fix(auth-validator): [PM-22975] Client Version Validator - Fixed more tests. Checking in with CI to see how it's looking.

test/Identity.IntegrationTest/Endpoints/IdentityServerSsoTests.cs

@@ -630,11 +630,6 @@ public class IdentityServerSsoTests
                 .Returns(Task.FromResult(true));
         });
 
-        // Compute PKCE S256 code challenge explicitly (base64url of SHA256)
-        var challengeBytes = System.Text.Encoding.ASCII.GetBytes(challenge);
-        var hash = System.Security.Cryptography.SHA256.HashData(challengeBytes);
-        var codeChallenge = Duende.IdentityModel.Base64Url.Encode(hash);
-
         var authorizationCode = new AuthorizationCode
         {
             ClientId = "web",
@@ -642,8 +637,8 @@ public class IdentityServerSsoTests
             Lifetime = (int)TimeSpan.FromMinutes(5).TotalSeconds,
             RedirectUri = "https://localhost:8080/sso-connector.html",
             RequestedScopes = ["api", "offline_access"],
-            CodeChallenge = codeChallenge,
-            CodeChallengeMethod = "S256",
+            CodeChallenge = challenge.Sha256(),
+            CodeChallengeMethod = "plain",
             Subject = null!, // Temporarily set it to null
         };
 

test/Identity.IntegrationTest/Endpoints/IdentityServerTests.cs

@@ -9,11 +9,14 @@ using Bit.Core.Enums;
 using Bit.Core.Platform.Installations;
 using Bit.Core.Repositories;
 using Bit.Core.Test.Auth.AutoFixture;
+using Bit.Identity.IdentityServer;
+using Bit.Identity.IdentityServer.RequestValidators;
 using Bit.IntegrationTestCommon.Factories;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Helpers;
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.EntityFrameworkCore;
+using NSubstitute;
 using Xunit;
 
 namespace Bit.Identity.IntegrationTest.Endpoints;
@@ -29,6 +32,14 @@ public class IdentityServerTests : IClassFixture<IdentityApplicationFactory>
     public IdentityServerTests(IdentityApplicationFactory factory)
     {
         _factory = factory;
+
+        // Bypass client version gating to isolate SSO test behavior
+        _factory.SubstituteService<IClientVersionValidator>(svc =>
+        {
+            svc.ValidateAsync(Arg.Any<User>(), Arg.Any<CustomValidatorRequestContext>())
+                .Returns(Task.FromResult(true));
+        });
+
         ReinitializeDbForTests(_factory);
     }
 

test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs

@@ -9,6 +9,8 @@ using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Services;
 using Bit.Identity;
+using Bit.Identity.IdentityServer;
+using Bit.Identity.IdentityServer.RequestValidators;
 using Bit.Test.Common.Helpers;
 using LinqToDB;
 using Microsoft.AspNetCore.Hosting;
@@ -46,6 +48,13 @@ public class IdentityApplicationFactory : WebApplicationFactoryBase<Startup>
                 });
         });
 
+        // Bypass client version gating to isolate tests from client version behavior
+        SubstituteService<IClientVersionValidator>(svc =>
+        {
+            svc.ValidateAsync(Arg.Any<User>(), Arg.Any<CustomValidatorRequestContext>())
+                .Returns(Task.FromResult(true));
+        });
+
         base.ConfigureWebHost(builder);
     }
 

test/IntegrationTestCommon/Factories/WebApplicationFactoryBase.cs

@@ -131,6 +131,10 @@ public abstract class WebApplicationFactoryBase<T> : WebApplicationFactory<T>
             { "globalSettings:databaseProvider", "postgres" },
             { "globalSettings:postgreSql:connectionString", "Host=localhost;Username=test;Password=test;Database=test" },
 
+            // Ensure base service URIs are defined for tests (used for client redirect URIs)
+            { "globalSettings:baseServiceUri:vault", "https://localhost:8080" },
+            { "globalSettings:baseServiceUri:internalVault", "https://localhost:8080" },
+
             // Clear the redis connection string for distributed caching, forcing an in-memory implementation
             { "globalSettings:redis:connectionString", "" },