Skip to content

Accept botid audience for agentic inbound tokens#597

Merged
MehakBindra merged 2 commits into
mainfrom
heyitsaamir-agentic-audience-parity
Jul 10, 2026
Merged

Accept botid audience for agentic inbound tokens#597
MehakBindra merged 2 commits into
mainfrom
heyitsaamir-agentic-audience-parity

Conversation

@heyitsaamir

Copy link
Copy Markdown
Collaborator

Summary

  • Add api://botid-{clientId} to Core JWT valid audiences for inbound Teams tokens.
  • Cover the configured inbound audience list in JwtExtensions unit tests so app ID, api://{clientId}, and api://botid-{clientId} are all expected.

Validation

  • dotnet build core/src/Microsoft.Teams.Core/Microsoft.Teams.Core.csproj --no-restore --verbosity minimal
  • dotnet test core/test/Microsoft.Teams.Core.UnitTests/Microsoft.Teams.Core.UnitTests.csproj --no-restore --verbosity minimal

Include the Bot Framework botid application URI in JWT valid audiences for inbound Teams tokens and cover the configured audience list in Core unit tests.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 10, 2026 00:34

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for an additional inbound JWT audience format used by agentic inbound Teams tokens by expanding the configured TokenValidationParameters.ValidAudiences, and updates unit tests to ensure the full expected audience list is configured.

Changes:

  • Extend core JWT bearer configuration to accept api://botid-{clientId} as a valid audience in addition to {clientId} and api://{clientId}.
  • Add a unit test that validates the configured inbound audience list on the named JwtBearerOptions instance.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
core/src/Microsoft.Teams.Core/Hosting/JwtExtensions.cs Adds api://botid-{audience} to the configured ValidAudiences list for inbound token validation.
core/test/Microsoft.Teams.Core.UnitTests/Hosting/JwtExtensionsTests.cs Adds coverage asserting the expected ValidAudiences sequence is configured for the bot auth scheme.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MehakBindra MehakBindra enabled auto-merge July 10, 2026 20:50
@MehakBindra MehakBindra added this pull request to the merge queue Jul 10, 2026
Merged via the queue into main with commit 64b0de1 Jul 10, 2026
7 checks passed
@MehakBindra MehakBindra deleted the heyitsaamir-agentic-audience-parity branch July 10, 2026 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants