Skip to content

Foundry Hosted Agent from_agent_framework removes Authorization Header disabling OBO possibilities #45797

New issue
New issue
Open
Open
Foundry Hosted Agent from_agent_framework removes Authorization Header disabling OBO possibilities#45797
Labels
customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-triageWorkflow: This is a new issue that needs to be triaged to the appropriate team.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@ashishmundra4001

Description

@ashishmundra4001
ashishmundra4001
opened on Mar 19, 2026
  • Package Name: azure-ai-agentserver-agentframework / azure-ai-agentserver-core
  • Package Version: latest
  • Operating System: Linux/Windows
  • Python Version: 3.12

Describe the bug
We are hosting an Agent in Foundry using the Hosted Agent model. The implementation follows the sample at:
[[foundry-samples/samples/python/hosted-agents/agent-framework/agent-with-foundry-tools/main.py](https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/agent-framework/agent-with-foundry-tools/main.py)](https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/agent-framework/agent-with-foundry-tools/main.py), which relies on the HostingAdapter from_agent_framework.

Currently, I’ve observed that metadata sent via the /responses API is surfaced in AgentContext.agent._request_headers. However, this does not include the OAuth token provided in the Authorization header.

This omission is problematic because:

Our Agent needs to call downstream APIs that are OAuth-protected and require user context.
The ideal flow is to obtain an OBO (On-Behalf-Of) token from the original incoming token.
Without access to the Authorization header, OBO cannot be performed, which makes Agents unsuitable for production scenarios requiring user-context delegation.
A possible workaround is to ask callers to include the OAuth token in the /responses metadata field. However, this is non-standard and insecure, since callers could spoof arbitrary tokens.

To Reproduce
Steps to reproduce the behavior:
You can take this codebase - https://github.com/microsoft-foundry/foundry-samples/blob/main/samples/python/hosted-agents/agent-framework/agent-with-foundry-tools/main.py

And this middleware codebase where Authorization header is not injected - https://github.com/microsoft/agent-framework/blob/fcdaaff9cd32a410c51fb0bfa0080d277cbcab81/python/samples/02-agents/middleware/agent_and_run_level_middleware.py

Expected behavior
The Agent Framework Hosting Adapter should be updated to forward the Authorization header token into the Agent middleware. This would enable Agents to:

  • Retrieve OBO tokens from the original incoming token.
  • Use those OBO tokens to securely call downstream APIs and MCP servers.

Suggested fix (in the Azure SDK repo)
AgentRunContext (or runs_endpoint) should capture the Authorization header from the incoming HTTP request.
AgentFrameworkCBAgent.agent_run() should forward it to self.agent.run(message, client_kwargs={"authorization": token}) so it lands in AgentContext.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Initially I raised this as bug for Agent Framework Team, but they mentioned that its a bug in the package in this github. This is the comment that they have put in - microsoft/agent-framework#4774 (comment)

Metadata

Metadata

Assignees

No one assigned

    Labels

    customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-triageWorkflow: This is a new issue that needs to be triaged to the appropriate team.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions