Revert "Throw on Authority vs Instance/TenantId conflict (OIDC + MSAL parity) (#3873)" (#3888)

This reverts commit 9c772f3.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: iarekk

src/Microsoft.Identity.Web.TokenAcquisition/MergedOptions.cs

@@ -77,42 +77,6 @@ public ConfidentialClientApplicationOptions ConfidentialClientApplicationOptions
          */
         internal bool PreserveAuthority { get; set; }
 
-        // Latch: once true, never reverts to false. Distinguishes user-configured Authority
-        // from the synthetic value computed by MicrosoftEntraApplicationOptions.Authority getter.
-        private bool _authorityExplicitlyConfigured;
-        internal bool AuthorityExplicitlyConfigured
-        {
-            get => _authorityExplicitlyConfigured;
-            set { if (value) _authorityExplicitlyConfigured = true; }
-        }
-
-        // Latch: once true, never reverts to false. Distinguishes user-configured
-        // Instance/TenantId from values derived by ParseAuthorityIfNecessary.
-        private bool _instanceOrTenantIdExplicitlyConfigured;
-        internal bool InstanceOrTenantIdExplicitlyConfigured
-        {
-            get => _instanceOrTenantIdExplicitlyConfigured;
-            set { if (value) _instanceOrTenantIdExplicitlyConfigured = true; }
-        }
-
-        // Set after ParseAuthorityIfNecessary runs; makes subsequent calls no-op.
-        private bool _authorityParsed;
-
-        // Throws if the user explicitly configured BOTH Authority AND Instance/TenantId.
-        internal void ThrowIfAuthorityConflict()
-        {
-            if (AuthorityExplicitlyConfigured &&
-                InstanceOrTenantIdExplicitlyConfigured &&
-                !string.IsNullOrEmpty(Authority) &&
-                (!string.IsNullOrEmpty(Instance) || !string.IsNullOrEmpty(TenantId)))
-            {
-                throw new InvalidOperationException(
-                    $"[MsIdWeb] Both 'Authority' ('{Authority}') and 'Instance'/'TenantId' " +
-                    $"('{Instance ?? string.Empty}', '{TenantId ?? string.Empty}') are configured. " +
-                    "These settings conflict. Remove either 'Authority' or 'Instance'/'TenantId' from the configuration.");
-            }
-        }
-
         /// <summary>
         /// Id Web will modify the instance so that it can be used by MSAL.
         /// This modifies this property so that the original value is not changed.
@@ -317,7 +281,6 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             if (string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(microsoftIdentityOptions.Instance))
             {
                 mergedOptions.Instance = microsoftIdentityOptions.Instance;
-                mergedOptions.InstanceOrTenantIdExplicitlyConfigured = true;
             }
 
             if (microsoftIdentityOptions.ResetPasswordPath != Constants.ResetPasswordPath)
@@ -335,7 +298,6 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             if (string.IsNullOrEmpty(mergedOptions.Authority) && !string.IsNullOrEmpty(microsoftIdentityOptions.Authority))
             {
                 mergedOptions.Authority = microsoftIdentityOptions.Authority;
-                mergedOptions.AuthorityExplicitlyConfigured = true;
             }
 
             mergedOptions.ClientCredentials ??= microsoftIdentityOptions.ClientCredentials;
@@ -377,7 +339,6 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             if (string.IsNullOrEmpty(mergedOptions.TenantId) && !string.IsNullOrEmpty(microsoftIdentityOptions.TenantId))
             {
                 mergedOptions.TenantId = microsoftIdentityOptions.TenantId;
-                mergedOptions.InstanceOrTenantIdExplicitlyConfigured = true;
             }
 
             mergedOptions.TokenDecryptionCertificates ??= microsoftIdentityOptions.TokenDecryptionCertificates;
@@ -432,7 +393,6 @@ internal static void UpdateMergedOptionsFromConfidentialClientApplicationOptions
             if (string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(confidentialClientApplicationOptions.Instance))
             {
                 mergedOptions.Instance = confidentialClientApplicationOptions.Instance;
-                mergedOptions.InstanceOrTenantIdExplicitlyConfigured = true;
             }
 
             mergedOptions.IsDefaultPlatformLoggingEnabled |= confidentialClientApplicationOptions.IsDefaultPlatformLoggingEnabled;
@@ -447,7 +407,6 @@ internal static void UpdateMergedOptionsFromConfidentialClientApplicationOptions
             if (string.IsNullOrEmpty(mergedOptions.TenantId) && !string.IsNullOrEmpty(confidentialClientApplicationOptions.TenantId))
             {
                 mergedOptions.TenantId = confidentialClientApplicationOptions.TenantId;
-                mergedOptions.InstanceOrTenantIdExplicitlyConfigured = true;
             }
 
             mergedOptions._confidentialClientApplicationOptions = null;
@@ -514,20 +473,22 @@ internal static void UpdateConfidentialClientApplicationOptionsFromMergedOptions
          */
         internal static void ParseAuthorityIfNecessary(MergedOptions mergedOptions, IdWebLogger.ILogger? logger = null)
         {
-           if (mergedOptions._authorityParsed)
-           {
-               return;
-           }
-
-           if (!string.IsNullOrEmpty(mergedOptions.Authority) &&
-               (!string.IsNullOrEmpty(mergedOptions.Instance) || !string.IsNullOrEmpty(mergedOptions.TenantId)))
-           {
-               mergedOptions.ThrowIfAuthorityConflict();
-
-               // Authority was synthesized (e.g. by MicrosoftEntraApplicationOptions computed getter) -- not a real conflict.
-               mergedOptions._authorityParsed = true;
-               return;
-           }
+            // Check if Authority is configured but being ignored due to Instance/TenantId taking precedence
+            if (!string.IsNullOrEmpty(mergedOptions.Authority) &&
+                (!string.IsNullOrEmpty(mergedOptions.Instance) || !string.IsNullOrEmpty(mergedOptions.TenantId)))
+            {
+                // Log warning that Authority is being ignored
+                if (logger != null)
+                {
+                    MergedOptionsLogging.AuthorityIgnored(
+                        logger,
+                        mergedOptions.Authority!,
+                        mergedOptions.Instance ?? string.Empty,
+                        mergedOptions.TenantId ?? string.Empty);
+                }
+                // Authority is ignored; Instance and TenantId take precedence
+                return;
+            }
 
             if (string.IsNullOrEmpty(mergedOptions.TenantId) && string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(mergedOptions.Authority))
             {
@@ -582,8 +543,6 @@ internal static void ParseAuthorityIfNecessary(MergedOptions mergedOptions, IdWe
                     mergedOptions.Instance = mergedOptions.PreserveAuthority ? mergedOptions.Authority! : authoritySpan.Slice(0, indexTenant).ToString();
                     mergedOptions.TenantId = mergedOptions.PreserveAuthority ? null : authoritySpan.Slice(indexTenant + 1, indexEndOfTenant - indexTenant - 1).ToString();
                 }
-
-                mergedOptions._authorityParsed = true;
             }
         }
 
@@ -593,7 +552,6 @@ internal static void UpdateMergedOptionsFromJwtBearerOptions(JwtBearerOptions jw
             if (string.IsNullOrEmpty(mergedOptions.Authority) && !string.IsNullOrEmpty(jwtBearerOptions.Authority))
             {
                 mergedOptions.Authority = jwtBearerOptions.Authority;
-                mergedOptions.AuthorityExplicitlyConfigured = true;
             }
         }
 #endif

src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs

@@ -322,9 +322,6 @@ s.ServiceKey is null &&
 
                     MergedOptionsValidation.Validate(mergedOptions);
 
-                    // Throw early if Authority conflicts with Instance/TenantId (same check as MSAL path).
-                    mergedOptions.ThrowIfAuthorityConflict();
-
                     if (mergedOptions.Authority != null)
                     {
                         mergedOptions.Authority = AuthorityHelpers.GetAuthorityWithoutQueryIfNeeded(mergedOptions);