Add 119 unit tests to improve code coverage

Coverage improvements for Microsoft.Identity.Client:
- Line coverage: 82.58% -> 84.20% (+1.62%, +387 lines)
- Branch coverage: 72.91% -> 75.09% (+2.18%, +128 branches)

New test files:
- ConcurrentHashSetTests: comprehensive tests for thread-safe collection
- Base64UrlHelpersExtendedTests: edge cases for encoding/decoding
- IdTokenExtendedTests: null/empty/malformed JWT, claim mapping
- WsTrustResponseExtendedTests: SOAP fault parsing, SAML selection
- AuthorizationResultExtendedTests: URI/PostData parsing edge cases
- ThrottlingCacheExtendedTests: cleanup, clear, miss paths
- TokenCacheNotificationArgsExtendedTests: constructor overloads
- TraceTelemetryConfigTests: basic config properties

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: gladjohn

tests/Microsoft.Identity.Test.Unit/CacheTests/TokenCacheNotificationArgsExtendedTests.cs

@@ -0,0 +1,161 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+
+using System;
+using System.Collections.Generic;
+using System.Threading;
+using Microsoft.Identity.Client;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Microsoft.Identity.Test.Unit.CacheTests
+{
+    [TestClass]
+    public class TokenCacheNotificationArgsExtendedTests : TestBase
+    {
+        [TestMethod]
+        public void Constructor_BasicOverload_SetsAllProperties()
+        {
+            var cts = new CancellationTokenSource();
+            var expiry = DateTimeOffset.UtcNow.AddHours(1);
+
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "client-id",
+                account: null,
+                hasStateChanged: true,
+                isApplicationCache: true,
+                suggestedCacheKey: "cache-key",
+                hasTokens: true,
+                suggestedCacheExpiry: expiry,
+                cancellationToken: cts.Token);
+
+            Assert.AreEqual("client-id", args.ClientId);
+            Assert.IsTrue(args.HasStateChanged);
+            Assert.IsTrue(args.IsApplicationCache);
+            Assert.AreEqual("cache-key", args.SuggestedCacheKey);
+            Assert.IsTrue(args.HasTokens);
+            Assert.AreEqual(expiry, args.SuggestedCacheExpiry);
+            Assert.AreEqual(cts.Token, args.CancellationToken);
+            Assert.IsNull(args.TokenCache);
+            Assert.IsNull(args.Account);
+        }
+
+        [TestMethod]
+        public void Constructor_WithCorrelationId_SetsCorrelationId()
+        {
+            var correlationId = Guid.NewGuid();
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "client-id",
+                account: null,
+                hasStateChanged: false,
+                isApplicationCache: false,
+                suggestedCacheKey: null,
+                hasTokens: false,
+                suggestedCacheExpiry: null,
+                cancellationToken: CancellationToken.None,
+                correlationId: correlationId);
+
+            Assert.AreEqual(correlationId, args.CorrelationId);
+        }
+
+        [TestMethod]
+        public void Constructor_WithScopesAndTenant_SetsFields()
+        {
+            var scopes = new[] { "User.Read", "Mail.Read" };
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "client-id",
+                account: null,
+                hasStateChanged: false,
+                isApplicationCache: false,
+                suggestedCacheKey: null,
+                hasTokens: false,
+                suggestedCacheExpiry: null,
+                cancellationToken: CancellationToken.None,
+                correlationId: Guid.Empty,
+                requestScopes: scopes,
+                requestTenantId: "tenant-id");
+
+            CollectionAssert.AreEqual(scopes, new List<string>(args.RequestScopes));
+            Assert.AreEqual("tenant-id", args.RequestTenantId);
+        }
+
+        [TestMethod]
+        public void Constructor_FullOverload_SetsAllFields()
+        {
+            var correlationId = Guid.NewGuid();
+            var scopes = new[] { "scope1" };
+            var expiry = DateTimeOffset.UtcNow.AddMinutes(30);
+
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "cid",
+                account: null,
+                hasStateChanged: true,
+                isApplicationCache: true,
+                suggestedCacheKey: "key",
+                hasTokens: true,
+                suggestedCacheExpiry: expiry,
+                cancellationToken: CancellationToken.None,
+                correlationId: correlationId,
+                requestScopes: scopes,
+                requestTenantId: "tid",
+                identityLogger: null,
+                piiLoggingEnabled: true);
+
+            Assert.AreEqual("cid", args.ClientId);
+            Assert.IsTrue(args.HasStateChanged);
+            Assert.IsTrue(args.IsApplicationCache);
+            Assert.AreEqual("key", args.SuggestedCacheKey);
+            Assert.IsTrue(args.HasTokens);
+            Assert.AreEqual(expiry, args.SuggestedCacheExpiry);
+            Assert.AreEqual(correlationId, args.CorrelationId);
+            Assert.AreEqual("tid", args.RequestTenantId);
+            Assert.IsTrue(args.PiiLoggingEnabled);
+        }
+
+        [TestMethod]
+        public void Constructor_FullOverload_DefaultsTelemetryData_WhenNull()
+        {
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "cid",
+                account: null,
+                hasStateChanged: false,
+                isApplicationCache: false,
+                suggestedCacheKey: null,
+                hasTokens: false,
+                suggestedCacheExpiry: null,
+                cancellationToken: CancellationToken.None,
+                correlationId: Guid.Empty,
+                requestScopes: null,
+                requestTenantId: null,
+                identityLogger: null,
+                piiLoggingEnabled: false,
+                telemetryData: null);
+
+            Assert.IsNotNull(args.TelemetryData, "TelemetryData should be defaulted when null");
+        }
+
+        [TestMethod]
+        public void HasStateChanged_CanBeSetInternally()
+        {
+            var args = new TokenCacheNotificationArgs(
+                tokenCache: null,
+                clientId: "cid",
+                account: null,
+                hasStateChanged: false,
+                isApplicationCache: false,
+                suggestedCacheKey: null,
+                hasTokens: false,
+                suggestedCacheExpiry: null,
+                cancellationToken: CancellationToken.None);
+
+            Assert.IsFalse(args.HasStateChanged);
+            args.HasStateChanged = true;
+            Assert.IsTrue(args.HasStateChanged);
+        }
+    }
+}

tests/Microsoft.Identity.Test.Unit/CoreTests/IdTokenExtendedTests.cs

@@ -0,0 +1,173 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+
+using System;
+using System.Text;
+using Microsoft.Identity.Client;
+using Microsoft.Identity.Client.Internal;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+namespace Microsoft.Identity.Test.Unit.CoreTests
+{
+    [TestClass]
+    public class IdTokenExtendedTests : TestBase
+    {
+        [TestMethod]
+        public void Parse_Null_ReturnsNull()
+        {
+            Assert.IsNull(IdToken.Parse(null));
+        }
+
+        [TestMethod]
+        public void Parse_EmptyString_ReturnsNull()
+        {
+            Assert.IsNull(IdToken.Parse(string.Empty));
+        }
+
+        [TestMethod]
+        public void Parse_SingleSegment_ThrowsMsalClientException()
+        {
+            Assert.Throws<MsalClientException>(() => IdToken.Parse("singlesegment"));
+        }
+
+        [TestMethod]
+        public void Parse_SingleSegment_HasCorrectErrorCode()
+        {
+            try
+            {
+                IdToken.Parse("singlesegment");
+                Assert.Fail("Should have thrown");
+            }
+            catch (MsalClientException ex)
+            {
+                Assert.AreEqual(MsalError.InvalidJwtError, ex.ErrorCode);
+            }
+        }
+
+        [TestMethod]
+        public void GetUniqueId_UsesObjectId_WhenPresent()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""oid"":""object-id-123"",""sub"":""subject-456""}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+            Assert.AreEqual("object-id-123", token.GetUniqueId());
+        }
+
+        [TestMethod]
+        public void GetUniqueId_FallsBackToSubject_WhenObjectIdMissing()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""sub"":""subject-456""}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+            Assert.IsNull(token.ObjectId);
+            Assert.AreEqual("subject-456", token.GetUniqueId());
+        }
+
+        [TestMethod]
+        public void Parse_MapsAllStandardClaims()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""oid"":""oid1"",""sub"":""sub1"",""tid"":""tid1"",""preferred_username"":""user@example.com"",""name"":""Test User"",""email"":""test@example.com"",""upn"":""user@domain.com"",""given_name"":""Test"",""family_name"":""User""}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+
+            Assert.AreEqual("oid1", token.ObjectId);
+            Assert.AreEqual("sub1", token.Subject);
+            Assert.AreEqual("tid1", token.TenantId);
+            Assert.AreEqual("user@example.com", token.PreferredUsername);
+            Assert.AreEqual("Test User", token.Name);
+            Assert.AreEqual("test@example.com", token.Email);
+            Assert.AreEqual("user@domain.com", token.Upn);
+            Assert.AreEqual("Test", token.GivenName);
+            Assert.AreEqual("User", token.FamilyName);
+        }
+
+        [TestMethod]
+        public void Parse_ClaimsPrincipal_IsPopulated()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""iss"":""https://login.example.com/tenant/v2.0"",""name"":""Test User""}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+
+            Assert.IsNotNull(token.ClaimsPrincipal);
+            Assert.IsNotNull(token.ClaimsPrincipal.Identity);
+        }
+
+        [TestMethod]
+        public void Parse_NoIssuer_UsesLocalAuthority()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""name"":""Test User""}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+
+            Assert.IsNotNull(token.ClaimsPrincipal);
+            var nameClaim = token.ClaimsPrincipal.FindFirst("name");
+            Assert.IsNotNull(nameClaim);
+            Assert.AreEqual("LOCAL AUTHORITY", nameClaim.Issuer);
+        }
+
+        [TestMethod]
+        public void Parse_NullClaimValue_CreatesJsonNullClaim()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(
+                @"{""iss"":""issuer"",""custom_claim"":null}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+
+            Assert.IsNotNull(token.ClaimsPrincipal);
+            var customClaim = token.ClaimsPrincipal.FindFirst("custom_claim");
+            Assert.IsNotNull(customClaim);
+            Assert.AreEqual(string.Empty, customClaim.Value);
+        }
+
+        [TestMethod]
+        public void Parse_InvalidBase64Payload_Throws()
+        {
+            // Valid JWT structure but payload is not valid base64 - may throw MsalClientException or FormatException
+            try
+            {
+                IdToken.Parse("header.!!!invalid!!!.signature");
+                Assert.Fail("Should have thrown an exception");
+            }
+            catch (MsalClientException)
+            {
+                // Expected - JSON parse error
+            }
+            catch (FormatException)
+            {
+                // Expected - invalid base64
+            }
+        }
+
+        [TestMethod]
+        public void Parse_MinimalToken_NoOptionalClaims()
+        {
+            string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes(@"{}"));
+            string jwt = $"header.{payload}.signature";
+
+            var token = IdToken.Parse(jwt);
+
+            Assert.IsNull(token.ObjectId);
+            Assert.IsNull(token.Subject);
+            Assert.IsNull(token.TenantId);
+            Assert.IsNull(token.PreferredUsername);
+            Assert.IsNull(token.Name);
+            Assert.IsNull(token.Email);
+            Assert.IsNull(token.Upn);
+            Assert.IsNull(token.GivenName);
+            Assert.IsNull(token.FamilyName);
+            Assert.IsNull(token.GetUniqueId());
+        }
+    }
+}