Resilience improvements for instance discovery#5811
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Improves AAD instance discovery resilience and performance by avoiding repeated network instance discovery attempts when the endpoint is failing/unreachable, and by bounding discovery latency with a dedicated timeout.
Changes:
- Cache a fallback instance discovery entry when network instance discovery fails (non-
invalid_instance) to avoid retrying discovery on subsequent token requests. - Add a per-instance-discovery timeout (default 10s) by linking a timeout CancellationToken into the discovery request flow.
- Add unit tests covering caching-on-failure and timeout fallback behavior; add a rules doc for cross-SDK reference.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Microsoft.Identity.Test.Unit/PublicApiTests/InstanceDiscoveryTests.cs | Adds tests ensuring instance discovery failures/timeouts are cached and not retried. |
| src/client/Microsoft.Identity.Client/Internal/RequestContext.cs | Makes UserCancellationToken settable to support temporary override during instance discovery. |
| src/client/Microsoft.Identity.Client/Instance/Discovery/NetworkMetadataProvider.cs | Adds instance discovery timeout and links it into the outgoing request. |
| src/client/Microsoft.Identity.Client/Instance/Discovery/InstanceDiscoveryManager.cs | Caches fallback metadata on discovery failure; updates warning text. |
| docs/instance-discovery-rules.md | Adds a detailed description of instance discovery behavior and error-handling rules. |
You can also share your feedback on Copilot code review. Take the survey.
src/client/Microsoft.Identity.Client/Instance/Discovery/NetworkMetadataProvider.cs
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Instance/Discovery/NetworkMetadataProvider.cs
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Instance/Discovery/InstanceDiscoveryManager.cs
Show resolved
Hide resolved
bgavrilMS
force-pushed
the
bogavril/5809
branch
from
b15f64d to
64e28a7
Compare
src/client/Microsoft.Identity.Client/Instance/Discovery/NetworkMetadataProvider.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Unit/PublicApiTests/InstanceDiscoveryTests.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
force-pushed
the
bogavril/5809
branch
from
907fb84 to
9066be3
Compare
bgavrilMS
force-pushed
the
bogavril/5809
branch
from
9066be3 to
a7a2d5b
Compare
src/client/Microsoft.Identity.Client/Instance/Discovery/InstanceDiscoveryManager.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Instance/Discovery/InstanceDiscoveryManager.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Instance/Discovery/InstanceDiscoveryManager.cs
Outdated
Show resolved
Hide resolved
bgavrilMS
changed the title
bgavrilMS
force-pushed
the
bogavril/5809
branch
from
af8f6cd to
296899f
Compare
src/client/Microsoft.Identity.Client/Instance/Discovery/NetworkCacheMetadataProvider.cs
Show resolved
Hide resolved
neha-bhargava
approved these changes
Apr 1, 2026
gladjohn
reviewed
Apr 1, 2026
| } | ||
| } | ||
|
|
||
| [TestMethod] |
Contributor
There was a problem hiding this comment.
Can we add one regression test for caller-driven cancellation here? The new timeout path temporarily swaps RequestContext.UserCancellationToken to a linked CTS and relies on the outer catch filter to distinguish timeout from user cancellation. The current timeout test throws TaskCanceledException directly from the mock handler, so it doesn’t exercise the linked-token path or verify that a caller cancellation still bubbles instead of falling back.
gladjohn
approved these changes
Apr 1, 2026
Contributor
|
looks good, one follow-up test needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #5804 #5805
If instance discovery fails due to 404 or 502, it should not be attempted again
Instance discovery should have a reasonble timeout