Change IDX10239 and IDX10234 log level to Verbose with opt-in switch

[Copilot]

Change IDX10239 and IDX10234 log level to Verbose with opt-in switch

• You've read the Contributor Guide and Code of Conduct.
• You've included unit or integration tests for your change, where applicable.
• You've included inline docs for your change, where applicable.
• If any gains or losses in performance are possible, you've included benchmarks for your changes. More info
• There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

Reduce log noise from success validation messages (IDX10239, IDX10234) during multi-policy validation scenarios.

Description

Success-path validation logs IDX10239 (lifetime valid) and IDX10234 (audience validated) now default to Verbose level instead of Informational. An AppContext switch provides backward compatibility.

Changes:

• Added Switch.Microsoft.IdentityModel.SuccessValidationLogsAsInformation to AppContextSwitches.cs
• Updated log level checks in 5 locations:
  • ValidatorUtilities.cs: IDX10239 lifetime validation
  • Validators.cs: IDX10234 audience validation (2 locations)
  • Experimental/Validation/Validators.Audience.cs: IDX10234 audience validation (2 locations)
• Added 6 tests covering default Verbose behavior and switch-enabled Informational behavior

Usage:

Restore Informational level logging for backward compatibility:

AppContext.SetSwitch("Switch.Microsoft.IdentityModel.SuccessValidationLogsAsInformation", true);

Default behavior (Verbose) requires no code changes.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature Request] LogVerbose for IDX10239 and IDX10234</issue_title>
<issue_description>Is your feature request related to a problem? Please describe.
IDX10239, IDX10234 log messages are seen multiple times when multiple policy validations are done. Is it possible to decrease log level of these messages?

Describe the solution you'd like
• Change success-path validation logs IDX10239 (lifetime valid) and IDX10234 (audience validated) from Informational to Verbose by default to reduce noise across multiple policy validations.
• Add AppContext switch "Switch.Microsoft.IdentityModel.SuccessValidationLogsAsInformation" to opt back into Informational for backward compatibility; document as a behavioral change for the next major release.
</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature Request] LogVerbose for IDX10239 and IDX10234 #3408

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[RojaEnnam]

@copilot can you also add the relevant tests to verify the behavior of the context switch when it is enabled and when it is disabled.

[Copilot]

@copilot can you also add the relevant tests to verify the behavior of the context switch when it is enabled and when it is disabled.

I've already added comprehensive tests in commit b311a69 that verify the AppContext switch behavior:

When switch is disabled (default):

• ValidateLifetime_LogsAtVerboseByDefault - Verifies IDX10239 logs at Verbose
• ValidateAudience_LogsAtVerboseByDefault - Verifies IDX10234 logs at Verbose
• ValidateAudience_WithTrailingSlash_LogsAtVerboseByDefault - Verifies IDX10234 logs at Verbose (trailing slash case)

When switch is enabled:

• ValidateLifetime_LogsAtInformationalWhenSwitchEnabled - Verifies IDX10239 logs at Informational
• ValidateAudience_LogsAtInformationalWhenSwitchEnabled - Verifies IDX10234 logs at Informational
• ValidateAudience_WithTrailingSlash_LogsAtInformationalWhenSwitchEnabled - Verifies IDX10234 logs at Informational (trailing slash case)

All 6 tests pass successfully.