End-to-end fixes for agentic identities (#145)

* Adding agentic test sample

* Removed extra logic around Graph token exchange

* Basics for closing the loop with agentic work

* Basics for closing the loop with agentic work

* Adding conversation id truncation to all conversation operations that depend on it to form the API endpoint

* Reformatting

* Logging in sample

* Refactored _get_agentic_token

* Cleaning up changes

* Centralizing conversation id normalization code

Author: rodrigobr-msft

libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/channel_service_adapter.py

@@ -213,21 +213,21 @@ async def create_conversation(  # pylint: disable=arguments-differ
         claims_identity = self.create_claims_identity(agent_app_id)
         claims_identity.claims[AuthenticationConstants.SERVICE_URL_CLAIM] = service_url
 
-        # Create a UserTokenClient instance for the application to use. (For example, in the OAuthPrompt.)
-        user_token_client: UserTokenClient = (
-            await self._channel_service_client_factory.create_user_token_client(
-                claims_identity
-            )
-        )
-
         # Create a turn context and run the pipeline.
         context = self._create_turn_context(
             claims_identity,
             None,
-            user_token_client,
             callback,
         )
 
+        # Create a UserTokenClient instance for the application to use. (For example, in the OAuthPrompt.)
+        user_token_client: UserTokenClient = (
+            await self._channel_service_client_factory.create_user_token_client(
+                context, claims_identity
+            )
+        )
+        context.turn_state[self.USER_TOKEN_CLIENT_KEY] = user_token_client
+
         # Create the connector client to use for outbound requests.
         connector_client: ConnectorClient = (
             await self._channel_service_client_factory.create_connector_client(
@@ -264,22 +264,21 @@ async def process_proactive(
         callback: Callable[[TurnContext], Awaitable],
     ):
 
-        # Create a UserTokenClient instance for the application to use. (For example, in the OAuthPrompt.)
-        user_token_client: UserTokenClient = (
-            await self._channel_service_client_factory.create_user_token_client(
-                claims_identity
-            )
-        )
-
         # Create a turn context and run the pipeline.
         context = self._create_turn_context(
             claims_identity,
             audience,
-            user_token_client,
             callback,
             activity=continuation_activity,
         )
 
+        user_token_client: UserTokenClient = (
+            await self._channel_service_client_factory.create_user_token_client(
+                context, claims_identity
+            )
+        )
+        context.turn_state[self.USER_TOKEN_CLIENT_KEY] = user_token_client
+
         # Create the connector client to use for outbound requests.
         connector_client: ConnectorClient = (
             await self._channel_service_client_factory.create_connector_client(
@@ -338,22 +337,22 @@ async def process_activity(
         ):
             use_anonymous_auth_callback = True
 
-        # Create a UserTokenClient instance for the OAuth flow.
-        user_token_client: UserTokenClient = (
-            await self._channel_service_client_factory.create_user_token_client(
-                claims_identity, use_anonymous_auth_callback
-            )
-        )
-
         # Create a turn context and run the pipeline.
         context = self._create_turn_context(
             claims_identity,
             outgoing_audience,
-            user_token_client,
             callback,
             activity=activity,
         )
 
+        # Create a UserTokenClient instance for the OAuth flow.
+        user_token_client: UserTokenClient = (
+            await self._channel_service_client_factory.create_user_token_client(
+                context, claims_identity, use_anonymous_auth_callback
+            )
+        )
+        context.turn_state[self.USER_TOKEN_CLIENT_KEY] = user_token_client
+
         # Create the connector client to use for outbound requests.
         connector_client: ConnectorClient = (
             await self._channel_service_client_factory.create_connector_client(
@@ -425,14 +424,12 @@ def _create_turn_context(
         self,
         claims_identity: ClaimsIdentity,
         oauth_scope: str,
-        user_token_client: UserTokenClientBase,
         callback: Callable[[TurnContext], Awaitable],
         activity: Optional[Activity] = None,
     ) -> TurnContext:
         context = TurnContext(self, activity, claims_identity)
 
         context.turn_state[self.AGENT_IDENTITY_KEY] = claims_identity
-        context.turn_state[self.USER_TOKEN_CLIENT_KEY] = user_token_client
         context.turn_state[self.AGENT_CALLBACK_HANDLER_KEY] = callback
         context.turn_state[self.CHANNEL_SERVICE_FACTORY_KEY] = (
             self._channel_service_client_factory

libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/channel_service_client_factory_base.py

@@ -6,12 +6,14 @@
     ConnectorClientBase,
     UserTokenClientBase,
 )
+from microsoft_agents.hosting.core.turn_context import TurnContext
 
 
 class ChannelServiceClientFactoryBase(Protocol):
     @abstractmethod
     async def create_connector_client(
         self,
+        context: TurnContext,
         claims_identity: ClaimsIdentity,
         service_url: str,
         audience: str,
@@ -32,7 +34,10 @@ async def create_connector_client(
 
     @abstractmethod
     async def create_user_token_client(
-        self, claims_identity: ClaimsIdentity, use_anonymous: bool = False
+        self,
+        context: TurnContext,
+        claims_identity: ClaimsIdentity,
+        use_anonymous: bool = False,
     ) -> UserTokenClientBase:
         """
         Creates the appropriate UserTokenClientBase instance.

libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/connector/client/connector_client.py

@@ -122,8 +122,12 @@ async def get_attachment(self, attachment_id: str, view_id: str) -> BytesIO:
 
 class ConversationsOperations(ConversationsBase):
 
-    def __init__(self, client: ClientSession):
+    def __init__(self, client: ClientSession, **kwargs):
         self.client = client
+        self._max_conversation_id_length = kwargs.get("max_conversation_id_length", 200)
+
+    def _normalize_conversation_id(self, conversation_id: str) -> str:
+        return conversation_id[: self._max_conversation_id_length]
 
     async def get_conversations(
         self, continuation_token: Optional[str] = None
@@ -193,11 +197,16 @@ async def reply_to_activity(
             )
             raise ValueError("conversationId and activityId are required")
 
+        print("\n*3")
+        print(conversation_id)
+        print("\n*3")
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities/{activity_id}"
 
         logger.info(
             f"Replying to activity: {activity_id} in conversation: {conversation_id}. Activity type is {body.type}"
         )
+
         async with self.client.post(
             url,
             json=body.model_dump(
@@ -216,7 +225,8 @@ async def reply_to_activity(
             logger.info(
                 f"Reply to conversation/activity: {result.get('id')}, {activity_id}"
             )
-            return ResourceResponse.model_validate(result)
+
+        return ResourceResponse.model_validate(result)
 
     async def send_to_conversation(
         self, conversation_id: str, body: Activity
@@ -235,6 +245,7 @@ async def send_to_conversation(
             )
             raise ValueError("conversationId is required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities"
 
         logger.info(
@@ -271,6 +282,7 @@ async def update_activity(
             )
             raise ValueError("conversationId and activityId are required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities/{activity_id}"
 
         logger.info(
@@ -303,6 +315,7 @@ async def delete_activity(self, conversation_id: str, activity_id: str) -> None:
             )
             raise ValueError("conversationId and activityId are required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities/{activity_id}"
 
         logger.info(
@@ -332,6 +345,7 @@ async def upload_attachment(
             )
             raise ValueError("conversationId is required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/attachments"
 
         # Convert the AttachmentData to a dictionary
@@ -371,6 +385,7 @@ async def get_conversation_members(
             )
             raise ValueError("conversationId is required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/members"
 
         logger.info(f"Getting conversation members for conversation: {conversation_id}")
@@ -402,6 +417,7 @@ async def get_conversation_member(
             )
             raise ValueError("conversationId and memberId are required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/members/{member_id}"
 
         logger.info(
@@ -434,6 +450,7 @@ async def delete_conversation_member(
             )
             raise ValueError("conversationId and memberId are required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/members/{member_id}"
 
         logger.info(
@@ -464,6 +481,7 @@ async def get_activity_members(
             )
             raise ValueError("conversationId and activityId are required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities/{activity_id}/members"
 
         logger.info(
@@ -507,6 +525,7 @@ async def get_conversation_paged_members(
         if continuation_token is not None:
             params["continuationToken"] = continuation_token
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/pagedmembers"
 
         logger.info(
@@ -540,6 +559,7 @@ async def send_conversation_history(
             )
             raise ValueError("conversationId is required")
 
+        conversation_id = self._normalize_conversation_id(conversation_id)
         url = f"v3/conversations/{conversation_id}/activities/history"
 
         logger.info(f"Sending conversation history to conversation: {conversation_id}")