microsoft-agents-authentication-msal 0.4.0.dev16__tar.gz → 0.5.0__tar.gz

microsoft_agents_authentication_msal-0.5.0/LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

microsoft_agents_authentication_msal-0.5.0/PKG-INFO

@@ -0,0 +1,166 @@
+Metadata-Version: 2.4
+Name: microsoft-agents-authentication-msal
+Version: 0.5.0
+Summary: A msal-based authentication library for Microsoft Agents
+Author: Microsoft Corporation
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/microsoft/Agents
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: microsoft-agents-hosting-core==0.5.0
+Requires-Dist: msal>=1.31.1
+Requires-Dist: requests>=2.32.3
+Requires-Dist: cryptography>=44.0.0
+Dynamic: license-file
+Dynamic: requires-dist
+
+# Microsoft Agents MSAL Authentication
+
+[![PyPI version](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/)
+
+Provides secure authentication for your agents using Microsoft Authentication Library (MSAL). It handles getting tokens from Azure AD so your agent can securely communicate with Microsoft services like Teams, Graph API, and other Azure resources.
+
+# What is this?
+
+This library is part of the **Microsoft 365 Agents SDK for Python** - a comprehensive framework for building enterprise-grade conversational AI agents. The SDK enables developers to create intelligent agents that work across multiple platforms including Microsoft Teams, M365 Copilot, Copilot Studio, and web chat, with support for third-party integrations like Slack, Facebook Messenger, and Twilio.
+
+## Release Notes
+<table style="width:100%">
+  <tr>
+    <th style="width:20%">Version</th>
+    <th style="width:20%">Date</th>
+    <th style="width:60%">Release Notes</th>
+  </tr>
+  <tr>
+    <td>0.5.0</td>
+    <td>2025-10-22</td>
+    <td>
+      <a href="https://github.com/microsoft/Agents-for-python/blob/main/changelog.md">
+        0.5.0 Release Notes
+      </a>
+    </td>
+  </tr>
+</table>
+
+## Packages Overview
+
+We offer the following PyPI packages to create conversational experiences based on Agents:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-activity` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-activity)](https://pypi.org/project/microsoft-agents-activity/) | Types and validators implementing the Activity protocol spec. |
+| `microsoft-agents-hosting-core` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-core)](https://pypi.org/project/microsoft-agents-hosting-core/) | Core library for Microsoft Agents hosting. |
+| `microsoft-agents-hosting-aiohttp` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-aiohttp)](https://pypi.org/project/microsoft-agents-hosting-aiohttp/) | Configures aiohttp to run the Agent. |
+| `microsoft-agents-hosting-teams` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-teams)](https://pypi.org/project/microsoft-agents-hosting-teams/) | Provides classes to host an Agent for Teams. |
+| `microsoft-agents-storage-blob` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-blob)](https://pypi.org/project/microsoft-agents-storage-blob/) | Extension to use Azure Blob as storage. |
+| `microsoft-agents-storage-cosmos` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-cosmos)](https://pypi.org/project/microsoft-agents-storage-cosmos/) | Extension to use CosmosDB as storage. |
+| `microsoft-agents-authentication-msal` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/) | MSAL-based authentication for Microsoft Agents. |
+
+Additionally we provide a Copilot Studio Client, to interact with Agents created in CopilotStudio:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-copilotstudio-client` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-copilotstudio-client)](https://pypi.org/project/microsoft-agents-copilotstudio-client/) | Direct to Engine client to interact with Agents created in CopilotStudio |
+
+## Installation
+
+```bash
+pip install microsoft-agents-authentication-msal
+```
+
+## Quick Start
+
+### Basic Setup with Client Secret
+
+Define your client secrets in the ENV file
+```python
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=client-id
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=client-secret
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=tenant-id
+```
+
+Load the Configuration (Code from [main.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/main.py))
+
+```python
+from .start_server import start_server
+
+start_server(
+    agent_application=AGENT_APP,
+    auth_configuration=CONNECTION_MANAGER.get_default_connection_configuration(),
+)
+```
+Then start the Agent (code snipped from (start_server.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/start_server.py)):
+
+```python
+def start_server(
+    agent_application: AgentApplication, auth_configuration: AgentAuthConfiguration
+):
+    async def entry_point(req: Request) -> Response:
+        agent: AgentApplication = req.app["agent_app"]
+        adapter: CloudAdapter = req.app["adapter"]
+        return await start_agent_process(
+            req,
+            agent,
+            adapter,
+        )
+[...]
+```
+
+## Authentication Types
+The M365 Agents SDK in Python supports the following Auth types:
+```python
+class AuthTypes(str, Enum):
+    certificate = "certificate"
+    certificate_subject_name = "CertificateSubjectName"
+    client_secret = "ClientSecret"
+    user_managed_identity = "UserManagedIdentity"
+    system_managed_identity = "SystemManagedIdentity"
+```
+
+## Key Classes
+
+- **`MsalAuth`** - Core authentication provider using MSAL
+- **`MsalConnectionManager`** - Manages multiple authentication connections
+
+## Features
+
+✅ **Multiple auth types** - Client secret, certificate, managed identity  
+✅ **Token caching** - Automatic token refresh and caching  
+✅ **Multi-tenant** - Support for different Azure AD tenants  
+✅ **Agent-to-agent** - Secure communication between agents  
+✅ **On-behalf-of** - Act on behalf of users  
+
+# Security Best Practices
+
+- Store secrets in Azure Key Vault or environment variables
+- Use managed identities when possible (no secrets to manage)
+- Regularly rotate client secrets and certificates
+- Use least-privilege principle for scopes and permissions
+
+# Quick Links
+
+- 📦 [All SDK Packages on PyPI](https://pypi.org/search/?q=microsoft-agents)
+- 📖 [Complete Documentation](https://aka.ms/agents)
+- 💡 [Python Samples Repository](https://github.com/microsoft/Agents/tree/main/samples/python)
+- 🐛 [Report Issues](https://github.com/microsoft/Agents-for-python/issues)
+
+# Sample Applications
+Explore working examples in the [Python samples repository](https://github.com/microsoft/Agents/tree/main/samples/python):
+
+|Name|Description|README|
+|----|----|----|
+|Quickstart|Simplest agent|[Quickstart](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/README.md)|
+|Auto Sign In|Simple OAuth agent using Graph and GitHub|[auto-signin](https://github.com/microsoft/Agents/blob/main/samples/python/auto-signin/README.md)|
+|OBO Authorization|OBO flow to access a Copilot Studio Agent|[obo-authorization](https://github.com/microsoft/Agents/blob/main/samples/python/obo-authorization/README.md)|
+|Semantic Kernel Integration|A weather agent built with Semantic Kernel|[semantic-kernel-multiturn](https://github.com/microsoft/Agents/blob/main/samples/python/semantic-kernel-multiturn/README.md)|
+|Streaming Agent|Streams OpenAI responses|[azure-ai-streaming](https://github.com/microsoft/Agents/blob/main/samples/python/azureai-streaming/README.md)|
+|Copilot Studio Client|Console app to consume a Copilot Studio Agent|[copilotstudio-client](https://github.com/microsoft/Agents/blob/main/samples/python/copilotstudio-client/README.md)|
+|Cards Agent|Agent that uses rich cards to enhance conversation design |[cards](https://github.com/microsoft/Agents/blob/main/samples/python/cards/README.md)|

{microsoft_agents_authentication_msal-0.4.0.dev16 → microsoft_agents_authentication_msal-0.5.0}/microsoft_agents/authentication/msal/msal_auth.py

@@ -1,5 +1,9 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
 from __future__ import annotations
 
+import asyncio
 import logging
 import jwt
 from typing import Optional
@@ -36,12 +40,29 @@ class _DeferredLogOfBlueprintId:
         return f"Agentic blueprint id: {agentic_blueprint_id}"
 
 
+async def _async_acquire_token_for_client(msal_auth_client, *args, **kwargs):
+    """MSAL in Python does not support async, so we use asyncio.to_thread to run it in
+    a separate thread and avoid blocking the event loop
+    """
+    return await asyncio.to_thread(
+        lambda: msal_auth_client.acquire_token_for_client(*args, **kwargs)
+    )
+
+
 class MsalAuth(AccessTokenProviderBase):
 
     _client_credential_cache = None
 
     def __init__(self, msal_configuration: AgentAuthConfiguration):
+        """Initializes the MsalAuth class with the given configuration.
+
+        :param msal_configuration: The MSAL authentication configuration. Assumed to
+            not be mutated after being passed in.
+        :type msal_configuration: AgentAuthConfiguration
+        """
+
         self._msal_configuration = msal_configuration
+        self._msal_auth_client = None
         logger.debug(
             f"Initializing MsalAuth with configuration: {self._msal_configuration}"
         )
@@ -57,17 +78,17 @@ class MsalAuth(AccessTokenProviderBase):
             raise ValueError("Invalid instance URL")
 
         local_scopes = self._resolve_scopes_list(instance_uri, scopes)
-        msal_auth_client = self._create_client_application()
+        self._create_client_application()
 
-        if isinstance(msal_auth_client, ManagedIdentityClient):
+        if isinstance(self._msal_auth_client, ManagedIdentityClient):
             logger.info("Acquiring token using Managed Identity Client.")
-            auth_result_payload = msal_auth_client.acquire_token_for_client(
-                resource=resource_url
+            auth_result_payload = await _async_acquire_token_for_client(
+                self._msal_auth_client, resource=resource_url
             )
-        elif isinstance(msal_auth_client, ConfidentialClientApplication):
+        elif isinstance(self._msal_auth_client, ConfidentialClientApplication):
             logger.info("Acquiring token using Confidential Client Application.")
-            auth_result_payload = msal_auth_client.acquire_token_for_client(
-                scopes=local_scopes
+            auth_result_payload = await _async_acquire_token_for_client(
+                self._msal_auth_client, scopes=local_scopes
             )
         else:
             auth_result_payload = None
@@ -76,6 +97,7 @@ class MsalAuth(AccessTokenProviderBase):
         if not res:
             logger.error("Failed to acquire token for resource %s", auth_result_payload)
             raise ValueError(f"Failed to acquire token. {str(auth_result_payload)}")
+
         return res
 
     async def acquire_token_on_behalf_of(
@@ -88,19 +110,23 @@ class MsalAuth(AccessTokenProviderBase):
         :return: The access token as a string.
         """
 
-        msal_auth_client = self._create_client_application()
-        if isinstance(msal_auth_client, ManagedIdentityClient):
+        self._create_client_application()
+        if isinstance(self._msal_auth_client, ManagedIdentityClient):
             logger.error(
                 "Attempted on-behalf-of flow with Managed Identity authentication."
             )
             raise NotImplementedError(
                 "On-behalf-of flow is not supported with Managed Identity authentication."
             )
-        elif isinstance(msal_auth_client, ConfidentialClientApplication):
+        elif isinstance(self._msal_auth_client, ConfidentialClientApplication):
             # TODO: Handling token error / acquisition failed
 
-            token = msal_auth_client.acquire_token_on_behalf_of(
-                user_assertion=user_assertion, scopes=scopes
+            # MSAL in Python does not support async, so we use asyncio.to_thread to run it in
+            # a separate thread and avoid blocking the event loop
+            token = await asyncio.to_thread(
+                lambda: self._msal_auth_client.acquire_token_on_behalf_of(
+                    scopes=scopes, user_assertion=user_assertion
+                )
             )
 
             if "access_token" not in token:
@@ -112,19 +138,19 @@ class MsalAuth(AccessTokenProviderBase):
             return token["access_token"]
 
         logger.error(
-            f"On-behalf-of flow is not supported with the current authentication type: {msal_auth_client.__class__.__name__}"
+            f"On-behalf-of flow is not supported with the current authentication type: {self._msal_auth_client.__class__.__name__}"
         )
         raise NotImplementedError(
-            f"On-behalf-of flow is not supported with the current authentication type: {msal_auth_client.__class__.__name__}"
+            f"On-behalf-of flow is not supported with the current authentication type: {self._msal_auth_client.__class__.__name__}"
         )
 
-    def _create_client_application(
-        self,
-    ) -> ManagedIdentityClient | ConfidentialClientApplication:
-        msal_auth_client = None
+    def _create_client_application(self) -> None:
+
+        if self._msal_auth_client:
+            return
 
         if self._msal_configuration.AUTH_TYPE == AuthTypes.user_managed_identity:
-            msal_auth_client = ManagedIdentityClient(
+            self._msal_auth_client = ManagedIdentityClient(
                 UserAssignedManagedIdentity(
                     client_id=self._msal_configuration.CLIENT_ID
                 ),
@@ -132,7 +158,7 @@ class MsalAuth(AccessTokenProviderBase):
             )
 
         elif self._msal_configuration.AUTH_TYPE == AuthTypes.system_managed_identity:
-            msal_auth_client = ManagedIdentityClient(
+            self._msal_auth_client = ManagedIdentityClient(
                 SystemAssignedManagedIdentity(),
                 http_client=Session(),
             )
@@ -173,14 +199,12 @@ class MsalAuth(AccessTokenProviderBase):
                 )
                 raise NotImplementedError("Authentication type not supported")
 
-            msal_auth_client = ConfidentialClientApplication(
+            self._msal_auth_client = ConfidentialClientApplication(
                 client_id=self._msal_configuration.CLIENT_ID,
                 authority=authority,
                 client_credential=self._client_credential_cache,
             )
 
-        return msal_auth_client
-
     @staticmethod
     def _uri_validator(url_str: str) -> tuple[bool, Optional[URI]]:
         try:
@@ -225,12 +249,13 @@ class MsalAuth(AccessTokenProviderBase):
             "Attempting to get agentic application token from agent_app_instance_id %s",
             agent_app_instance_id,
         )
-        msal_auth_client = self._create_client_application()
+        self._create_client_application()
 
-        if isinstance(msal_auth_client, ConfidentialClientApplication):
+        if isinstance(self._msal_auth_client, ConfidentialClientApplication):
 
             # https://github.dev/AzureAD/microsoft-authentication-library-for-dotnet
-            auth_result_payload = msal_auth_client.acquire_token_for_client(
+            auth_result_payload = await _async_acquire_token_for_client(
+                self._msal_auth_client,
                 ["api://AzureAdTokenExchange/.default"],
                 data={"fmi_path": agent_app_instance_id},
             )
@@ -281,8 +306,8 @@ class MsalAuth(AccessTokenProviderBase):
             client_credential={"client_assertion": agent_token_result},
         )
 
-        agentic_instance_token = instance_app.acquire_token_for_client(
-            ["api://AzureAdTokenExchange/.default"]
+        agentic_instance_token = await _async_acquire_token_for_client(
+            instance_app, ["api://AzureAdTokenExchange/.default"]
         )
 
         if not agentic_instance_token:
@@ -308,28 +333,28 @@ class MsalAuth(AccessTokenProviderBase):
         return agentic_instance_token["access_token"], agent_token_result
 
     async def get_agentic_user_token(
-        self, agent_app_instance_id: str, upn: str, scopes: list[str]
+        self, agent_app_instance_id: str, agentic_user_id: str, scopes: list[str]
     ) -> Optional[str]:
-        """Gets the agentic user token for the given agent application instance ID and user principal name and the scopes.
+        """Gets the agentic user token for the given agent application instance ID and agentic user Id and the scopes.
 
         :param agent_app_instance_id: The agent application instance ID.
         :type agent_app_instance_id: str
-        :param upn: The user principal name.
-        :type upn: str
+        :param agentic_user_id: The agentic user ID.
+        :type agentic_user_id: str
         :param scopes: The scopes to request for the token.
         :type scopes: list[str]
         :return: The agentic user token, or None if not found.
         :rtype: Optional[str]
         """
-        if not agent_app_instance_id or not upn:
+        if not agent_app_instance_id or not agentic_user_id:
             raise ValueError(
-                "Agent application instance Id and user principal name must be provided."
+                "Agent application instance Id and agentic user Id must be provided."
             )
 
         logger.info(
-            "Attempting to get agentic user token from agent_app_instance_id %s and upn %s",
+            "Attempting to get agentic user token from agent_app_instance_id %s and agentic_user_id %s",
             agent_app_instance_id,
-            upn,
+            agentic_user_id,
         )
         instance_token, agent_token = await self.get_agentic_instance_token(
             agent_app_instance_id
@@ -337,12 +362,12 @@ class MsalAuth(AccessTokenProviderBase):
 
         if not instance_token or not agent_token:
             logger.error(
-                "Failed to acquire instance token or agent token for agent_app_instance_id %s and upn %s",
+                "Failed to acquire instance token or agent token for agent_app_instance_id %s and agentic_user_id %s",
                 agent_app_instance_id,
-                upn,
+                agentic_user_id,
             )
             raise Exception(
-                f"Failed to acquire instance token or agent token for agent_app_instance_id {agent_app_instance_id} and upn {upn}"
+                f"Failed to acquire instance token or agent token for agent_app_instance_id {agent_app_instance_id} and agentic_user_id {agentic_user_id}"
             )
 
         authority = (
@@ -356,14 +381,17 @@ class MsalAuth(AccessTokenProviderBase):
         )
 
         logger.info(
-            "Acquiring agentic user token for agent_app_instance_id %s and upn %s",
+            "Acquiring agentic user token for agent_app_instance_id %s and agentic_user_id %s",
             agent_app_instance_id,
-            upn,
+            agentic_user_id,
         )
-        auth_result_payload = instance_app.acquire_token_for_client(
+        # MSAL in Python does not support async, so we use asyncio.to_thread to run it in
+        # a separate thread and avoid blocking the event loop
+        auth_result_payload = await _async_acquire_token_for_client(
+            instance_app,
             scopes,
             data={
-                "username": upn,
+                "user_id": agentic_user_id,
                 "user_federated_identity_credential": instance_token,
                 "grant_type": "user_fic",
             },
@@ -371,9 +399,9 @@ class MsalAuth(AccessTokenProviderBase):
 
         if not auth_result_payload:
             logger.error(
-                "Failed to acquire agentic user token for agent_app_instance_id %s and upn %s, %s",
+                "Failed to acquire agentic user token for agent_app_instance_id %s and agentic_user_id %s, %s",
                 agent_app_instance_id,
-                upn,
+                agentic_user_id,
                 auth_result_payload,
             )
             return None
@@ -381,9 +409,9 @@ class MsalAuth(AccessTokenProviderBase):
         access_token = auth_result_payload.get("access_token")
         if not access_token:
             logger.error(
-                "Failed to acquire agentic user token for agent_app_instance_id %s and upn %s, %s",
+                "Failed to acquire agentic user token for agent_app_instance_id %s and agentic_user_id %s, %s",
                 agent_app_instance_id,
-                upn,
+                agentic_user_id,
                 auth_result_payload,
             )
             return None

{microsoft_agents_authentication_msal-0.4.0.dev16 → microsoft_agents_authentication_msal-0.5.0}/microsoft_agents/authentication/msal/msal_connection_manager.py

@@ -1,3 +1,6 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
 import re
 from typing import Dict, List, Optional
 from microsoft_agents.hosting.core import (
@@ -25,7 +28,7 @@ class MsalConnectionManager(Connections):
         Initialize the MSAL connection manager.
 
         :arg connections_configurations: A dictionary of connection configurations.
-        :type connections_configurations: Dict[str, AgentAuthConfiguration]
+        :type connections_configurations: Dict[str, :class:`microsoft_agents.hosting.core.AgentAuthConfiguration`]
         :arg connections_map: A list of connection mappings.
         :type connections_map: List[Dict[str, str]]
         :raises ValueError: If no service connection configuration is provided.
@@ -61,9 +64,9 @@ class MsalConnectionManager(Connections):
         Get the OAuth connection for the agent.
 
         :arg connection_name: The name of the connection.
-        :type connection_name: str
+        :type connection_name: Optional[str]
         :return: The OAuth connection for the agent.
-        :rtype: AccessTokenProviderBase
+        :rtype: :class:`microsoft_agents.hosting.core.AccessTokenProviderBase`
         """
         # should never be None
         return self._connections.get(connection_name, None)
@@ -71,6 +74,9 @@ class MsalConnectionManager(Connections):
     def get_default_connection(self) -> AccessTokenProviderBase:
         """
         Get the default OAuth connection for the agent.
+
+        :return: The default OAuth connection for the agent.
+        :rtype: :class:`microsoft_agents.hosting.core.AccessTokenProviderBase`
         """
         # should never be None
         return self._connections.get("SERVICE_CONNECTION", None)
@@ -82,11 +88,11 @@ class MsalConnectionManager(Connections):
         Get the OAuth token provider for the agent.
 
         :arg claims_identity: The claims identity of the bot.
-        :type claims_identity: ClaimsIdentity
+        :type claims_identity: :class:`microsoft_agents.hosting.core.ClaimsIdentity`
         :arg service_url: The service URL of the bot.
         :type service_url: str
         :return: The OAuth token provider for the agent.
-        :rtype: AccessTokenProviderBase
+        :rtype: :class:`microsoft_agents.hosting.core.AccessTokenProviderBase`
         :raises ValueError: If no connection is found for the given audience and service URL.
         """
         if not claims_identity or not service_url:
@@ -127,5 +133,8 @@ class MsalConnectionManager(Connections):
     def get_default_connection_configuration(self) -> AgentAuthConfiguration:
         """
         Get the default connection configuration for the agent.
+
+        :return: The default connection configuration for the agent.
+        :rtype: :class:`microsoft_agents.hosting.core.AgentAuthConfiguration`
         """
         return self._service_connection_configuration

microsoft_agents_authentication_msal-0.5.0/microsoft_agents_authentication_msal.egg-info/PKG-INFO

@@ -0,0 +1,166 @@
+Metadata-Version: 2.4
+Name: microsoft-agents-authentication-msal
+Version: 0.5.0
+Summary: A msal-based authentication library for Microsoft Agents
+Author: Microsoft Corporation
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/microsoft/Agents
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Operating System :: OS Independent
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: microsoft-agents-hosting-core==0.5.0
+Requires-Dist: msal>=1.31.1
+Requires-Dist: requests>=2.32.3
+Requires-Dist: cryptography>=44.0.0
+Dynamic: license-file
+Dynamic: requires-dist
+
+# Microsoft Agents MSAL Authentication
+
+[![PyPI version](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/)
+
+Provides secure authentication for your agents using Microsoft Authentication Library (MSAL). It handles getting tokens from Azure AD so your agent can securely communicate with Microsoft services like Teams, Graph API, and other Azure resources.
+
+# What is this?
+
+This library is part of the **Microsoft 365 Agents SDK for Python** - a comprehensive framework for building enterprise-grade conversational AI agents. The SDK enables developers to create intelligent agents that work across multiple platforms including Microsoft Teams, M365 Copilot, Copilot Studio, and web chat, with support for third-party integrations like Slack, Facebook Messenger, and Twilio.
+
+## Release Notes
+<table style="width:100%">
+  <tr>
+    <th style="width:20%">Version</th>
+    <th style="width:20%">Date</th>
+    <th style="width:60%">Release Notes</th>
+  </tr>
+  <tr>
+    <td>0.5.0</td>
+    <td>2025-10-22</td>
+    <td>
+      <a href="https://github.com/microsoft/Agents-for-python/blob/main/changelog.md">
+        0.5.0 Release Notes
+      </a>
+    </td>
+  </tr>
+</table>
+
+## Packages Overview
+
+We offer the following PyPI packages to create conversational experiences based on Agents:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-activity` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-activity)](https://pypi.org/project/microsoft-agents-activity/) | Types and validators implementing the Activity protocol spec. |
+| `microsoft-agents-hosting-core` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-core)](https://pypi.org/project/microsoft-agents-hosting-core/) | Core library for Microsoft Agents hosting. |
+| `microsoft-agents-hosting-aiohttp` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-aiohttp)](https://pypi.org/project/microsoft-agents-hosting-aiohttp/) | Configures aiohttp to run the Agent. |
+| `microsoft-agents-hosting-teams` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-teams)](https://pypi.org/project/microsoft-agents-hosting-teams/) | Provides classes to host an Agent for Teams. |
+| `microsoft-agents-storage-blob` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-blob)](https://pypi.org/project/microsoft-agents-storage-blob/) | Extension to use Azure Blob as storage. |
+| `microsoft-agents-storage-cosmos` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-cosmos)](https://pypi.org/project/microsoft-agents-storage-cosmos/) | Extension to use CosmosDB as storage. |
+| `microsoft-agents-authentication-msal` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/) | MSAL-based authentication for Microsoft Agents. |
+
+Additionally we provide a Copilot Studio Client, to interact with Agents created in CopilotStudio:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-copilotstudio-client` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-copilotstudio-client)](https://pypi.org/project/microsoft-agents-copilotstudio-client/) | Direct to Engine client to interact with Agents created in CopilotStudio |
+
+## Installation
+
+```bash
+pip install microsoft-agents-authentication-msal
+```
+
+## Quick Start
+
+### Basic Setup with Client Secret
+
+Define your client secrets in the ENV file
+```python
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=client-id
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=client-secret
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=tenant-id
+```
+
+Load the Configuration (Code from [main.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/main.py))
+
+```python
+from .start_server import start_server
+
+start_server(
+    agent_application=AGENT_APP,
+    auth_configuration=CONNECTION_MANAGER.get_default_connection_configuration(),
+)
+```
+Then start the Agent (code snipped from (start_server.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/start_server.py)):
+
+```python
+def start_server(
+    agent_application: AgentApplication, auth_configuration: AgentAuthConfiguration
+):
+    async def entry_point(req: Request) -> Response:
+        agent: AgentApplication = req.app["agent_app"]
+        adapter: CloudAdapter = req.app["adapter"]
+        return await start_agent_process(
+            req,
+            agent,
+            adapter,
+        )
+[...]
+```
+
+## Authentication Types
+The M365 Agents SDK in Python supports the following Auth types:
+```python
+class AuthTypes(str, Enum):
+    certificate = "certificate"
+    certificate_subject_name = "CertificateSubjectName"
+    client_secret = "ClientSecret"
+    user_managed_identity = "UserManagedIdentity"
+    system_managed_identity = "SystemManagedIdentity"
+```
+
+## Key Classes
+
+- **`MsalAuth`** - Core authentication provider using MSAL
+- **`MsalConnectionManager`** - Manages multiple authentication connections
+
+## Features
+
+✅ **Multiple auth types** - Client secret, certificate, managed identity  
+✅ **Token caching** - Automatic token refresh and caching  
+✅ **Multi-tenant** - Support for different Azure AD tenants  
+✅ **Agent-to-agent** - Secure communication between agents  
+✅ **On-behalf-of** - Act on behalf of users  
+
+# Security Best Practices
+
+- Store secrets in Azure Key Vault or environment variables
+- Use managed identities when possible (no secrets to manage)
+- Regularly rotate client secrets and certificates
+- Use least-privilege principle for scopes and permissions
+
+# Quick Links
+
+- 📦 [All SDK Packages on PyPI](https://pypi.org/search/?q=microsoft-agents)
+- 📖 [Complete Documentation](https://aka.ms/agents)
+- 💡 [Python Samples Repository](https://github.com/microsoft/Agents/tree/main/samples/python)
+- 🐛 [Report Issues](https://github.com/microsoft/Agents-for-python/issues)
+
+# Sample Applications
+Explore working examples in the [Python samples repository](https://github.com/microsoft/Agents/tree/main/samples/python):
+
+|Name|Description|README|
+|----|----|----|
+|Quickstart|Simplest agent|[Quickstart](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/README.md)|
+|Auto Sign In|Simple OAuth agent using Graph and GitHub|[auto-signin](https://github.com/microsoft/Agents/blob/main/samples/python/auto-signin/README.md)|
+|OBO Authorization|OBO flow to access a Copilot Studio Agent|[obo-authorization](https://github.com/microsoft/Agents/blob/main/samples/python/obo-authorization/README.md)|
+|Semantic Kernel Integration|A weather agent built with Semantic Kernel|[semantic-kernel-multiturn](https://github.com/microsoft/Agents/blob/main/samples/python/semantic-kernel-multiturn/README.md)|
+|Streaming Agent|Streams OpenAI responses|[azure-ai-streaming](https://github.com/microsoft/Agents/blob/main/samples/python/azureai-streaming/README.md)|
+|Copilot Studio Client|Console app to consume a Copilot Studio Agent|[copilotstudio-client](https://github.com/microsoft/Agents/blob/main/samples/python/copilotstudio-client/README.md)|
+|Cards Agent|Agent that uses rich cards to enhance conversation design |[cards](https://github.com/microsoft/Agents/blob/main/samples/python/cards/README.md)|

{microsoft_agents_authentication_msal-0.4.0.dev16 → microsoft_agents_authentication_msal-0.5.0}/microsoft_agents_authentication_msal.egg-info/SOURCES.txt

@@ -1,4 +1,6 @@
+LICENSE
 pyproject.toml
+readme.md
 setup.py
 microsoft_agents/authentication/msal/__init__.py
 microsoft_agents/authentication/msal/msal_auth.py

{microsoft_agents_authentication_msal-0.4.0.dev16 → microsoft_agents_authentication_msal-0.5.0}/microsoft_agents_authentication_msal.egg-info/requires.txt

@@ -1,4 +1,4 @@
-microsoft-agents-hosting-core==0.4.0.dev16
+microsoft-agents-hosting-core==0.5.0
 msal>=1.31.1
 requests>=2.32.3
 cryptography>=44.0.0

{microsoft_agents_authentication_msal-0.4.0.dev16 → microsoft_agents_authentication_msal-0.5.0}/pyproject.toml

@@ -6,11 +6,18 @@ build-backend = "setuptools.build_meta"
 name = "microsoft-agents-authentication-msal"
 dynamic = ["version", "dependencies"]
 description = "A msal-based authentication library for Microsoft Agents"
+readme = {file = "readme.md", content-type = "text/markdown"}
 authors = [{name = "Microsoft Corporation"}]
-requires-python = ">=3.9"
+license = "MIT"
+license-files = ["LICENSE"]
+requires-python = ">=3.10"
 classifiers = [
     "Programming Language :: Python :: 3",
-    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Operating System :: OS Independent",
 ]
 

microsoft_agents_authentication_msal-0.5.0/readme.md

@@ -0,0 +1,142 @@
+# Microsoft Agents MSAL Authentication
+
+[![PyPI version](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/)
+
+Provides secure authentication for your agents using Microsoft Authentication Library (MSAL). It handles getting tokens from Azure AD so your agent can securely communicate with Microsoft services like Teams, Graph API, and other Azure resources.
+
+# What is this?
+
+This library is part of the **Microsoft 365 Agents SDK for Python** - a comprehensive framework for building enterprise-grade conversational AI agents. The SDK enables developers to create intelligent agents that work across multiple platforms including Microsoft Teams, M365 Copilot, Copilot Studio, and web chat, with support for third-party integrations like Slack, Facebook Messenger, and Twilio.
+
+## Release Notes
+<table style="width:100%">
+  <tr>
+    <th style="width:20%">Version</th>
+    <th style="width:20%">Date</th>
+    <th style="width:60%">Release Notes</th>
+  </tr>
+  <tr>
+    <td>0.5.0</td>
+    <td>2025-10-22</td>
+    <td>
+      <a href="https://github.com/microsoft/Agents-for-python/blob/main/changelog.md">
+        0.5.0 Release Notes
+      </a>
+    </td>
+  </tr>
+</table>
+
+## Packages Overview
+
+We offer the following PyPI packages to create conversational experiences based on Agents:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-activity` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-activity)](https://pypi.org/project/microsoft-agents-activity/) | Types and validators implementing the Activity protocol spec. |
+| `microsoft-agents-hosting-core` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-core)](https://pypi.org/project/microsoft-agents-hosting-core/) | Core library for Microsoft Agents hosting. |
+| `microsoft-agents-hosting-aiohttp` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-aiohttp)](https://pypi.org/project/microsoft-agents-hosting-aiohttp/) | Configures aiohttp to run the Agent. |
+| `microsoft-agents-hosting-teams` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-hosting-teams)](https://pypi.org/project/microsoft-agents-hosting-teams/) | Provides classes to host an Agent for Teams. |
+| `microsoft-agents-storage-blob` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-blob)](https://pypi.org/project/microsoft-agents-storage-blob/) | Extension to use Azure Blob as storage. |
+| `microsoft-agents-storage-cosmos` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-storage-cosmos)](https://pypi.org/project/microsoft-agents-storage-cosmos/) | Extension to use CosmosDB as storage. |
+| `microsoft-agents-authentication-msal` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-authentication-msal)](https://pypi.org/project/microsoft-agents-authentication-msal/) | MSAL-based authentication for Microsoft Agents. |
+
+Additionally we provide a Copilot Studio Client, to interact with Agents created in CopilotStudio:
+
+| Package Name | PyPI Version | Description |
+|--------------|-------------|-------------|
+| `microsoft-agents-copilotstudio-client` | [![PyPI](https://img.shields.io/pypi/v/microsoft-agents-copilotstudio-client)](https://pypi.org/project/microsoft-agents-copilotstudio-client/) | Direct to Engine client to interact with Agents created in CopilotStudio |
+
+## Installation
+
+```bash
+pip install microsoft-agents-authentication-msal
+```
+
+## Quick Start
+
+### Basic Setup with Client Secret
+
+Define your client secrets in the ENV file
+```python
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=client-id
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=client-secret
+CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=tenant-id
+```
+
+Load the Configuration (Code from [main.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/main.py))
+
+```python
+from .start_server import start_server
+
+start_server(
+    agent_application=AGENT_APP,
+    auth_configuration=CONNECTION_MANAGER.get_default_connection_configuration(),
+)
+```
+Then start the Agent (code snipped from (start_server.py Quickstart Sample](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/src/start_server.py)):
+
+```python
+def start_server(
+    agent_application: AgentApplication, auth_configuration: AgentAuthConfiguration
+):
+    async def entry_point(req: Request) -> Response:
+        agent: AgentApplication = req.app["agent_app"]
+        adapter: CloudAdapter = req.app["adapter"]
+        return await start_agent_process(
+            req,
+            agent,
+            adapter,
+        )
+[...]
+```
+
+## Authentication Types
+The M365 Agents SDK in Python supports the following Auth types:
+```python
+class AuthTypes(str, Enum):
+    certificate = "certificate"
+    certificate_subject_name = "CertificateSubjectName"
+    client_secret = "ClientSecret"
+    user_managed_identity = "UserManagedIdentity"
+    system_managed_identity = "SystemManagedIdentity"
+```
+
+## Key Classes
+
+- **`MsalAuth`** - Core authentication provider using MSAL
+- **`MsalConnectionManager`** - Manages multiple authentication connections
+
+## Features
+
+✅ **Multiple auth types** - Client secret, certificate, managed identity  
+✅ **Token caching** - Automatic token refresh and caching  
+✅ **Multi-tenant** - Support for different Azure AD tenants  
+✅ **Agent-to-agent** - Secure communication between agents  
+✅ **On-behalf-of** - Act on behalf of users  
+
+# Security Best Practices
+
+- Store secrets in Azure Key Vault or environment variables
+- Use managed identities when possible (no secrets to manage)
+- Regularly rotate client secrets and certificates
+- Use least-privilege principle for scopes and permissions
+
+# Quick Links
+
+- 📦 [All SDK Packages on PyPI](https://pypi.org/search/?q=microsoft-agents)
+- 📖 [Complete Documentation](https://aka.ms/agents)
+- 💡 [Python Samples Repository](https://github.com/microsoft/Agents/tree/main/samples/python)
+- 🐛 [Report Issues](https://github.com/microsoft/Agents-for-python/issues)
+
+# Sample Applications
+Explore working examples in the [Python samples repository](https://github.com/microsoft/Agents/tree/main/samples/python):
+
+|Name|Description|README|
+|----|----|----|
+|Quickstart|Simplest agent|[Quickstart](https://github.com/microsoft/Agents/blob/main/samples/python/quickstart/README.md)|
+|Auto Sign In|Simple OAuth agent using Graph and GitHub|[auto-signin](https://github.com/microsoft/Agents/blob/main/samples/python/auto-signin/README.md)|
+|OBO Authorization|OBO flow to access a Copilot Studio Agent|[obo-authorization](https://github.com/microsoft/Agents/blob/main/samples/python/obo-authorization/README.md)|
+|Semantic Kernel Integration|A weather agent built with Semantic Kernel|[semantic-kernel-multiturn](https://github.com/microsoft/Agents/blob/main/samples/python/semantic-kernel-multiturn/README.md)|
+|Streaming Agent|Streams OpenAI responses|[azure-ai-streaming](https://github.com/microsoft/Agents/blob/main/samples/python/azureai-streaming/README.md)|
+|Copilot Studio Client|Console app to consume a Copilot Studio Agent|[copilotstudio-client](https://github.com/microsoft/Agents/blob/main/samples/python/copilotstudio-client/README.md)|
+|Cards Agent|Agent that uses rich cards to enhance conversation design |[cards](https://github.com/microsoft/Agents/blob/main/samples/python/cards/README.md)|

microsoft_agents_authentication_msal-0.4.0.dev16/PKG-INFO

@@ -1,15 +0,0 @@
-Metadata-Version: 2.4
-Name: microsoft-agents-authentication-msal
-Version: 0.4.0.dev16
-Summary: A msal-based authentication library for Microsoft Agents
-Author: Microsoft Corporation
-Project-URL: Homepage, https://github.com/microsoft/Agents
-Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.9
-Requires-Dist: microsoft-agents-hosting-core==0.4.0.dev16
-Requires-Dist: msal>=1.31.1
-Requires-Dist: requests>=2.32.3
-Requires-Dist: cryptography>=44.0.0
-Dynamic: requires-dist

microsoft_agents_authentication_msal-0.4.0.dev16/microsoft_agents_authentication_msal.egg-info/PKG-INFO

@@ -1,15 +0,0 @@
-Metadata-Version: 2.4
-Name: microsoft-agents-authentication-msal
-Version: 0.4.0.dev16
-Summary: A msal-based authentication library for Microsoft Agents
-Author: Microsoft Corporation
-Project-URL: Homepage, https://github.com/microsoft/Agents
-Classifier: Programming Language :: Python :: 3
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Operating System :: OS Independent
-Requires-Python: >=3.9
-Requires-Dist: microsoft-agents-hosting-core==0.4.0.dev16
-Requires-Dist: msal>=1.31.1
-Requires-Dist: requests>=2.32.3
-Requires-Dist: cryptography>=44.0.0
-Dynamic: requires-dist