Support V1/V2 per-audience token acquisition for MCP servers#226
Draft
Support V1/V2 per-audience token acquisition for MCP servers#226
Conversation
V2 MCP servers carry their own audience GUID and require a distinct OAuth token per server rather than the shared ATG token. This change adds per-audience token caching in listToolServers (TurnContext path) so each server receives the correct Authorization header. Key changes: - contracts.ts: add optional audience?/scope? to MCPServerConfig and MCPServerManifestEntry - ToolingConfiguration.ts: export resolveTokenScopeForServer — returns per-server scope for V2 GUIDs, falls back to shared ATG scope for V1 - McpToolServerConfigurationService: new private attachPerAudienceTokens acquires one token per unique scope and patches each server's headers; gateway response and manifest parsing now preserve audience/scope fields - McpToolRegistrationService (Claude ext): use server.headers for the Authorization token set by listToolServers instead of overwriting with the single ATG token V1 agents are unaffected — no audience field means ATG scope as before.
…js extensions - resolveTokenScopeForServer now uses server.scope for V2 servers when present, falling back to audience/.default (pre-consented scopes cover both cases) - OpenAI and LangChain extensions now apply per-audience Authorization headers from server.headers instead of a single shared discovery token - Restore MCP_PLATFORM_PROD_BASE_URL to production endpoint - Update tests to reflect V2 explicit scope behavior
…pattern Replaces the earlier OBO-only approach with a TokenAcquirer abstraction so dev and prod share the same attachPerAudienceTokens code path. Dev mode uses env-var-based acquirer (BEARER_TOKEN_<NAME> / BEARER_TOKEN fallback); prod uses OBO via AgenticAuthenticationService. Eliminates the dev hang where GetAgenticUserToken was called unconditionally before manifest loading. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolves ESLint no-restricted-properties violation: direct process.env access in McpToolServerConfigurationService is replaced by getBearerTokenForServer() on ToolingConfiguration. Removes the shared BEARER_TOKEN fallback — each server now requires its own BEARER_TOKEN_<NAME> env var. Updated tests accordingly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace broad startsWith('api://') check with an exact match against
ATG_APP_ID_URI ('api://ea9ffc3e-...'), mirroring the Python utility.py logic.
This allows V2 servers that use api:// audience URIs to get their own
per-server token instead of being silently routed to the shared ATG scope.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Problem
The SDK previously hardcoded a single shared token audience (
ea9ffc3e-8a23-4a7d-836d-234d7c7565c1/.default) for all MCP servers.With V2 MCP servers introducing per-server audience GUIDs, each server now requires its own OAuth token. Using the shared ATG token for V2 servers leads to authentication failures.
Changes
agents-a365-tooling
contracts.ts
audience?: stringandscope?: stringto:MCPServerConfigMCPServerManifestEntryToolingConfiguration.ts
resolveTokenScopeForServer(server)${audience}/.defaultfor V2 GUID audiencesapi://prefixMcpToolServerConfigurationService.ts
attachPerAudienceTokens():GetAgenticUserTokencall per unique audience (with caching)Authorization: Bearerheader per serverlistToolServers(TurnContext path):attachPerAudienceTokens()after discoveryagenticAppId,authToken) remains unchangedaudience/scopeagents-a365-tooling-extensions-claude
server.headers(fromlistToolServers) for AuthorizationGetToolRequestHeadersCompatibility
audience?/scope?fieldsresolveTokenScopeForServerexportlistToolServers(agenticAppId, authToken)Tests
Updated
New (11 total)
resolveTokenScopeForServer
api://prefixPer-audience token acquisition