microsoft-agents-hosting-core 0.7.0.dev10__tar.gz → 0.7.0.dev16__tar.gz

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: microsoft-agents-hosting-core
-Version: 0.7.0.dev10
+Version: 0.7.0.dev16
 Summary: Core library for Microsoft Agents
 Author: Microsoft Corporation
 License-Expression: MIT
@@ -15,7 +15,7 @@ Classifier: Operating System :: OS Independent
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: microsoft-agents-activity==0.7.0.dev10
+Requires-Dist: microsoft-agents-activity==0.7.0.dev16
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: isodate>=0.6.1
 Requires-Dist: azure-core>=1.30.0

microsoft_agents_hosting_core-0.7.0.dev16/VERSION.txt

@@ -0,0 +1 @@
+0.7.0.dev16

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/__init__.py

@@ -101,7 +101,6 @@ from .storage.memory_storage import MemoryStorage
 # Error Resources
 from .errors import error_resources, ErrorMessage, ErrorResources
 
-
 # Define the package's public interface
 __all__ = [
     "ActivityHandler",

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/app/agent_application.py

@@ -120,11 +120,9 @@ class AgentApplication(Agent, Generic[StateT]):
                 "ApplicationOptions.storage is required and was not configured.",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The `ApplicationOptions.storage` property is required and was not configured.
-                """
-            )
+                """)
 
         if options.long_running_messages and (
             not options.adapter or not options.bot_app_id
@@ -133,12 +131,10 @@ class AgentApplication(Agent, Generic[StateT]):
                 "ApplicationOptions.long_running_messages requires an adapter and bot_app_id.",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The `ApplicationOptions.long_running_messages` property is unavailable because 
                 no adapter or `bot_app_id` was configured.
-                """
-            )
+                """)
 
         if options.adapter:
             self._adapter = options.adapter
@@ -180,12 +176,10 @@ class AgentApplication(Agent, Generic[StateT]):
                 "AgentApplication.adapter(): self._adapter is not configured.",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The AgentApplication.adapter property is unavailable because it was 
                 not configured when creating the AgentApplication.
-                """
-            )
+                """)
 
         return self._adapter
 
@@ -203,12 +197,10 @@ class AgentApplication(Agent, Generic[StateT]):
                 "AgentApplication.auth(): self._auth is not configured.",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The `AgentApplication.auth` property is unavailable because
                 no Auth options were configured.
-                """
-            )
+                """)
 
         return self._auth
 
@@ -592,12 +584,10 @@ class AgentApplication(Agent, Generic[StateT]):
                 f"Failed to register sign-in success handler for route handler {func.__name__}",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The `AgentApplication.on_sign_in_success` method is unavailable because
                 no Auth options were configured.
-                """
-            )
+                """)
         return func
 
     def on_sign_in_failure(
@@ -628,12 +618,10 @@ class AgentApplication(Agent, Generic[StateT]):
                 f"Failed to register sign-in failure handler for route handler {func.__name__}",
                 stack_info=True,
             )
-            raise ApplicationError(
-                """
+            raise ApplicationError("""
                 The `AgentApplication.on_sign_in_failure` method is unavailable because
                 no Auth options were configured.
-                """
-            )
+                """)
         return func
 
     def error(

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/app/oauth/__init__.py

@@ -9,6 +9,7 @@ from ._sign_in_response import _SignInResponse
 from ._handlers import (
     _UserAuthorization,
     AgenticUserAuthorization,
+    ConnectorUserAuthorization,
     _AuthorizationHandler,
 )
 
@@ -20,4 +21,5 @@ __all__ = [
     "_SignInResponse",
     "_UserAuthorization",
     "AgenticUserAuthorization",
+    "ConnectorUserAuthorization",
 ]

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/app/oauth/_handlers/__init__.py

@@ -4,11 +4,13 @@ Licensed under the MIT License.
 """
 
 from .agentic_user_authorization import AgenticUserAuthorization
+from .connector_user_authorization import ConnectorUserAuthorization
 from ._user_authorization import _UserAuthorization
 from ._authorization_handler import _AuthorizationHandler
 
 __all__ = [
     "AgenticUserAuthorization",
+    "ConnectorUserAuthorization",
     "_UserAuthorization",
     "_AuthorizationHandler",
 ]

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/app/oauth/_handlers/agentic_user_authorization.py

@@ -75,7 +75,7 @@ class AgenticUserAuthorization(_AuthorizationHandler):
         agentic_instance_id = context.activity.get_agentic_instance_id()
         assert agentic_instance_id
         instance_token, _ = await connection.get_agentic_instance_token(
-            agentic_instance_id
+            context.activity.get_agentic_tenant_id(), agentic_instance_id
         )
         return (
             TokenResponse(token=instance_token) if instance_token else TokenResponse()
@@ -131,7 +131,10 @@ class AgenticUserAuthorization(_AuthorizationHandler):
             )
 
         token = await connection.get_agentic_user_token(
-            agentic_instance_id, agentic_user_id, scopes
+            context.activity.get_agentic_tenant_id(),
+            agentic_instance_id,
+            agentic_user_id,
+            scopes,
         )
         return TokenResponse(token=token) if token else TokenResponse()
 

microsoft_agents_hosting_core-0.7.0.dev16/microsoft_agents/hosting/core/app/oauth/_handlers/connector_user_authorization.py

@@ -0,0 +1,240 @@
+"""
+Copyright (c) Microsoft Corporation. All rights reserved.
+Licensed under the MIT License.
+"""
+
+import logging
+import jwt
+from datetime import datetime, timezone
+from typing import Optional
+
+from microsoft_agents.activity import TokenResponse
+from microsoft_agents.hosting.core.errors import ErrorResources
+
+from ...._oauth._flow_state import _FlowStateTag
+from ....turn_context import TurnContext
+from ....storage import Storage
+from ....authorization import Connections
+from ..auth_handler import AuthHandler
+from ._authorization_handler import _AuthorizationHandler
+from .._sign_in_response import _SignInResponse
+
+logger = logging.getLogger(__name__)
+
+
+class ConnectorUserAuthorization(_AuthorizationHandler):
+    """
+    User Authorization handling for Copilot Studio Connector requests.
+    Extracts token from the identity and performs OBO token exchange.
+    """
+
+    def __init__(
+        self,
+        storage: Storage,
+        connection_manager: Connections,
+        auth_handler: Optional[AuthHandler] = None,
+        *,
+        auth_handler_id: Optional[str] = None,
+        auth_handler_settings: Optional[dict] = None,
+        **kwargs,
+    ) -> None:
+        """
+        Creates a new instance of ConnectorUserAuthorization.
+
+        :param storage: The storage system to use for state management.
+        :type storage: Storage
+        :param connection_manager: The connection manager for OAuth providers.
+        :type connection_manager: Connections
+        :param auth_handler: Configuration for OAuth provider.
+        :type auth_handler: AuthHandler, Optional
+        :param auth_handler_id: Optional ID of the auth handler.
+        :type auth_handler_id: str, Optional
+        :param auth_handler_settings: Optional settings dict for the auth handler.
+        :type auth_handler_settings: dict, Optional
+        """
+        super().__init__(
+            storage,
+            connection_manager,
+            auth_handler,
+            auth_handler_id=auth_handler_id,
+            auth_handler_settings=auth_handler_settings,
+            **kwargs,
+        )
+
+    async def _sign_in(
+        self,
+        context: TurnContext,
+        exchange_connection: Optional[str] = None,
+        exchange_scopes: Optional[list[str]] = None,
+    ) -> _SignInResponse:
+        """
+        For connector requests, there is no separate sign-in flow.
+        The token is extracted from the identity.
+
+        :param context: The turn context for the current turn of conversation.
+        :type context: TurnContext
+        :param exchange_connection: Optional connection name for token exchange.
+        :type exchange_connection: Optional[str]
+        :param exchange_scopes: Optional list of scopes (unused for connector auth).
+        :type exchange_scopes: Optional[list[str]]
+        :return: A SignInResponse with the extracted token.
+        :rtype: _SignInResponse
+        """
+        # Connector auth uses the token from the request, not a separate sign-in flow
+        token_response = await self.get_refreshed_token(context)
+        return _SignInResponse(
+            token_response=token_response, tag=_FlowStateTag.COMPLETE
+        )
+
+    async def get_refreshed_token(
+        self,
+        context: TurnContext,
+        exchange_connection: Optional[str] = None,
+        exchange_scopes: Optional[list[str]] = None,
+    ) -> TokenResponse:
+        """
+        Gets the connector user token and optionally exchanges it via OBO.
+
+        :param context: The turn context for the current turn of conversation.
+        :type context: TurnContext
+        :param exchange_connection: Optional name of the connection to use for token exchange.
+        :type exchange_connection: Optional[str], Optional
+        :param exchange_scopes: Optional list of scopes to request during token exchange.
+        :type exchange_scopes: Optional[list[str]], Optional
+        :return: The token response, potentially after OBO exchange.
+        :rtype: TokenResponse
+        """
+        token_response = self._create_token_response(context)
+
+        # Check if token is expired
+        if token_response.expiration:
+            try:
+                # Parse ISO 8601 format
+                expiration = datetime.fromisoformat(
+                    token_response.expiration.replace("Z", "+00:00")
+                )
+                if expiration <= datetime.now(timezone.utc):
+                    raise ValueError(
+                        f"Unexpected connector token expiration for handler: {self._id}"
+                    )
+            except (ValueError, AttributeError) as ex:
+                logger.error(
+                    f"Error checking token expiration for handler {self._id}: {ex}"
+                )
+                raise
+
+        # Perform OBO exchange if configured
+        try:
+            return await self._handle_obo(
+                context, token_response, exchange_connection, exchange_scopes
+            )
+        except Exception:
+            await self._sign_out(context)
+            raise
+
+    async def _sign_out(self, context: TurnContext) -> None:
+        """
+        Sign-out is a no-op for connector authorization.
+
+        :param context: The turn context for the current turn of conversation.
+        :type context: TurnContext
+        """
+        # No concept of sign-out with ConnectorAuth
+        logger.debug("Sign-out called for ConnectorUserAuthorization (no-op)")
+
+    async def _handle_obo(
+        self,
+        context: TurnContext,
+        input_token_response: TokenResponse,
+        exchange_connection: Optional[str] = None,
+        exchange_scopes: Optional[list[str]] = None,
+    ) -> TokenResponse:
+        """
+        Exchanges a token for another token with different scopes via OBO flow.
+
+        :param context: The context object for the current turn.
+        :type context: TurnContext
+        :param input_token_response: The input token to exchange.
+        :type input_token_response: TokenResponse
+        :param exchange_connection: Optional connection name for exchange.
+        :type exchange_connection: Optional[str]
+        :param exchange_scopes: Optional scopes for the exchanged token.
+        :type exchange_scopes: Optional[list[str]]
+        :return: The token response after exchange, or the original if exchange not configured.
+        :rtype: TokenResponse
+        """
+        if not input_token_response:
+            return input_token_response
+
+        connection_name = exchange_connection or self._handler.obo_connection_name
+        scopes = exchange_scopes or self._handler.scopes
+
+        # If OBO is not configured, return token as-is
+        if not connection_name or not scopes:
+            return input_token_response
+
+        # Check if token is exchangeable
+        if not input_token_response.is_exchangeable():
+            raise ValueError(
+                str(ErrorResources.OboNotExchangeableToken.format(self._id))
+            )
+
+        # Get the connection that supports OBO
+        token_provider = self._connection_manager.get_connection(connection_name)
+        if not token_provider:
+            raise ValueError(
+                str(
+                    ErrorResources.ResourceNotFound.format(
+                        f"Connection '{connection_name}'"
+                    )
+                )
+            )
+
+        # Perform the OBO exchange
+        # Note: In Python, the acquire_token_on_behalf_of method is on the AccessTokenProviderBase
+        token = await token_provider.acquire_token_on_behalf_of(
+            scopes=scopes,
+            user_assertion=input_token_response.token,
+        )
+        return TokenResponse(token=token) if token else None
+
+    def _create_token_response(self, context: TurnContext) -> TokenResponse:
+        """
+        Creates a TokenResponse from the security token in the turn context identity.
+
+        :param context: The turn context for the current turn of conversation.
+        :type context: TurnContext
+        :return: A TokenResponse containing the extracted token.
+        :rtype: TokenResponse
+        :raises ValueError: If the identity doesn't have a security token.
+        """
+        if not context.identity or not hasattr(context.identity, "security_token"):
+            raise ValueError(
+                f"Unexpected connector request - no security token found for handler: {self._id}"
+            )
+
+        security_token = context.identity.security_token
+        if not security_token:
+            raise ValueError(
+                f"Unexpected connector request - security token is None for handler: {self._id}"
+            )
+
+        token_response = TokenResponse(token=security_token)
+
+        # Try to extract expiration and check if exchangeable
+        try:
+            # TODO: (connector) validate this decoding
+            jwt_token = jwt.decode(security_token, options={"verify_signature": False})
+
+            # Set expiration if present
+            if "exp" in jwt_token:
+                # JWT exp is in Unix timestamp (seconds since epoch)
+                expiration = datetime.fromtimestamp(jwt_token["exp"], tz=timezone.utc)
+                # Convert to ISO 8601 format
+                token_response.expiration = expiration.isoformat()
+
+        except Exception as ex:
+            logger.warning(f"Failed to parse JWT token for handler {self._id}: {ex}")
+            raise ex
+
+        return token_response

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/app/oauth/authorization.py

@@ -20,6 +20,7 @@ from ._sign_in_state import _SignInState
 from ._sign_in_response import _SignInResponse
 from ._handlers import (
     AgenticUserAuthorization,
+    ConnectorUserAuthorization,
     _UserAuthorization,
     _AuthorizationHandler,
 )
@@ -29,6 +30,7 @@ logger = logging.getLogger(__name__)
 AUTHORIZATION_TYPE_MAP = {
     "userauthorization": _UserAuthorization,
     "agenticuserauthorization": AgenticUserAuthorization,
+    "connectoruserauthorization": ConnectorUserAuthorization,
 }
 
 
@@ -44,7 +46,7 @@ class Authorization:
         storage: Storage,
         connection_manager: Connections,
         auth_handlers: Optional[dict[str, AuthHandler]] = None,
-        auto_signin: bool = False,
+        auto_sign_in: bool = False,
         use_cache: bool = False,
         **kwargs,
     ):
@@ -77,21 +79,26 @@ class Authorization:
 
         self._handlers = {}
 
+        auth_configuration: dict = kwargs.get("AGENTAPPLICATION", {}).get(
+            "USERAUTHORIZATION", {}
+        )
         if not auth_handlers:
             # get from config
-            auth_configuration: dict = kwargs.get("AGENTAPPLICATION", {}).get(
-                "USERAUTHORIZATION", {}
-            )
             handlers_config: dict[str, dict] = auth_configuration.get("HANDLERS")
             if not auth_handlers and handlers_config:
                 auth_handlers = {
                     handler_name: AuthHandler(
-                        name=handler_name, **config.get("SETTINGS", {})
+                        name=handler_name,
+                        auth_type=config.get("TYPE", None),
+                        **config.get("SETTINGS", {}),
                     )
                     for handler_name, config in handlers_config.items()
                 }
 
         self._handler_settings = auth_handlers
+        self._auto_sign_in = auto_sign_in or bool(
+            auth_configuration.get("AUTO_SIGN_IN", False)
+        )
 
         # operations default to the first handler if none specified
         if self._handler_settings:
@@ -296,13 +303,16 @@ class Authorization:
         """
         sign_in_state = await self._load_sign_in_state(context)
 
-        if sign_in_state:
-            auth_handler_id = sign_in_state.active_handler_id
-            if auth_handler_id:
+        if sign_in_state or self._auto_sign_in:
+            auth_handler_id = sign_in_state.active_handler_id if sign_in_state else None
+            if auth_handler_id or self._auto_sign_in:
                 sign_in_response = await self._start_or_continue_sign_in(
                     context, state, auth_handler_id
                 )
                 if sign_in_response.tag == _FlowStateTag.COMPLETE:
+                    if not sign_in_state:
+                        # flow just completed, no continuation activity
+                        return False, None
                     assert sign_in_state.continuation_activity is not None
                     continuation_activity = (
                         sign_in_state.continuation_activity.model_copy()

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/authorization/access_token_provider_base.py

@@ -33,16 +33,20 @@ class AccessTokenProviderBase(Protocol):
         raise NotImplementedError()
 
     async def get_agentic_application_token(
-        self, agent_app_instance_id: str
+        self, tenant_id: str, agent_app_instance_id: str
     ) -> Optional[str]:
         raise NotImplementedError()
 
     async def get_agentic_instance_token(
-        self, agent_app_instance_id: str
+        self, tenant_id: str, agent_app_instance_id: str
     ) -> tuple[str, str]:
         raise NotImplementedError()
 
     async def get_agentic_user_token(
-        self, agent_app_instance_id: str, agentic_user_id: str, scopes: list[str]
+        self,
+        tenant_id: str,
+        agent_app_instance_id: str,
+        agentic_user_id: str,
+        scopes: list[str],
     ) -> Optional[str]:
         raise NotImplementedError()

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py

@@ -1,6 +1,7 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
+from __future__ import annotations
 from typing import Optional
 
 from microsoft_agents.hosting.core.authorization.auth_types import AuthTypes
@@ -32,6 +33,16 @@ class AgentAuthConfiguration:
     SCOPES: Optional[list[str]]
     AUTHORITY: Optional[str]
     ALT_BLUEPRINT_ID: Optional[str]
+    ANONYMOUS_ALLOWED: bool = False
+
+    # Multi-connection support: Maintains a map of all configured connections
+    # to enable JWT validation across connections. This allows tokens issued
+    # for any configured connection to be validated, supporting multi-tenant
+    # scenarios where connections share a security boundary.
+    #
+    # Note: This is an internal implementation detail. External code should
+    # not directly access _connections.
+    _connections: dict[str, AgentAuthConfiguration]
 
     def __init__(
         self,
@@ -44,6 +55,7 @@ class AgentAuthConfiguration:
         connection_name: Optional[str] = None,
         authority: Optional[str] = None,
         scopes: Optional[list[str]] = None,
+        anonymous_allowed: bool = False,
         **kwargs: Optional[dict[str, str]],
     ):
 
@@ -57,6 +69,12 @@ class AgentAuthConfiguration:
         self.CONNECTION_NAME = connection_name or kwargs.get("CONNECTIONNAME", None)
         self.SCOPES = scopes or kwargs.get("SCOPES", None)
         self.ALT_BLUEPRINT_ID = kwargs.get("ALT_BLUEPRINT_NAME", None)
+        self.ANONYMOUS_ALLOWED = anonymous_allowed or kwargs.get(
+            "ANONYMOUS_ALLOWED", False
+        )
+
+        # JWT-patch: always at least include self for backward compat
+        self._connections = {str(self.CONNECTION_NAME): self}
 
     @property
     def ISSUERS(self) -> list[str]:
@@ -68,3 +86,14 @@ class AgentAuthConfiguration:
             f"https://sts.windows.net/{self.TENANT_ID}/",
             f"https://login.microsoftonline.com/{self.TENANT_ID}/v2.0",
         ]
+
+    def _jwt_patch_is_valid_aud(self, aud: str) -> bool:
+        """
+        JWT-patch: Checks if the given audience is valid for any of the connections.
+        """
+        for conn in self._connections.values():
+            if not conn.CLIENT_ID:
+                continue
+            if aud.lower() == conn.CLIENT_ID.lower():
+                return True
+        return False

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/authorization/anonymous_token_provider.py

@@ -23,16 +23,20 @@ class AnonymousTokenProvider(AccessTokenProviderBase):
         return ""
 
     async def get_agentic_application_token(
-        self, agent_app_instance_id: str
+        self, tenant_id: str, agent_app_instance_id: str
     ) -> Optional[str]:
         return ""
 
     async def get_agentic_instance_token(
-        self, agent_app_instance_id: str
+        self, tenant_id: str, agent_app_instance_id: str
     ) -> tuple[str, str]:
         return "", ""
 
     async def get_agentic_user_token(
-        self, agent_app_instance_id: str, agentic_user_id: str, scopes: list[str]
+        self,
+        tenant_id: str,
+        agent_app_instance_id: str,
+        agentic_user_id: str,
+        scopes: list[str],
     ) -> Optional[str]:
         return ""

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/authorization/claims_identity.py

@@ -11,10 +11,12 @@ class ClaimsIdentity:
         claims: dict[str, str],
         is_authenticated: bool,
         authentication_type: Optional[str] = None,
+        security_token: Optional[str] = None,
     ):
         self.claims = claims
         self.is_authenticated = is_authenticated
         self.authentication_type = authentication_type
+        self.security_token = security_token
 
     def get_claim_value(self, claim_type: str) -> Optional[str]:
         return self.claims.get(claim_type)
@@ -83,3 +85,17 @@ class ClaimsIdentity:
             if self.is_agent_claim()
             else AuthenticationConstants.AGENTS_SDK_SCOPE
         )
+
+    def get_token_scope(self) -> list[str]:
+        """
+        Gets the token scope from current claims.
+
+        :return: The token scope.
+        """
+        return [
+            (
+                f"{self.get_outgoing_app_id()}/.default"
+                if self.is_agent_claim()
+                else AuthenticationConstants.AGENTS_SDK_SCOPE + "/.default"
+            )
+        ]

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/authorization/jwt_token_validator.py

@@ -28,13 +28,13 @@ class JwtTokenValidator:
             leeway=300.0,
             options={"verify_aud": False},
         )
-        if decoded_token["aud"] != self.configuration.CLIENT_ID:
+        if not self.configuration._jwt_patch_is_valid_aud(decoded_token["aud"]):
             logger.error(f"Invalid audience: {decoded_token['aud']}", stack_info=True)
             raise ValueError("Invalid audience.")
 
         # This probably should return a ClaimsIdentity
         logger.debug("JWT token validated successfully.")
-        return ClaimsIdentity(decoded_token, True)
+        return ClaimsIdentity(decoded_token, True, security_token=token)
 
     def get_anonymous_claims(self) -> ClaimsIdentity:
         logger.debug("Returning anonymous claims identity.")

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/channel_service_adapter.py

@@ -381,16 +381,14 @@ class ChannelServiceAdapter(ChannelAdapter, ABC):
             If the task completes successfully, then an :class:`microsoft_agents.activity.InvokeResponse` is returned;
             otherwise, `None` is returned.
         """
-        scopes: list[str] = None
+        scopes: list[str] = claims_identity.get_token_scope()
         outgoing_audience: str = None
 
         if claims_identity.is_agent_claim():
             outgoing_audience = claims_identity.get_token_audience()
-            scopes = [f"{claims_identity.get_outgoing_app_id()}/.default"]
             activity.caller_id = f"{CallerIdConstants.agent_to_agent_prefix}{claims_identity.get_outgoing_app_id()}"
         else:
             outgoing_audience = AuthenticationConstants.AGENTS_SDK_SCOPE
-            scopes = [f"{AuthenticationConstants.AGENTS_SDK_SCOPE}/.default"]
 
         use_anonymous_auth_callback = False
         if (

{microsoft_agents_hosting_core-0.7.0.dev10 → microsoft_agents_hosting_core-0.7.0.dev16}/microsoft_agents/hosting/core/connector/__init__.py

@@ -9,11 +9,15 @@ from .client.user_token_client import UserTokenClient
 # Teams API
 from .teams.teams_connector_client import TeamsConnectorClient
 
+# MCS API
+from .mcs.mcs_connector_client import MCSConnectorClient
+
 __all__ = [
     "ConnectorClient",
     "UserTokenClient",
     "UserTokenClientBase",
     "TeamsConnectorClient",
+    "MCSConnectorClient",
     "ConnectorClientBase",
     "get_product_info",
 ]