Cherry pick for 8.9.2

[HauklandJ]

Description

Chery pick into release/v8.9

Related Issue(s)

• #{issue number}

Verification

• Your code builds clean without any errors or warnings
• Manual testing done (required)
• Relevant automated test added (if you find this hard, leave it and we'll help out)
• All tests run green

Documentation

• User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

Summary by CodeRabbit

• Tests
  • Optimized test execution by replacing polling logic with a fixed delay approach, maintaining consistent test behavior while improving efficiency.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The change replaces a polling loop with a fixed short delay in a test method, simplifying the synchronization mechanism while maintaining equivalent observable behavior for the issuer refresh test case.

Changes

Cohort / File(s)	Summary
Test synchronization refactor test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs	Replaced iterative polling loop with deterministic fixed delay before issuer refresh verification; observable test outcome unchanged (issuer1 → issuer1 → issuer2)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The PR title 'Cherry pick for 8.9.2' is vague and does not clearly describe the actual changes made. The changes involve test modifications related to MaskinportenClient polling behavior and Azure Key Vault configuration, but the title gives no indication of these specifics.	Use a more descriptive title that reflects the main changes, such as 'Simplify MaskinportenClient test polling logic' or 'Update MaskinportenClient test to use fixed delay instead of polling loop'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch main-merge-8.9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs (1)

554-557: Consider polling with timeout instead of fixed delay.

The fixed 50ms delay assumes the background refresh completes within that timeframe, which could lead to flaky test failures on slower CI machines or under load. A polling approach with a reasonable timeout would be more robust and deterministic.

♻️ Suggested polling approach

-        // Wait for background refresh to complete
-        await Task.Delay(50);
-
-        // Third call gets the refreshed value
-        var result3 = await client.GetAudienceFromWellKnown();
+        // Wait for background refresh to complete by polling
+        var result3 = issuer1;
+        for (int i = 0; i < 20 && result3 == issuer1; i++)
+        {
+            await Task.Delay(10);
+            result3 = await client.GetAudienceFromWellKnown();
+        }

This polls up to 200ms but exits early once the refresh completes, making the test both faster on average and more reliable.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e576fb6 and c700926.

📒 Files selected for processing (1)

• test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs

🧰 Additional context used

📓 Path-based instructions (2)

**/*.cs

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.cs: Use CSharpier for code formatting (required before commits). Formatting happens automatically when building due to CSharpier.MSBuild
Use internal accessibility on types by default
Use sealed for classes unless inheritance is considered a valid use-case
Use Nullable Reference Types in C#
Remember to dispose IDisposable/IAsyncDisposable instances
For HTTP APIs, define ...Request and ...Response DTOs (e.g., LookupPersonRequest.cs and corresponding response)
Types meant to be implemented by apps should be marked with the ImplementableByApps attribute
Don't use .GetAwaiter().GetResult(), .Result(), .Wait() or other blocking APIs on Task
Don't use Async suffix for async methods
Write efficient code: Don't allocate unnecessarily (e.g., avoid calling ToString twice in a row, store in a variable; sometimes a for loop is better than LINQ)
Don't invoke the same async operation multiple times in the same codepath unless necessary
Don't await async operations in a loop (prefer batching, but maintain an upper bound on parallelism that makes sense)
Use strongly-typed configuration classes instead of untyped configuration
Register services in DI container properly following existing patterns

Files:

• test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs

**/test/**/*.cs

📄 CodeRabbit inference engine (CLAUDE.md)

**/test/**/*.cs: Prefer xUnit asserts over FluentAssertions in tests
Mock external dependencies with Moq in tests

Files:

• test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs

🧠 Learnings (2)

📚 Learning: 2025-08-22T13:46:43.017Z

Learnt from: martinothamar
Repo: Altinn/app-lib-dotnet PR: 1446
File: test/Altinn.App.Integration.Tests/Basic/_snapshots/BasicAppTests.Full_auth=ServiceOwner_testCase=MultipartXmlPrefill_7_Logs.verified.txt:41-42
Timestamp: 2025-08-22T13:46:43.017Z
Learning: In Altinn App Integration Tests, OldUser and OldServiceOwner test snapshots intentionally preserve the legacy "AuthMethod: localtest" authentication method as part of a migration strategy, while new User and ServiceOwner tests use updated authentication methods like BankID and maskinporten. The "Old*" variants should not be updated to remove localtest references.

Applied to files:

• test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs

📚 Learning: 2025-10-17T07:45:15.474Z

Learnt from: bjorntore
Repo: Altinn/app-lib-dotnet PR: 1474
File: test/Altinn.App.Core.Tests/PublicApiTests.PublicApi_ShouldNotChange_Unintentionally.verified.txt:233-237
Timestamp: 2025-10-17T07:45:15.474Z
Learning: In Altinn/app-lib-dotnet, maintainers accept source compatibility without guaranteeing binary compatibility across versions because consumers upgrade via NuGet and rebuild. Adding optional parameters to public extension methods (e.g., CancellationToken) is acceptable provided release notes document the change.

Applied to files:

• test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs

🧬 Code graph analysis (1)

test/Altinn.App.Core.Tests/Features/Maskinporten/MaskinportenClientTest.cs (1)

src/Altinn.App.Core/Features/Maskinporten/MaskinportenClient.cs (8)

• Task (97-104)
• Task (107-114)
• Task (121-172)
• Task (181-218)
• Task (227-272)
• Task (338-375)
• Task (449-465)
• Task (467-484)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Analyze (csharp)
• GitHub Check: Run dotnet build and test (macos-latest)
• GitHub Check: Static code analysis
• GitHub Check: Run dotnet build and test (ubuntu-latest)
• GitHub Check: Run dotnet build and test (windows-latest)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud