentParameters parameters) {
 
         //Check if broker-only parameters are being used when a broker is not enabled. If they are, either throw an
         // exception saying a broker is required, or provide a clear log message saying the parameter will be ignored
-        if (!brokerEnabled) {
-            if (parameters.proofOfPossession() != null) {
+        if (!brokerEnabled && parameters.proofOfPossession() != null) {
                 throw new MsalClientException(
                         "UserNamePasswordParameters.proofOfPossession should not be used when broker is not available, see https://aka.ms/msal4j-pop for more information",
                         AuthenticationErrorCode.MSALJAVA_BROKERS_ERROR );
             }
-        }
+
 
         return brokerEnabled;
     }

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Set;
 import java.util.concurrent.CompletionException;
 
 class RemoveAccountRunnable implements Runnable {

@@ -9,7 +9,6 @@
 import java.net.SocketException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.Collections;
 import java.util.HashMap;
 
 class ServiceFabricManagedIdentitySource extends AbstractManagedIdentitySource {

@@ -87,7 +87,7 @@ public void flush(String requestId, String clientId) {
 
         List<Event> eventsToFlush = completedEvents.remove(requestId);
         Map<String, Integer> eventCountToFlush = eventCount.remove(requestId);
-        eventCountToFlush = !(eventCountToFlush == null) ?
+        eventCountToFlush = eventCountToFlush != null ?
                 eventCountToFlush :
                 new ConcurrentHashMap<>();
 
@@ -96,7 +96,7 @@ public void flush(String requestId, String clientId) {
         if (onlySendFailureTelemetry && eventsToFlush.stream().anyMatch(isSuccessfulPredicate)) {
             eventsToFlush.clear();
         }
-        if (eventsToFlush.size() <= 0) {
+        if (eventsToFlush.isEmpty()) {
             return;
         }
         eventsToFlush.add(0, new DefaultEvent(clientId, eventCountToFlush));

@@ -3,9 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
-import java.util.Collections;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 
 class UserNamePasswordRequest extends MsalRequest {
-Original file line number
+Diff line change
@@ Expand Up / @@ -104,7 +104,7 @@ AuthenticationResult execute() throws Exception { @@
             }
         }
-        private AuthenticationResult fetchNewAccessTokenAndSaveToCache(TokenRequestExecutor tokenRequestExecutor, CacheRefreshReason cacheRefreshReason) throws Exception {
+        private AuthenticationResult fetchNewAccessTokenAndSaveToCache(TokenRequestExecutor tokenRequestExecutor, CacheRefreshReason cacheRefreshReason) {
             ManagedIdentityClient managedIdentityClient = new ManagedIdentityClient(msalRequest, tokenRequestExecutor.getServiceBundle());
@@ Expand Down @@