Skip to content

Thread BotRequestContext through Apps API clients and OAuth flows#589

Draft
heyitsaamir wants to merge 6 commits into
mainfrom
heyitsaamir-usertoken-agentic-defaults
Draft

Thread BotRequestContext through Apps API clients and OAuth flows#589
heyitsaamir wants to merge 6 commits into
mainfrom
heyitsaamir-usertoken-agentic-defaults

Conversation

@heyitsaamir

@heyitsaamir heyitsaamir commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

Threads BotRequestContext through the Apps-layer API clients and OAuth flows so agentic identity / request context flows end-to-end from an inbound activity to outbound Teams API calls.

Draft / deferred. This is the Apps-only top of a stack. It is intentionally held as a draft until the lower layers land.

Stack

main
 └─ #587  Use recipient agentic identity defaults (Core inbound identity)
     └─ #591  Add BotRequestContext overloads to UserTokenClient (Core)
         └─ #589  ← this PR (Apps API clients + OAuth flows)

This PR is based on #591 and depends on both #587 and #591. It contains no Core changes — those live in #587 and #591.

What's in this PR (Apps only)

  • ApiClient: ForServiceUrl(Uri) is URL-only; new ForRequestContext(BotRequestContext?) and ForActivity(TeamsActivity) (chains both) carry request context onto derived clients.
  • Context.Api now uses ForActivity(Activity) so the ambient request context is scoped to the inbound activity.
  • Per-client threading of BotRequestContext? through ActivityClient, ConversationApiClient, MeetingClient, MemberClient, ReactionClient, TeamClient, UserTokenApiClient.
  • OAuthFlow helpers forward the nullable requestContext directly to the UserTokenClient request-context overloads (from Add BotRequestContext overloads to UserTokenClient #591).
  • TeamsChannelAccount surfaces BotId (relies on ChannelAccount.BotId from Use recipient agentic identity defaults #587).

Open question

Should these APIs accept BotRequestContext directly instead of AgenticIdentity, even though that's a breaking change? Feedback welcome before this comes out of draft.

Testing

  • Apps unit tests: 357 passing on net8.0 and net10.0.

heyitsaamir and others added 2 commits July 2, 2026 16:13
Derive inbound bot app id from recipient botId and use recipient agentic identity for BotBuilder compat defaults. Preserve botId through channel account mapping and add focused tests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@heyitsaamir heyitsaamir requested a review from MehakBindra July 3, 2026 01:14
@heyitsaamir heyitsaamir changed the title Add user token agentic identity defaults Thread BotRequestContext through Apps API clients and OAuth flows Jul 3, 2026
@heyitsaamir heyitsaamir requested a review from Copilot July 3, 2026 01:17
@heyitsaamir heyitsaamir requested a review from singhk97 July 3, 2026 01:17

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR propagates BotRequestContext (agentic identity + bot app id) from inbound activities through the Microsoft.Teams.Apps API surface down into core UserTokenClient and OAuth flows, enabling per-request authentication scoping/overrides without relying on ambient state.

Changes:

  • Add BotRequestContext? overloads across Microsoft.Teams.Core.UserTokenClient operations and stamp the request context into BotRequestOptions.
  • Extend ApiClient with default request-context scoping (ForRequestContext, ForActivity) and thread that context through Apps sub-clients.
  • Update OAuth flow and tests/integration tests to use the new request-context threading and revised method signatures.

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated no comments.

Show a summary per file
File Description
core/src/Microsoft.Teams.Core/UserTokenClient.cs Adds BotRequestContext? overloads and passes request context into request options for token/sign-in operations.
core/src/Microsoft.Teams.Apps/Api/Clients/ApiClient.cs Introduces default request context on ApiClient and adds ForRequestContext / ForActivity scoping.
core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs Threads a scoped default request context into conversation sub-clients and adds a BotRequestContext? create overload.
core/src/Microsoft.Teams.Apps/Api/Clients/ActivityClient.cs Adds request-context override overloads for non-targeted activity create/update/reply and merges scoped context into calls.
core/src/Microsoft.Teams.Apps/Api/Clients/MemberClient.cs Threads scoped request context into member operations by merging with per-call agentic identity.
core/src/Microsoft.Teams.Apps/Api/Clients/ReactionClient.cs Threads scoped request context into reaction operations by merging with per-call agentic identity.
core/src/Microsoft.Teams.Apps/Api/Clients/TeamClient.cs Stores scoped default request context and merges it into per-call options.
core/src/Microsoft.Teams.Apps/Api/Clients/MeetingClient.cs Stores scoped default request context and merges it into per-call options.
core/src/Microsoft.Teams.Apps/Api/Clients/UserTokenApiClient.cs Stores scoped default request context and merges it with per-call agentic identity for user-token calls.
core/src/Microsoft.Teams.Apps/OAuth/OAuthFlow.cs Derives inbound BotRequestContext from the activity and forwards it to underlying user-token calls.
core/src/Microsoft.Teams.Apps/Context.cs Switches Context.Api to scope via ApiClient.ForActivity(Activity) to flow inbound request context automatically.
core/src/Microsoft.Teams.Apps/Schema/TeamsChannelAccount.cs Preserves BotId when converting from ChannelAccount.
core/test/Microsoft.Teams.Core.UnitTests/UserTokenClientTests.cs Adds a unit test validating that agentic identity is stamped into HttpRequestMessage.Options.
core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTests.cs Updates mocks to match new user-token client signatures that accept BotRequestContext?.
core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTelemetryTests.cs Updates telemetry tests’ mocks for the new BotRequestContext? signatures.
core/test/Microsoft.Teams.Apps.UnitTests/ApiClientAgenticIdentityTests.cs Adds coverage for context-scoped user-token calls and BotId preservation.
core/test/IntegrationTests/IntegrationTestFixture.cs Scopes integration ApiClient with request context derived from fixture AgenticIdentity.
core/test/IntegrationTests/ApiClientTests.cs Removes skips for user-token scenarios now that agentic identity/request context is supported.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

singhk97
singhk97 previously approved these changes Jul 6, 2026
Standard (non-agentic) inbound activities do not populate Recipient.BotId,
so deriving BotAppId solely from BotId incorrectly yielded null. Fall back
to Recipient.Id, which carries the Teams-style "28:<appId>" value that
NormalizeAppId strips.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@heyitsaamir heyitsaamir force-pushed the heyitsaamir-usertoken-agentic-defaults branch from 7fa48e8 to 411bbfd Compare July 6, 2026 18:53
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@heyitsaamir heyitsaamir force-pushed the heyitsaamir-usertoken-agentic-defaults branch from 411bbfd to 74792ac Compare July 6, 2026 19:19
@heyitsaamir heyitsaamir changed the base branch from heyitsaamir-agentic-identity-defaults to heyitsaamir-heyitsaamir-usertoken-core-overloads July 6, 2026 19:20
@heyitsaamir heyitsaamir marked this pull request as draft July 6, 2026 19:20
heyitsaamir and others added 2 commits July 6, 2026 12:26
Removes the AgenticIdentity? convenience overloads from UserTokenClient so
each operation exposes just the original overload plus a BotRequestContext?
overload. Callers holding an AgenticIdentity convert via the public
BotRequestContext.FromAgenticIdentity(...). Test updated to exercise the
BotRequestContext overload directly.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@heyitsaamir heyitsaamir force-pushed the heyitsaamir-usertoken-agentic-defaults branch from 74792ac to 5506147 Compare July 6, 2026 19:27
Base automatically changed from heyitsaamir-heyitsaamir-usertoken-core-overloads to heyitsaamir-agentic-identity-defaults July 6, 2026 19:46
Base automatically changed from heyitsaamir-agentic-identity-defaults to main July 6, 2026 22:22
@heyitsaamir heyitsaamir dismissed singhk97’s stale review July 6, 2026 22:22

The base branch was changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants