microsoft-agents-authentication-msal 1.1.0.dev0__tar.gz → 1.1.0.dev7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. {microsoft_agents_authentication_msal-1.1.0.dev0/microsoft_agents_authentication_msal.egg-info → microsoft_agents_authentication_msal-1.1.0.dev7}/PKG-INFO +2 -2
  2. microsoft_agents_authentication_msal-1.1.0.dev7/VERSION.txt +1 -0
  3. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/msal_auth.py +59 -2
  4. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7/microsoft_agents_authentication_msal.egg-info}/PKG-INFO +2 -2
  5. microsoft_agents_authentication_msal-1.1.0.dev7/microsoft_agents_authentication_msal.egg-info/requires.txt +3 -0
  6. microsoft_agents_authentication_msal-1.1.0.dev0/VERSION.txt +0 -1
  7. microsoft_agents_authentication_msal-1.1.0.dev0/microsoft_agents_authentication_msal.egg-info/requires.txt +0 -3
  8. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/LICENSE +0 -0
  9. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/MANIFEST.in +0 -0
  10. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/__init__.py +0 -0
  11. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/errors/__init__.py +0 -0
  12. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/errors/error_resources.py +0 -0
  13. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/msal_connection_manager.py +0 -0
  14. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents_authentication_msal.egg-info/SOURCES.txt +0 -0
  15. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents_authentication_msal.egg-info/dependency_links.txt +0 -0
  16. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents_authentication_msal.egg-info/top_level.txt +0 -0
  17. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/pyproject.toml +0 -0
  18. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/readme.md +0 -0
  19. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/setup.cfg +0 -0
  20. {microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/setup.py +0 -0
{microsoft_agents_authentication_msal-1.1.0.dev0/microsoft_agents_authentication_msal.egg-info → microsoft_agents_authentication_msal-1.1.0.dev7}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: microsoft-agents-authentication-msal
3
- Version: 1.1.0.dev0
3
+ Version: 1.1.0.dev7
4
4
  Summary: A msal-based authentication library for Microsoft Agents
5
5
  Author: Microsoft Corporation
6
6
  License-Expression: MIT
@@ -15,7 +15,7 @@ Classifier: Operating System :: OS Independent
15
15
  Requires-Python: >=3.10
16
16
  Description-Content-Type: text/markdown
17
17
  License-File: LICENSE
18
- Requires-Dist: microsoft-agents-hosting-core==1.1.0.dev0
18
+ Requires-Dist: microsoft-agents-hosting-core==1.1.0.dev7
19
19
  Requires-Dist: msal>=1.34.0
20
20
  Requires-Dist: requests>=2.32.3
21
21
  Dynamic: license-file
{microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7}/microsoft_agents/authentication/msal/msal_auth.py RENAMED
@@ -175,6 +175,35 @@ class MsalAuth(AccessTokenProviderBase):
175
175
 
176
176
  return f"https://login.microsoftonline.com/{tenant_id}"
177
177
 
178
+ @staticmethod
179
+ def _resolve_azure_region(config: AgentAuthConfiguration) -> str | None:
180
+ """Resolves the Azure regional token service (ESTS-R) to use, if configured.
181
+
182
+ Returns the configured region only when it is populated and non-whitespace,
183
+ otherwise None so that MSAL falls back to the global token service.
184
+ """
185
+ azure_region = getattr(config, "AZURE_REGION", None)
186
+ if azure_region and azure_region.strip():
187
+ return azure_region
188
+ return None
189
+
190
+ @staticmethod
191
+ def _resolve_idpm_resource(config: AgentAuthConfiguration) -> str:
192
+ """Resolves the resource URL for Identity Proxy Manager (IDPM) token acquisition.
193
+
194
+ When no resource is configured, defaults to the AzureAdTokenExchange resource.
195
+ Otherwise the configured value must be a valid absolute URI.
196
+ """
197
+ idpm_resource = getattr(config, "IDPM_RESOURCE", None)
198
+ if not idpm_resource:
199
+ return "api://AzureAdTokenExchange/.default"
200
+
201
+ valid_uri, _ = MsalAuth._uri_validator(idpm_resource)
202
+ if not valid_uri:
203
+ raise ValueError("IDPM_RESOURCE must be a valid absolute URI")
204
+
205
+ return idpm_resource
206
+
178
207
  @staticmethod
179
208
  def _resolve_tenant_id(
180
209
  config: AgentAuthConfiguration, tenant_id: str | None = None
@@ -194,7 +223,10 @@ class MsalAuth(AccessTokenProviderBase):
194
223
  self, tenant_id: str | None = None
195
224
  ) -> ConfidentialClientApplication | ManagedIdentityClient:
196
225
 
197
- if self._msal_configuration.AUTH_TYPE == AuthTypes.user_managed_identity:
226
+ if self._msal_configuration.AUTH_TYPE in (
227
+ AuthTypes.user_managed_identity,
228
+ AuthTypes.identity_proxy_manager,
229
+ ):
198
230
  return ManagedIdentityClient(
199
231
  UserAssignedManagedIdentity(
200
232
  client_id=self._msal_configuration.CLIENT_ID
@@ -253,6 +285,7 @@ class MsalAuth(AccessTokenProviderBase):
253
285
  client_id=self._msal_configuration.CLIENT_ID,
254
286
  authority=authority,
255
287
  client_credential=client_credential,
288
+ azure_region=MsalAuth._resolve_azure_region(self._msal_configuration),
256
289
  )
257
290
 
258
291
  def _client_rep(
@@ -335,7 +368,29 @@ class MsalAuth(AccessTokenProviderBase):
335
368
  if auth_result_payload:
336
369
  return auth_result_payload.get("access_token")
337
370
 
338
- return None
371
+ return None
372
+
373
+ if (
374
+ self._msal_configuration.AUTH_TYPE == AuthTypes.identity_proxy_manager
375
+ and isinstance(msal_auth_client, ManagedIdentityClient)
376
+ ):
377
+ resource = MsalAuth._resolve_idpm_resource(self._msal_configuration)
378
+ logger.info(
379
+ "Acquiring agentic application token using Identity Proxy Manager for resource %s",
380
+ resource,
381
+ )
382
+ auth_result_payload = await _async_acquire_token_for_client(
383
+ msal_auth_client, resource=resource
384
+ )
385
+
386
+ if auth_result_payload:
387
+ return auth_result_payload.get("access_token")
388
+
389
+ return None
390
+
391
+ raise RuntimeError(
392
+ "Agentic token acquisition supports ConfidentialClientApplication, or ManagedIdentityClient when AUTH_TYPE is AuthTypes.identity_proxy_manager."
393
+ )
339
394
 
340
395
  async def get_agentic_instance_token(
341
396
  self, tenant_id: str, agent_app_instance_id: str
@@ -379,6 +434,7 @@ class MsalAuth(AccessTokenProviderBase):
379
434
  client_id=agent_app_instance_id,
380
435
  authority=authority,
381
436
  client_credential={"client_assertion": agent_token_result},
437
+ azure_region=MsalAuth._resolve_azure_region(self._msal_configuration),
382
438
  # token_cache=self._token_cache,
383
439
  )
384
440
 
@@ -474,6 +530,7 @@ class MsalAuth(AccessTokenProviderBase):
474
530
  client_id=agent_app_instance_id,
475
531
  authority=authority,
476
532
  client_credential={"client_assertion": agent_token},
533
+ azure_region=MsalAuth._resolve_azure_region(self._msal_configuration),
477
534
  # token_cache=self._token_cache,
478
535
  )
479
536
 
{microsoft_agents_authentication_msal-1.1.0.dev0 → microsoft_agents_authentication_msal-1.1.0.dev7/microsoft_agents_authentication_msal.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: microsoft-agents-authentication-msal
3
- Version: 1.1.0.dev0
3
+ Version: 1.1.0.dev7
4
4
  Summary: A msal-based authentication library for Microsoft Agents
5
5
  Author: Microsoft Corporation
6
6
  License-Expression: MIT
@@ -15,7 +15,7 @@ Classifier: Operating System :: OS Independent
15
15
  Requires-Python: >=3.10
16
16
  Description-Content-Type: text/markdown
17
17
  License-File: LICENSE
18
- Requires-Dist: microsoft-agents-hosting-core==1.1.0.dev0
18
+ Requires-Dist: microsoft-agents-hosting-core==1.1.0.dev7
19
19
  Requires-Dist: msal>=1.34.0
20
20
  Requires-Dist: requests>=2.32.3
21
21
  Dynamic: license-file
microsoft_agents_authentication_msal-1.1.0.dev7/microsoft_agents_authentication_msal.egg-info/requires.txt ADDED
@@ -0,0 +1,3 @@
1
+ microsoft-agents-hosting-core==1.1.0.dev7
2
+ msal>=1.34.0
3
+ requests>=2.32.3
microsoft_agents_authentication_msal-1.1.0.dev0/VERSION.txt DELETED
@@ -1 +0,0 @@
1
- 1.1.0.dev0
microsoft_agents_authentication_msal-1.1.0.dev0/microsoft_agents_authentication_msal.egg-info/requires.txt DELETED
@@ -1,3 +0,0 @@
1
- microsoft-agents-hosting-core==1.1.0.dev0
2
- msal>=1.34.0
3
- requests>=2.32.3