Deprecate ResponseMode.QUERY in system browser auth flow, automatically override to FORM_POST with warning

[ashok672]

The system browser authentication flow no longer supports query response mode. This change deprecates ResponseMode.QUERY . When developers pass ResponseMode.QUERY, it will be automatically overridden to FORM_POST with a warning log, ensuring backward compatibility while guiding users to the supported mode.

[Copilot]

Pull request overview

This pull request deprecates the ResponseMode.QUERY option in the system browser authentication flow due to lack of support. When developers pass ResponseMode.QUERY, it is now automatically overridden to ResponseMode.FORM_POST with a warning log message, ensuring backward compatibility.

Changes:

• Added deprecation annotation to ResponseMode.QUERY enum value with documentation explaining the override behavior
• Implemented automatic override logic in AuthorizationRequestUrlParameters to convert QUERY to FORM_POST with a warning log
• Replaced comprehensive optional parameters test with a focused test for QUERY override behavior
• Added build artifact (log4j.properties) to version control

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java	Added deprecation annotation and documentation to QUERY enum value
msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java	Implemented override logic to convert QUERY to FORM_POST with warning, added deprecation to responseMode() method
msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java	Replaced comprehensive optional parameters test with focused QUERY override validation test
msal4j-persistence-extension/target/test-classes/log4j.properties	Added log4j configuration file in build output directory

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Avery-Dunn]

Rather than add the logic to check for Query here, it might be simpler to add an if statement to the actual builder method:

public Builder responseMode(ResponseMode val) {
    // Override QUERY with FORM_POST as QUERY is deprecated
    if (val == ResponseMode.QUERY) {
        LOG.warn("ResponseMode.QUERY is deprecated and will be removed in a future release. " +
                "Automatically overriding to ResponseMode.FORM_POST.");
        this.responseMode = ResponseMode.FORM_POST;
    } else {
        this.responseMode = val;
    }
    return self();
}

That way, this constructor stays the same and only valid values get set in the builder.

[bgavrilMS]

Agreed, we should not change the AuthCodeUri for all scenarios. Or change it, but deprecate the "GetAuthorizationRequestUri" existing API and add a "GetAuthorizationRequestUriWithPost" and fully deprecate ResponseMode param

[Avery-Dunn]

See above comments: looks like there are some unnecessary additions and changes to the tests.

[Avery-Dunn]

This file can be removed entirely, it's in the "target" directory which means it's just a file that gets made when building the project and seems to just have some comments from Copilot?