[Bug] `WithMtlsProofOfPossession()' if the region in the config is null.

[ksaaf]

Library version used

Latest

.NET version

NET 8

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

Currently, the WithMtlsProofOfPossession() validation logic ensures that requests with ServiceBundle.Config.AzureRegion with an MsalClientException (MsalError.MtlsPopWithoutRegion) for null or empty but not for whitespace.

Relevant code snippets

// Check for Azure region only if the authority is AAD
                if (ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType == AuthorityType.Aad &&
                    string.IsNullOrEmpty(ServiceBundle.Config.AzureRegion))
                {
                    throw new MsalClientException(
                        MsalError.MtlsPopWithoutRegion,
                        MsalErrorMessage.MtlsPopWithoutRegion);
                }

Expected behavior

• Requests with ServiceBundle.Config.AzureRegion set to whitespace should fail with an MsalClientException (MsalError.MtlsPopWithoutRegion).
• Add unit tests

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[gladjohn]

WithAzureRegion is a ConfidentialClientApplicationBuilder, the bug you are referring to has nothing to do with MTLS.

[gladjohn]

You can run this test MsalForceRegionIsSet_WithRegionIsSet_WithRegionWins and set Azure Region to " " and see what happens.