Skip to content

Add BearerToken Support to Python Open AI#166

Merged
rahuldevikar761 merged 10 commits into
mainfrom
users/radevika/fixOBOScenario
Jan 23, 2026
Merged

Add BearerToken Support to Python Open AI#166
rahuldevikar761 merged 10 commits into
mainfrom
users/radevika/fixOBOScenario

Conversation

@rahuldevikar761

@rahuldevikar761 rahuldevikar761 commented Jan 20, 2026

Copy link
Copy Markdown
Collaborator
image

@rahuldevikar761 rahuldevikar761 requested a review from a team as a code owner January 20, 2026 23:34
Copilot AI review requested due to automatic review settings January 20, 2026 23:34

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds On-Behalf-Of (OBO) authentication support to the Python OpenAI sample agent, making agentic authentication optional and introducing bearer token-based authentication as an alternative for development and testing scenarios.

Changes:

  • Made agentic authentication configurable via USE_AGENTIC_AUTH environment variable
  • Added support for OBO authentication using bearer tokens via BEARER_TOKEN environment variable
  • Implemented three authentication scenarios: Agentic Auth (production), OBO with bearer token (development/testing), and bare LLM mode (no authentication)
  • Added clear logging messages to indicate which authentication mode is active
  • Improved error handling with graceful fallback to bare LLM mode when MCP server setup fails

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
python/openai/sample-agent/host_agent_server.py Conditionalizes agentic authentication setup based on environment variable; only exchanges tokens when agentic auth is enabled
python/openai/sample-agent/agent.py Adds three-scenario authentication logic for MCP server connections with informative logging and fallback behavior

Comment thread python/openai/sample-agent/agent.py Outdated
Comment thread python/openai/sample-agent/agent.py Outdated
Comment thread python/openai/sample-agent/agent.py Outdated
Comment thread python/openai/sample-agent/agent.py Outdated
Comment thread python/openai/sample-agent/host_agent_server.py Outdated
Comment thread python/openai/sample-agent/host_agent_server.py Outdated

@pontemonti pontemonti left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see comments

When MCP tool loading fails (e.g., due to authentication issues in CI/CD),
the agent now continues without tools rather than throwing an exception.
This allows the agent to still respond to basic queries using just the LLM.
Changes:
- Remove USE_AGENTIC_AUTH flag, use AUTH_HANDLER_NAME instead
- Fix terminology: 'bearer token from config' instead of 'OBO'
- Add explicit SKIP_MCP_SERVERS flag for running without tools
- Implement proper priority: bearer_token > auth_handler > skip > localhost
- Fix comments about auth handler requirements
- Always configure auth handlers when AUTH_HANDLER_NAME is set
The previous change broke E2E tests because AGENTIC auth handler
was being used by default but not configured in the test environment.

Now defaults to no auth handler - users must explicitly set
AUTH_HANDLER_NAME=AGENTIC for production agentic authentication.
Instead of throwing errors to the user when MCP servers fail to connect,
the agent now gracefully falls back to bare LLM mode. This allows the
agent to still respond to basic queries even without MCP tools.

Simplified priority logic:
1. SKIP_MCP_SERVERS=true - explicitly skip MCP
2. BEARER_TOKEN - use token from config
3. AUTH_HANDLER_NAME - use agentic auth
4. No auth - skip MCP gracefully (log warning)

Any MCP connection errors are caught and logged, allowing the agent
to continue operating with just the base LLM capabilities.
Comment thread dotnet/semantic-kernel/sample-agent/Agents/Agent365Agent.cs Outdated
@rahuldevikar761 rahuldevikar761 changed the title Add Obo Support to Python Open AI Add BearerToken Support to Python Open AI Jan 22, 2026
mrunalhirve128
mrunalhirve128 previously approved these changes Jan 22, 2026
@rahuldevikar761 rahuldevikar761 merged commit 0e24d06 into main Jan 23, 2026
11 checks passed
@rahuldevikar761 rahuldevikar761 deleted the users/radevika/fixOBOScenario branch January 23, 2026 00:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants