Fixing the condition of throwing missingTenantIdError (#7528)

[star-starry-sea]

Hello.
The PR is created to fix the issue #7528.
In the PR, I change the condition of throwing missingTenantIdError to make it conform to the annotation description and meet the actual usage needs (acquireTokenByClientCredential) when the Azure application option is only for individual tenants.

[star-starry-sea]

@microsoft-github-policy-service agree

[star-starry-sea]

Anyone who can have a look at it please?

[devopsbob]

Some review comments and ideas to consider.
Drops third case described in line 61 for any-of-combination by dropping "or consumers". Requires design knowledge I would say. It would seem to me a common or organization may also have sub-tenants or that a tenant is not otherwise known to the vast ADFS->Entra federation and exists only as a registered tenant. Would this test check cause potential leak of valid tenant ids whos definition has no parent common or organization, or whose tenant id has no children common or organization or subtenant. Are there any context segment hopping or linking/branching that forward tenant id into common or organization - ie /common, /organization and common/ or organization/. Crafting additional tests showing or understanding these contexts may be helpful.
Ref: https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority
Ref: https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/adfs-support#cases-where-identity-providers-are-federated-with-microsoft-entra-id

[star-starry-sea]

Some review comments and ideas to consider. Drops third case described in line 61 for any-of-combination by dropping "or consumers". Requires design knowledge I would say. It would seem to me a common or organization may also have sub-tenants or that a tenant is not otherwise known to the vast ADFS->Entra federation and exists only as a registered tenant. Would this test check cause potential leak of valid tenant ids whos definition has no parent common or organization, or whose tenant id has no children common or organization or subtenant. Are there any context segment hopping or linking/branching that forward tenant id into common or organization - ie /common, /organization and common/ or organization/. Crafting additional tests showing or understanding these contexts may be helpful. Ref: https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority Ref: https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/adfs-support#cases-where-identity-providers-are-federated-with-microsoft-entra-id

Thanks much for your comment!