AzureAD · bgavrilMS · Dec 2, 2025 · Dec 1, 2025
@@ -36,7 +36,7 @@ public static X509Certificate2 FindCertificateByName(string subjectName)
         /// <param subjectName="location"><see cref="StoreLocation"/> in which to search for a matching certificate</param>
         /// <param subjectName="name"><see cref="StoreName"/> in which to search for a matching certificate</param>
         /// <returns><see cref="X509Certificate2"/> with <paramref subjectName="certName"/>, or null if no matching certificate was found</returns>
-        public static X509Certificate2 FindCertificateByName(string certName, StoreLocation location, StoreName name)
+        private static X509Certificate2 FindCertificateByName(string certName, StoreLocation location, StoreName name)
         {
             // Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores
             if (SharedUtilities.IsLinuxPlatform())

@@ -29,33 +29,7 @@ public class KeyVaultSecretsProvider : IDisposable
         private CertificateClient _certificateClient;
         private SecretClient _secretClient;
 
-        /// <summary>Initialize the secrets provider with the "keyVault" configuration section.</summary>
-        /// <remarks>
-        /// <para>
-        /// Authentication using <see cref="LabAccessAuthenticationType.ClientCertificate"/>
-        ///     1. Register Azure AD application of "Web app / API" type.
-        ///        To set up certificate based access to the application PowerShell should be used.
-        ///     2. Add an access policy entry to target Key Vault instance for this application.
-        ///
-        ///     The "keyVault" configuration section should define:
-        ///         "authType": "ClientCertificate"
-        ///         "clientId": [client ID]
-        ///         "certThumbprint": [certificate thumbprint]
-        /// </para>
-        /// <para>
-        /// Authentication using <see cref="LabAccessAuthenticationType.UserCredential"/>
-        ///     1. Register Azure AD application of "Native" type.
-        ///     2. Add to 'Required permissions' access to 'Azure Key Vault (AzureKeyVault)' API.
-        ///     3. When you run your native client application, it will automatically prompt user to enter Azure AD credentials.
-        ///     4. To successfully access keys/secrets in the Key Vault, the user must have specific permissions to perform those operations.
-        ///        This could be achieved by directly adding an access policy entry to target Key Vault instance for this user
-        ///        or an access policy entry for an Azure AD security group of which this user is a member of.
-        ///
-        ///     The "keyVault" configuration section should define:
-        ///         "authType": "UserCredential"
-        ///         "clientId": [client ID]
-        /// </para>
-        /// </remarks>
+
         public KeyVaultSecretsProvider(string keyVaultAddress = KeyVaultInstance.MSIDLab)
         {
             var credentials = GetKeyVaultCredentialAsync().GetAwaiter().GetResult();

@@ -70,10 +70,4 @@ public static async Task<AccessToken> GetLabAccessTokenAsync(string authority, s
         }
     }
 
-    public enum LabAccessAuthenticationType
-    {
-        ClientCertificate,
-        ClientSecret,
-        UserCredential
-    }
 }
@@ -26,16 +26,12 @@ public class LabApp
         [JsonProperty("redirecturi")]
         public string RedirectUri { get; set; }
 
-        [JsonProperty("signinaudience")]
-        public string Audience { get; set; }
-
         // TODO: this is a list, but lab sends a string. Not used today, discuss with lab to return a list
         [JsonProperty("authority")]
         public string Authority { get; set; }
 
         [JsonProperty("defaultscopes")]
         public string DefaultScopes { get; set; }
-
     }
 
     public class Lab
@@ -46,16 +42,7 @@ public class Lab
         [JsonProperty("federationprovider")]
         public FederationProvider FederationProvider { get; set; }
 
-        [JsonProperty("credentialvaultkeyname")]
-        public string CredentialVaultkeyName { get; set; }
-
         [JsonProperty("authority")]
         public string Authority { get; set; }
     }
-
-    public class LabCredentialResponse
-    {
-        [JsonProperty("Value")]
-        public string Secret { get; set; }
-    }
 }
@@ -75,35 +75,13 @@ private Task<string> RunQueryAsync(UserQuery query)
             if (string.IsNullOrEmpty(query.Upn))
             {
                 //Building user query
-                //Required parameters will be set to default if not supplied by the test code
-
-                queryDict.Add(
-                    LabApiConstants.MultiFactorAuthentication, 
-                    query.MFA != null ? 
-                        query.MFA.ToString() : 
-                        MFA.None.ToString());
-
-                queryDict.Add(
-                    LabApiConstants.ProtectionPolicy, 
-                    query.ProtectionPolicy != null ? 
-                        query.ProtectionPolicy.ToString() : 
-                        ProtectionPolicy.None.ToString());
-
+                //Required parameters will be set to default if not supplied by the test code               
+
                 if (query.UserType != null)
                 {
                     queryDict.Add(LabApiConstants.UserType, query.UserType.ToString());
                 }
-
-                if (query.HomeDomain != null)
-                {
-                    queryDict.Add(LabApiConstants.HomeDomain, query.HomeDomain.ToString());
-                }
-
-                if (query.HomeUPN != null)
-                {
-                    queryDict.Add(LabApiConstants.HomeUPN, query.HomeUPN.ToString());
-                }
-
+
                 if (query.B2CIdentityProvider != null)
                 {
                     queryDict.Add(LabApiConstants.B2CProvider, query.B2CIdentityProvider.ToString());
@@ -168,17 +146,6 @@ internal async Task<string> GetLabResponseAsync(string address)
             }
         }
 
-        public async Task<string> GetUserSecretAsync(string lab)
-        {
-            Dictionary<string, string> queryDict = new Dictionary<string, string>
-            {
-                { "secret", lab }
-            };
-
-            string result = await SendLabRequestAsync(LabApiConstants.LabUserCredentialEndpoint, queryDict).ConfigureAwait(false);
-            return JsonConvert.DeserializeObject<LabCredentialResponse>(result).Secret;
-        }
-
         public async Task<string> GetMSIHelperServiceTokenAsync()
         {
             if (_msiHelperApiAccessToken == null)

@@ -18,18 +18,6 @@ public class LabUser
         [JsonProperty("upn")]
         public string Upn { get; set; }
 
-        [JsonProperty("displayname")]
-        public string DisplayName { get; set; }
-
-        [JsonProperty("mfa")]
-        public MFA Mfa { get; set; }
-
-        [JsonProperty("protectionpolicy")]
-        public ProtectionPolicy ProtectionPolicy { get; set; }
-
-        [JsonProperty("homedomain")]
-        public HomeDomain HomeDomain { get; set; }
-
         [JsonProperty("homeupn")]
         public string HomeUPN { get; set; }
 
@@ -41,8 +29,6 @@ public class LabUser
 
         public FederationProvider FederationProvider { get; set; }
 
-        public string Credential { get; set; }
-
         public string TenantId { get; set; }
 
         private string _password = null;

@@ -136,13 +136,7 @@ private static LabResponse MergeLabResponses(LabResponse primary, LabResponse se
 
             return primaryJson.ToObject<LabResponse>();
         }
-
-        [Obsolete("Use GetSpecificUserAsync instead", true)]
-        public static Task<LabResponse> GetLabUserDataForSpecificUserAsync(string upn)
-        {
-            throw new NotSupportedException();
-        }
-
+
         public static async Task<string> GetMSIEnvironmentVariablesAsync(string uri)
         {
             string result = await s_labService.GetLabResponseAsync(uri).ConfigureAwait(false);
@@ -187,33 +181,6 @@ public static Task<LabResponse> GetB2CLocalAccountAsync()
             return GetLabUserDataAsync(UserQuery.B2CLocalAccountUserQuery);
         }
 
-        public static Task<LabResponse> GetB2CFacebookAccountAsync()
-        {
-            return GetLabUserDataAsync(UserQuery.B2CFacebookUserQuery);
-        }
-
-        public static Task<LabResponse> GetB2CGoogleAccountAsync()
-        {
-            return GetLabUserDataAsync(UserQuery.B2CGoogleUserQuery);
-        }
-
-        public static async Task<LabResponse> GetB2CMSAAccountAsync()
-        {
-            var response = await GetLabUserDataAsync(UserQuery.B2CMSAUserQuery).ConfigureAwait(false);
-            if (string.IsNullOrEmpty(response.User.HomeUPN) ||
-                string.Equals("None", response.User.HomeUPN, StringComparison.OrdinalIgnoreCase))
-            {
-                Debug.WriteLine($"B2C MSA HomeUPN set to UPN: {response.User.Upn}");
-                response.User.HomeUPN = response.User.Upn;
-            }
-            return response;
-        }
-
-        public static Task<LabResponse> GetSpecificUserAsync(string upn)
-        {
-            return GetLabUserDataAsync(new UserQuery() { Upn = upn });
-        }
-
         public static Task<LabResponse> GetArlingtonUserAsync()
         {
             var response = GetLabUserDataAsync(UserQuery.ArlingtonUserQuery);

@@ -9,10 +9,6 @@ namespace Microsoft.Identity.Test.LabInfrastructure
     public struct UserQuery
     {
         public UserType? UserType { get; set; }
-        public MFA? MFA { get; set; }
-        public ProtectionPolicy? ProtectionPolicy { get; set; }
-        public HomeDomain? HomeDomain { get; set; }
-        public HomeUPN? HomeUPN { get; set; }
         public B2CIdentityProvider? B2CIdentityProvider { get; set; }
         public FederationProvider? FederationProvider { get; set; } //Requires userType to be set to federated
         public AzureEnvironment? AzureEnvironment { get; set; }
@@ -51,24 +47,6 @@ public struct UserQuery
             B2CIdentityProvider = LabInfrastructure.B2CIdentityProvider.Local
         };
 
-        public static UserQuery B2CFacebookUserQuery => new UserQuery
-        {
-            UserType = LabInfrastructure.UserType.B2C,
-            B2CIdentityProvider = LabInfrastructure.B2CIdentityProvider.Facebook
-        };
-
-        public static UserQuery B2CGoogleUserQuery => new UserQuery
-        {
-            UserType = LabInfrastructure.UserType.B2C,
-            B2CIdentityProvider = LabInfrastructure.B2CIdentityProvider.Google
-        };
-
-        public static UserQuery B2CMSAUserQuery => new UserQuery
-        {
-            UserType = LabInfrastructure.UserType.B2C,
-            B2CIdentityProvider = LabInfrastructure.B2CIdentityProvider.MSA
-        };
-
         public static UserQuery ArlingtonUserQuery => new UserQuery
         {
             UserType = LabInfrastructure.UserType.Cloud,