Thread BotRequestContext through Apps API clients and OAuth flows#589
Open
heyitsaamir wants to merge 10 commits into
Open
Thread BotRequestContext through Apps API clients and OAuth flows#589heyitsaamir wants to merge 10 commits into
heyitsaamir wants to merge 10 commits into
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR propagates BotRequestContext (agentic identity + bot app id) from inbound activities through the Microsoft.Teams.Apps API surface down into core UserTokenClient and OAuth flows, enabling per-request authentication scoping/overrides without relying on ambient state.
Changes:
- Add
BotRequestContext?overloads acrossMicrosoft.Teams.Core.UserTokenClientoperations and stamp the request context intoBotRequestOptions. - Extend
ApiClientwith default request-context scoping (ForRequestContext,ForActivity) and thread that context through Apps sub-clients. - Update OAuth flow and tests/integration tests to use the new request-context threading and revised method signatures.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| core/src/Microsoft.Teams.Core/UserTokenClient.cs | Adds BotRequestContext? overloads and passes request context into request options for token/sign-in operations. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ApiClient.cs | Introduces default request context on ApiClient and adds ForRequestContext / ForActivity scoping. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ConversationApiClient.cs | Threads a scoped default request context into conversation sub-clients and adds a BotRequestContext? create overload. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ActivityClient.cs | Adds request-context override overloads for non-targeted activity create/update/reply and merges scoped context into calls. |
| core/src/Microsoft.Teams.Apps/Api/Clients/MemberClient.cs | Threads scoped request context into member operations by merging with per-call agentic identity. |
| core/src/Microsoft.Teams.Apps/Api/Clients/ReactionClient.cs | Threads scoped request context into reaction operations by merging with per-call agentic identity. |
| core/src/Microsoft.Teams.Apps/Api/Clients/TeamClient.cs | Stores scoped default request context and merges it into per-call options. |
| core/src/Microsoft.Teams.Apps/Api/Clients/MeetingClient.cs | Stores scoped default request context and merges it into per-call options. |
| core/src/Microsoft.Teams.Apps/Api/Clients/UserTokenApiClient.cs | Stores scoped default request context and merges it with per-call agentic identity for user-token calls. |
| core/src/Microsoft.Teams.Apps/OAuth/OAuthFlow.cs | Derives inbound BotRequestContext from the activity and forwards it to underlying user-token calls. |
| core/src/Microsoft.Teams.Apps/Context.cs | Switches Context.Api to scope via ApiClient.ForActivity(Activity) to flow inbound request context automatically. |
| core/src/Microsoft.Teams.Apps/Schema/TeamsChannelAccount.cs | Preserves BotId when converting from ChannelAccount. |
| core/test/Microsoft.Teams.Core.UnitTests/UserTokenClientTests.cs | Adds a unit test validating that agentic identity is stamped into HttpRequestMessage.Options. |
| core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTests.cs | Updates mocks to match new user-token client signatures that accept BotRequestContext?. |
| core/test/Microsoft.Teams.Apps.UnitTests/OAuthFlowTelemetryTests.cs | Updates telemetry tests’ mocks for the new BotRequestContext? signatures. |
| core/test/Microsoft.Teams.Apps.UnitTests/ApiClientAgenticIdentityTests.cs | Adds coverage for context-scoped user-token calls and BotId preservation. |
| core/test/IntegrationTests/IntegrationTestFixture.cs | Scopes integration ApiClient with request context derived from fixture AgenticIdentity. |
| core/test/IntegrationTests/ApiClientTests.cs | Removes skips for user-token scenarios now that agentic identity/request context is supported. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stacked on #587. Where #587 fixes the low-level inbound identity (recipient agentic identity + bot app ID), this PR threads that per-request auth context (
BotRequestContext) up through the higher-level Apps API surface so callers can scope or override it.UserTokenClient(core): addBotRequestContext?overloads for every operation (token status, get token, sign-in URL/resource, exchange, sign out, AAD tokens), keeping the existingAgenticIdentity?overloads as convenience wrappers. Request options now carry the passed request context directly.ApiClient: store a defaultBotRequestContext?and split scoping concerns:ForServiceUrl(Uri)now only rebinds the service URL (no request-context parameter).ForRequestContext(BotRequestContext?)scopes/merges the default request context.ForActivity(TeamsActivity)scopes to an inbound activity (service URL +BotRequestContext.FromInboundActivity).Context.Apinow usesApiClient.ForActivity(Activity)so the inbound request context flows automatically.OAuthFlowforwards the inbound request context to the underlying user-token calls.Open question
Should the public APIs accept
BotRequestContextdirectly instead ofAgenticIdentity, even though replacing the existingAgenticIdentityparameters would be a breaking change?BotRequestContextis the newer abstraction and carries both agentic identity and bot app ID, but keeping theAgenticIdentityoverloads is less disruptive.Validation
dotnet test core/test/Microsoft.Teams.Core.UnitTests/Microsoft.Teams.Core.UnitTests.csproj --verbosity minimaldotnet test core/test/Microsoft.Teams.Apps.UnitTests/Microsoft.Teams.Apps.UnitTests.csproj --verbosity minimaldotnet build core/test/IntegrationTests/IntegrationTests.csproj --verbosity minimal