Thread BotRequestContext through Apps API clients and OAuth flows#589
Draft
heyitsaamir wants to merge 6 commits into
Draft
Thread BotRequestContext through Apps API clients and OAuth flows#589heyitsaamir wants to merge 6 commits into
heyitsaamir wants to merge 6 commits into
Conversation
Derive inbound bot app id from recipient botId and use recipient agentic identity for BotBuilder compat defaults. Preserve botId through channel account mapping and add focused tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR propagates BotRequestContext (agentic identity + bot app id) from inbound activities through the Microsoft.Teams.Apps API surface down into core UserTokenClient and OAuth flows, enabling per-request authentication scoping/overrides without relying on ambient state.
Changes:
- Add
BotRequestContext?overloads acrossMicrosoft.Teams.Core.UserTokenClientoperations and stamp the request context intoBotRequestOptions. - Extend
ApiClientwith default request-context scoping (ForRequestContext,ForActivity) and thread that context through Apps sub-clients. - Update OAuth flow and tests/integration tests to use the new request-context threading and revised method signatures.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| core/src/Microsoft.Teams.Core/UserTokenClient.cs | Adds BotRequestContext? overloads and passes request context into request options for token/sign-in operations. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ApiClient.cs | Introduces default request context on ApiClient and adds ForRequestContext / ForActivity scoping. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs | Threads a scoped default request context into conversation sub-clients and adds a BotRequestContext? create overload. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ActivityClient.cs | Adds request-context override overloads for non-targeted activity create/update/reply and merges scoped context into calls. |
| core/src/Microsoft.Teams.Apps/Api/Clients/MemberClient.cs | Threads scoped request context into member operations by merging with per-call agentic identity. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ReactionClient.cs | Threads scoped request context into reaction operations by merging with per-call agentic identity. |
| core/src/Microsoft.Teams.Apps/Api/Clients/TeamClient.cs | Stores scoped default request context and merges it into per-call options. |
| core/src/Microsoft.Teams.Apps/Api/Clients/MeetingClient.cs | Stores scoped default request context and merges it into per-call options. |
| core/src/Microsoft.Teams.Apps/Api/Clients/UserTokenApiClient.cs | Stores scoped default request context and merges it with per-call agentic identity for user-token calls. |
| core/src/Microsoft.Teams.Apps/OAuth/OAuthFlow.cs | Derives inbound BotRequestContext from the activity and forwards it to underlying user-token calls. |
| core/src/Microsoft.Teams.Apps/Context.cs | Switches Context.Api to scope via ApiClient.ForActivity(Activity) to flow inbound request context automatically. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsChannelAccount.cs | Preserves BotId when converting from ChannelAccount. |
| core/test/Microsoft.Teams.Core.UnitTests/UserTokenClientTests.cs | Adds a unit test validating that agentic identity is stamped into HttpRequestMessage.Options. |
| core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTests.cs | Updates mocks to match new user-token client signatures that accept BotRequestContext?. |
| core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTelemetryTests.cs | Updates telemetry tests’ mocks for the new BotRequestContext? signatures. |
| core/test/Microsoft.Teams.Apps.UnitTests/ApiClientAgenticIdentityTests.cs | Adds coverage for context-scoped user-token calls and BotId preservation. |
| core/test/IntegrationTests/IntegrationTestFixture.cs | Scopes integration ApiClient with request context derived from fixture AgenticIdentity. |
| core/test/IntegrationTests/ApiClientTests.cs | Removes skips for user-token scenarios now that agentic identity/request context is supported. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
singhk97
previously approved these changes
Jul 6, 2026
Standard (non-agentic) inbound activities do not populate Recipient.BotId, so deriving BotAppId solely from BotId incorrectly yielded null. Fall back to Recipient.Id, which carries the Teams-style "28:<appId>" value that NormalizeAppId strips. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
7fa48e8 to
411bbfd
Compare
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
411bbfd to
74792ac
Compare
Removes the AgenticIdentity? convenience overloads from UserTokenClient so each operation exposes just the original overload plus a BotRequestContext? overload. Callers holding an AgenticIdentity convert via the public BotRequestContext.FromAgenticIdentity(...). Test updated to exercise the BotRequestContext overload directly. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
74792ac to
5506147
Compare
Base automatically changed from
heyitsaamir-heyitsaamir-usertoken-core-overloads
to
heyitsaamir-agentic-identity-defaults
July 6, 2026 19:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Threads
BotRequestContextthrough the Apps-layer API clients and OAuth flows so agentic identity / request context flows end-to-end from an inbound activity to outbound Teams API calls.Stack
This PR is based on #591 and depends on both #587 and #591. It contains no Core changes — those live in #587 and #591.
What's in this PR (Apps only)
ApiClient:ForServiceUrl(Uri)is URL-only; newForRequestContext(BotRequestContext?)andForActivity(TeamsActivity)(chains both) carry request context onto derived clients.Context.Apinow usesForActivity(Activity)so the ambient request context is scoped to the inbound activity.BotRequestContext?throughActivityClient,ConversationApiClient,MeetingClient,MemberClient,ReactionClient,TeamClient,UserTokenApiClient.OAuthFlowhelpers forward the nullablerequestContextdirectly to theUserTokenClientrequest-context overloads (from Add BotRequestContext overloads to UserTokenClient #591).TeamsChannelAccountsurfacesBotId(relies onChannelAccount.BotIdfrom Use recipient agentic identity defaults #587).Open question
Should these APIs accept
BotRequestContextdirectly instead ofAgenticIdentity, even though that's a breaking change? Feedback welcome before this comes out of draft.Testing