Azure · deyaaeldeen · Apr 24, 2026 · Apr 16, 2026 · Apr 17, 2026 · Apr 17, 2026
@@ -13,6 +13,8 @@ import {
 import { describe, it, assert, expect, vi, beforeEach, afterEach } from "vitest";
 import { DEFAULT_CYCLER_OPTIONS } from "../../src/util/tokenCycler.js";
 
+const defaultRequest = () => createPipelineRequest({ url: "https://example.com" });
+
 const { refreshWindowInMs: defaultRefreshWindow } = DEFAULT_CYCLER_OPTIONS;
 
 describe("AuxiliaryAuthenticationHeaderPolicy", function () {
@@ -33,7 +35,7 @@ describe("AuxiliaryAuthenticationHeaderPolicy", function () {
       getToken: fakeGetToken,
     };
 
-    const request = createPipelineRequest({ url: "https://example.com" });
+    const request = defaultRequest();
     const successResponse: PipelineResponse = {
       headers: createHttpHeaders(),
       request,
@@ -81,7 +83,7 @@ describe("AuxiliaryAuthenticationHeaderPolicy", function () {
       getToken: fakeGetToken2,
     };
 
-    const request = createPipelineRequest({ url: "https://example.com" });
+    const request = defaultRequest();
     const successResponse: PipelineResponse = {
       headers: createHttpHeaders(),
       request,
@@ -112,7 +114,7 @@ describe("AuxiliaryAuthenticationHeaderPolicy", function () {
     const shortCredential = new MockRefreshAzureCredential(tokenExpiration);
     const longCredential = new MockRefreshAzureCredential(Date.now() + expireDelayMs * 3);
 
-    const request = createPipelineRequest({ url: "https://example.com" });
+    const request = defaultRequest();
     const successResponse: PipelineResponse = {
       headers: createHttpHeaders(),
       request,
@@ -162,7 +164,7 @@ describe("AuxiliaryAuthenticationHeaderPolicy", function () {
     const getTokenDelay = 100;
     const credential = new MockRefreshAzureCredential(tokenExpiration, getTokenDelay);
 
-    const request = createPipelineRequest({ url: "https://example.com" });
+    const request = defaultRequest();
     const successResponse: PipelineResponse = {
       headers: createHttpHeaders(),
       request,
@@ -231,7 +233,7 @@ describe("AuxiliaryAuthenticationHeaderPolicy", function () {
       getToken: fakeGetToken2,
     };
 
-    const request = createPipelineRequest({ url: "https://example.com" });
+    const request = defaultRequest();
     const successResponse: PipelineResponse = {
       headers: createHttpHeaders(),
       request,
@@ -288,3 +290,50 @@ class MockRefreshAzureCredential implements TokenCredential {
     return { token: "mock-token", expiresOnTimestamp: this.expiresOnTimestamp };
   }
 }
+
+describe("AuxiliaryAuthenticationHeaderPolicy", function () {
+  beforeEach(() => {
+    vi.useFakeTimers({ now: Date.now() });
+  });
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  it("skips setting header when credentials is an empty array", async function () {
+    const request = defaultRequest();
+    const successResponse: PipelineResponse = {
+      headers: createHttpHeaders(),
+      request,
+      status: 200,
+    };
+    const next = vi.fn<SendRequest>();
+    next.mockResolvedValue(successResponse);
+
+    const policy = auxiliaryAuthenticationHeaderPolicy({
+      scopes: ["scope1"],
+      credentials: [],
+    });
+
+    await policy.sendRequest(request, next);
+    assert.isUndefined(request.headers.get("x-ms-authorization-auxiliary"));
+  });
+
+  it("skips setting header when credentials is undefined", async function () {
+    const request = defaultRequest();
+    const successResponse: PipelineResponse = {
+      headers: createHttpHeaders(),
+      request,
+      status: 200,
+    };
+    const next = vi.fn<SendRequest>();
+    next.mockResolvedValue(successResponse);
+
+    const policy = auxiliaryAuthenticationHeaderPolicy({
+      scopes: ["scope1"],
+      credentials: undefined,
+    });
+
+    await policy.sendRequest(request, next);
+    assert.isUndefined(request.headers.get("x-ms-authorization-auxiliary"));
+  });
+});