OAuth env variable names should match .net/python#872
OAuth env variable names should match .net/python#872sw-joelmut wants to merge 8 commits intomainfrom
Conversation
- Renamed properties in AzureBotAuthorizationOptions for clarity and consistency. - Deprecated old properties in AzureBotAuthorizationOptions and provided new alternatives. - Updated environment variable mappings to reflect new property names. - Enhanced error handling for missing required options. - Added new utility function to load configuration from environment variables. - Introduced comprehensive tests for the AuthorizationManager to validate new configurations and ensure backward compatibility with legacy environment variables.
There was a problem hiding this comment.
Pull request overview
This PR standardizes OAuth environment variable naming conventions to align with .NET/Python SDKs and centralizes authorization configuration loading into the AuthorizationManager.
Changes:
- Renamed authorization type from
agentictoAgenticUserAuthorizationwith backward compatibility - Centralized environment variable loading from individual handlers to
AuthorizationManager - Added support for both legacy and latest environment variable formats with case-insensitive matching
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/agents-hosting/src/app/auth/authorizationManager.ts | Centralized options loading logic and environment variable handling |
| packages/agents-hosting/src/app/auth/handlers/azureBotAuthorization.ts | Removed options loading from handler, now receives fully-resolved options |
| packages/agents-hosting/src/app/auth/handlers/agenticAuthorization.ts | Removed options loading from handler, updated type to support both old and new names |
| packages/agents-hosting/src/auth/authConfiguration.ts | Added new env utility function for case-insensitive environment variable loading |
| packages/agents-hosting/test/hosting/app/authorizationmanager.test.ts | Comprehensive test coverage for new centralized authorization manager |
| packages/agents-hosting/test/hosting/app/authorization.test.ts | Updated tests to use new property names |
Comments suppressed due to low confidence (1)
packages/agents-hosting/test/hosting/app/authorization.test.ts:9
- Corrected spelling of 'intitalize' to 'initialize' and 'underfined' to 'undefined'.
it('should intitalize with underfined authorization', () => {
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| const format = legacyProperties | ||
| .map(([prop, value]) => ` ${this._envDefinition.latest.key(id, `__${prop}`)}=${value}`) | ||
| .join('\n') | ||
| logger.warn(this.prefix(id, 'Deprecated environment variables detected, update to the latest format: (case-insensitive)'), `[\n${format}\n]`) |
There was a problem hiding this comment.
would this log sensitive values?
There was a problem hiding this comment.
Yes, it would, thank you for pointing that out, I will improve it so instead of showing the value, it shows a comment of the legacy property to replace. A second option could be applying obfuscation, so the user can reference the legacy property through the value, but i prefer the first option.
| * When using environment variables, this can be set using the `${authHandlerId}_connectionName` variable. | ||
| */ | ||
| name?: string, | ||
| azureBotOAuthConnectionName?: string, |
There was a problem hiding this comment.
is there backwards compat needed for this?
There was a problem hiding this comment.
Yes, i moved all legacy properties at the bottom of the interface
| const app = new AgentApplication({ | ||
| storage: new MemoryStorage(), | ||
| authorization: { | ||
| testAuth: { name: undefined } // triggers legacy mode |
There was a problem hiding this comment.
is something like this required to trigger legacy mode, or does it just work as it used to?
There was a problem hiding this comment.
No, it isn't necessary, it will detect the config or .env variables if they are legacy. I removed the name: undefined
| const app = new AgentApplication({ | ||
| storage: new MemoryStorage(), | ||
| authorization: { | ||
| testAuth: {} |
There was a problem hiding this comment.
Is this empty value now required somehow?
There was a problem hiding this comment.
Defining an auth handler in the authorization config was always required, but now thinking of this, we could improve it by not being required if done from the .env.
| storage: new MemoryStorage(), | ||
| authorization: { | ||
| testAuth: { | ||
| enableSso: false |
There was a problem hiding this comment.
was it always the case that we would merge environment variables + constructor options?
This seems a bit confusing to me, since the env variables are invisible this way.
There was a problem hiding this comment.
Yes, it is confusing, this was already this way, merging the two.
I checked how .net does it, it has two overload constructors, one for loading from Config (appsetting.json) and one for manual (code), it uses one or the other, it doesnt combine the two.
Since we are changing to a new configuration, we could leave the legacy as is, and for the new, apply the same behavior, if there are settings in code, dont use .env, otherwise use .env.
I think it will be a good improvement, it happened to me many times that a sample had the 'azureBotOAuthConnectionName' set in the code, and i was using a different one in the .env and prioritized the code one.
|
Hi @benbrown, I pushed new changes, here is a brief summary: Legacy options
Legacy env
Latest env
Internal changes and improvements
Testing |
Fixes #755
Description
This PR centralizes authorization options loading logic into the
AuthorizationManager, providing a cleaner separation of concerns and unified configuration handling for all authorization handlers.Key Changes
🔄 Renamed Authorization Type
agentictype toAgenticUserAuthorizationfor clarityagenticstill works but shows deprecation warning📦 Centralized Options Loading
.envloading logic from individual handlers toAuthorizationManager🔧 Environment Variable Support
AgentApplication__UserAuthorization__handlers__{id}__settings__{property}{id}_{property}(deprecated)✨ Improvements
loadScopes()utility for parsing comma-separated scope stringsTesting
The following image shows the samples working with legacy and latest settings.
