Fix issue with overriding tenant in B2C authority

Author: Avery-Dunn

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -52,9 +52,7 @@ AuthenticationResult execute() throws Exception {
             requestAuthority = clientApplication.authenticationAuthority;
         }
 
-        if (requestAuthority.authorityType == AuthorityType.AAD) {
-            requestAuthority = getAuthorityWithPrefNetworkHost(requestAuthority.authority());
-        }
+        requestAuthority = getAuthorityWithPrefNetworkHost(requestAuthority.authority());
 
         try {
             return clientApplication.acquireTokenCommon(msalRequest, requestAuthority);

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java

@@ -24,11 +24,7 @@ class AcquireTokenSilentSupplier extends AuthenticationResultSupplier {
     @Override
     AuthenticationResult execute() throws Exception {
         boolean shouldRefresh;
-        Authority requestAuthority = silentRequest.requestAuthority();
-        if (requestAuthority.authorityType != AuthorityType.B2C) {
-            requestAuthority =
-                    getAuthorityWithPrefNetworkHost(silentRequest.requestAuthority().authority());
-        }
+        Authority requestAuthority = getAuthorityWithPrefNetworkHost(silentRequest.requestAuthority().authority());
 
         AuthenticationResult res;
         if (silentRequest.parameters().account() == null) {

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java

@@ -138,31 +138,12 @@ static void validateAuthority(URL authorityUrl) {
      * @param originalAuthority The original authority to base the new one on
      * @param newTenant The new tenant to use in the authority URL
      * @return A new Authority instance with the specified tenant
-     * @throws MalformedURLException If the new authority URL is invalid
-     * @throws NullPointerException If originalAuthority or newTenant is null
      */
     static Authority replaceTenant(Authority originalAuthority, String newTenant) throws MalformedURLException {
-        if (originalAuthority == null) {
-            throw new NullPointerException("originalAuthority");
-        }
-        if (StringHelper.isBlank(newTenant)) {
-            throw new NullPointerException("newTenant");
-        }
-
-        URL originalUrl = originalAuthority.canonicalAuthorityUrl();
-        String host = originalUrl.getHost();
-        String protocol = originalUrl.getProtocol();
-        int port = originalUrl.getPort();
-
-        // Build path with new tenant
-        String newAuthority = String.format("%s://%s%s/%s/",
-                protocol,
-                host,
-                (port == -1 ? "" : ":" + port),
-                newTenant);
+        String authorityString = originalAuthority.canonicalAuthorityUrl().toString();
+        authorityString = authorityString.replace(originalAuthority.tenant, newTenant);
 
-        // Create proper authority instance with the tenant-specific URL
-        return createAuthority(new URL(newAuthority));
+        return createAuthority(new URL(authorityString));
     }
 
     static String getTenant(URL authorityUrl, AuthorityType authorityType) {

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java

@@ -243,6 +243,46 @@ void testClientCertificate_TenantOverride() throws Exception {
             "Access tokens should differ when using different tenants");
     }
 
+    @Test
+    void testClientCertificate_TenantOverride_B2C() throws Exception {
+        DefaultHttpClient httpClientMock = mock(DefaultHttpClient.class);
+        String replacementTenant = "overrideTenant";
+
+        ConfidentialClientApplication cca =
+                ConfidentialClientApplication.builder("clientId", ClientCredentialFactory.createFromCertificate(TestHelper.getPrivateKey(), TestHelper.getX509Cert()))
+                        .b2cAuthority(TestConfiguration.B2C_AUTHORITY)
+                        .instanceDiscovery(false)
+                        .validateAuthority(false)
+                        .httpClient(httpClientMock)
+                        .build();
+
+        when(httpClientMock.send(any(HttpRequest.class))).thenAnswer(parameters -> {
+            HttpRequest request = parameters.getArgument(0);
+            String requestBody = request.body();
+            String url = request.url().toString();
+
+            // Extract the assertion to verify its audience claim
+            String clientAssertion = extractClientAssertion(requestBody);
+
+            if (clientAssertion != null && url.contains(replacementTenant)) {
+                    HashMap<String, String> tokenResponseValues = new HashMap<>();
+                    tokenResponseValues.put("access_token", "access_token_for_" + replacementTenant);
+                    return TestHelper.expectedResponse(200, TestHelper.getSuccessfulTokenResponse(tokenResponseValues));
+            }
+
+            return null;
+        });
+
+        ClientCredentialParameters overrideParameters = ClientCredentialParameters.builder(Collections.singleton("scopes"))
+                .skipCache(true)
+                .tenant(replacementTenant)
+                .build();
+        IAuthenticationResult result = cca.acquireToken(overrideParameters).get();
+
+        assertNotNull(result);
+        assertEquals("access_token_for_"+ replacementTenant, result.accessToken());
+    }
+
     /**
      * Extracts the tenant name from an authority URL
      * @param url The full URL containing the tenant