AudienceNetwork (S2S): add missing ext.security_app_id in OpenRTB requests to fix production auth failures

[PeakLee]

In short:
AudienceNetwork (S2S): include ext.security_app_id in OpenRTB requests.
Fixes a production-only 400 ("Error validating authentication token") when test=0,
while test=1 works. Adds field wiring in AudienceNetworkExt and passes it through
AudienceNetworkBidder. Verified end-to-end with Meta Audience Network engineers.

Summary

This PR fixes a production-only failure in the Meta Audience Network (AN) S2S bidding integration within Prebid Server Java.
In production (test=0), AN requires ext.security_app_id alongside ext.authentication_id for request authentication. The field was not present in outgoing requests, leading to 400 responses (x-fb-an-errors: Error validating authentication token).
Adding ext.security_app_id resolves the issue. Test mode (test=1) remained unaffected, which masked the missing field during integration testing.

Problem Statement
# Observed:
• test=1 requests succeed end-to-end.
• test=0 requests fail with HTTP 400, headers include x-fb-an-errors=Error validating authentication token, often with empty body and standard Meta edge headers.
# Impact: Audience Network bidding seat is effectively disabled in production traffic, reducing competition and potential yield.

[Copilot]

Pull Request Overview

This PR fixes a production authentication failure in the Meta Audience Network S2S bidding integration by adding the missing ext.security_app_id field to OpenRTB requests. The issue was causing 400 errors with "Error validating authentication token" in production mode (test=0) while test mode (test=1) continued to work.

• Added securityAppId field to AudienceNetworkExt class with proper JSON serialization
• Updated AudienceNetworkBidder to pass the platform ID as the security app ID in OpenRTB requests

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
AudienceNetworkExt.java	Added securityAppId field with JsonProperty annotation for OpenRTB serialization
AudienceNetworkBidder.java	Modified request building to include platformId as the securityAppId parameter

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The platformId parameter is passed twice - once for the platformid field and again for the securityAppId field. Consider extracting this to a variable or adding a comment explaining why the same value is used for both fields to improve code clarity.

[PeakLee]

@SerhiiNahornyi help to check it

[osulzhenko]

@PeakLee pls fix checkstyle

Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/main/java/org/prebid/server/bidder/audiencenetwork/AudienceNetworkBidder.java:121: Line is longer than 120 characters (found 123). [LineLength]
Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/main/java/org/prebid/server/bidder/audiencenetwork/proto/AudienceNetworkExt.java:6: Leave empty row after class/interface/enum definition! [RegexpMultiline]

[PeakLee]

@PeakLee pls fix checkstyle

Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/main/java/org/prebid/server/bidder/audiencenetwork/AudienceNetworkBidder.java:121: Line is longer than 120 characters (found 123). [LineLength]
Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/main/java/org/prebid/server/bidder/audiencenetwork/proto/AudienceNetworkExt.java:6: Leave empty row after class/interface/enum definition! [RegexpMultiline]

@osulzhenko please check it again, just fixed the checkstyle issue and import missed "JsonProperty" annotation

[osulzhenko]

@PeakLee it still has invalid code in tests. Please take a look when you have time

Error:  COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/test/java/org/prebid/server/bidder/audiencenetwork/AudienceNetworkBidderTest.java:[484,43] method of in class org.prebid.server.bidder.audiencenetwork.proto.AudienceNetworkExt cannot be applied to given types;
  required: java.lang.String,java.lang.String,java.lang.String
  found:    java.lang.String,java.lang.String
  reason: actual and formal argument lists differ in length

[PeakLee]

really sorry, forget the testcase updated, but i hava just fixed the issue, please check it again @osulzhenko , really appreciated !

@PeakLee it still has invalid code in tests. Please take a look when you have time

Error:  COMPILATION ERROR : 
[INFO] -------------------------------------------------------------
Error:  /home/runner/work/prebid-server-java/prebid-server-java/src/test/java/org/prebid/server/bidder/audiencenetwork/AudienceNetworkBidderTest.java:[484,43] method of in class org.prebid.server.bidder.audiencenetwork.proto.AudienceNetworkExt cannot be applied to given types;
  required: java.lang.String,java.lang.String,java.lang.String
  found:    java.lang.String,java.lang.String
  reason: actual and formal argument lists differ in length

[PeakLee]

@AntoxaAntoxic please help to check this merge request, thanks a lot

[AntoxaAntoxic]

Here is a few comments.

And also a question: Is there the same PR for PBS Go? If yes, please link it here.

Thank you!

[AntoxaAntoxic]

@JsonPropertys are redundant here, please remove

[AntoxaAntoxic]

please fix formatting

.ext(mapper.fillExtension(
        ExtRequest.empty(),
        AudienceNetworkExt.of(platformId, makeAuthId(bidRequest.getId()), platformId)))

[AntoxaAntoxic]

May I ask you to change values of the properties to something more readable like

"authentication_id": "authentication_id",
"platformid": "platformid",
"security_app_id": "platformid"

It'll be much more readable

P.S. I'd nice if you do the same in the AudienceNetworkBidderTest

[PeakLee]

ok, thanks @AntoxaAntoxic

[osulzhenko]

@PeakLee any updates on this one?