Fix test issue caused by static HttpClient and cleanup validation logic

Author: Avery-Dunn

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OidcAuthority.java

@@ -10,6 +10,8 @@ public class OidcAuthority extends Authority {
     //Part of the OpenIdConnect standard, this is appended to the authority to create the endpoint that has OIDC metadata
     static final String WELL_KNOWN_OPENID_CONFIGURATION = ".well-known/openid-configuration";
     private static final String AUTHORITY_FORMAT = "https://%s/%s/";
+    private static final String CIAM_AUTHORITY_FORMAT = "https://%s.ciamlogin.com/%s";
+
     String issuerFromOidcDiscovery;
 
     OidcAuthority(URL authorityUrl) throws MalformedURLException {
@@ -45,32 +47,25 @@ boolean isIssuerValid() {
             return false;
         }
 
-        // Normalize issuer by removing trailing slashes
-        String normalizedIssuer = issuerFromOidcDiscovery;
-        while (normalizedIssuer.endsWith("/")) {
-            normalizedIssuer = normalizedIssuer.substring(0, normalizedIssuer.length() - 1);
-        }
-
         // Case 1: Check against canonicalAuthorityUrl without the well-known segment
         String authorityWithoutWellKnown = canonicalAuthorityUrl.toString();
         if (authorityWithoutWellKnown.endsWith(WELL_KNOWN_OPENID_CONFIGURATION)) {
             authorityWithoutWellKnown = authorityWithoutWellKnown.substring(0,
                     authorityWithoutWellKnown.length() - WELL_KNOWN_OPENID_CONFIGURATION.length());
 
-            // Remove trailing slash if present
-            if (authorityWithoutWellKnown.endsWith("/")) {
-                authorityWithoutWellKnown = authorityWithoutWellKnown.substring(0, authorityWithoutWellKnown.length() - 1);
-            }
+            // Normalize both URLs to ensure consistent comparison
+            String normalizedAuthority = Authority.enforceTrailingSlash(authorityWithoutWellKnown);
+            String normalizedIssuer = Authority.enforceTrailingSlash(issuerFromOidcDiscovery);
 
-            if (normalizedIssuer.equals(authorityWithoutWellKnown)) {
+            if (normalizedIssuer.equals(normalizedAuthority)) {
                 return true;
             }
         }
 
-        // Case 2: Check CIAM format: "https://{tenant}.ciamlogin.com/{tenant}/"
-        if (tenant != null && !tenant.isEmpty()) {
-            String ciamPattern = "https://" + tenant + ".ciamlogin.com/" + tenant;
-            return normalizedIssuer.startsWith(ciamPattern);
+        // Case 2: Check CIAM format: "https://{tenant}.ciamlogin.com/{tenant}"
+        if (!StringHelper.isNullOrBlank(tenant)) {
+            String ciamPattern = String.format(CIAM_AUTHORITY_FORMAT, tenant, tenant);
+            return issuerFromOidcDiscovery.startsWith(ciamPattern);
         }
 
         return false;

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServiceFabricManagedIdentitySource.java

@@ -124,4 +124,9 @@ static void setHttpClient(IHttpClient client) {
         httpClient = client;
         httpHelper = new HttpHelper(httpClient, new ManagedIdentityRetryPolicy());
     }
+
+    static void resetHttpClient() {
+        httpClient = new DefaultHttpClientManagedIdentity(null, null, null, null);
+        httpHelper = new HttpHelper(httpClient, new ManagedIdentityRetryPolicy());
+    }
 }

msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java

@@ -52,6 +52,11 @@ static void resetRetryPolicies() {
         IMDSRetryPolicy.resetToDefaults();
     }
 
+    @AfterAll
+    static void resetServiceFabricHttpClient() {
+        ServiceFabricManagedIdentitySource.resetHttpClient();
+    }
+
     private String getSuccessfulResponse(String resource) {
         long expiresOn = (System.currentTimeMillis() / 1000) + (24 * 3600);//A long-lived, 24 hour token
         return "{\"access_token\":\"accesstoken\",\"expires_on\":\"" + expiresOn + "\",\"resource\":\"" + resource + "\",\"token_type\":" +