Fix Agent Framework sample #132
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request fixes the Agent Framework sample by improving local testing support and error handling. It introduces a UseAgenticAuth configuration flag that allows developers to disable agentic authentication for local testing scenarios, preventing MCP tool failures when authentication infrastructure is not available.
Key Changes
- Added
UseAgenticAuthconfiguration option to enable/disable agentic authentication for MCP tools - Simplified authentication handler registration by removing the unused "me" auth handler
- Added try-catch error handling around MCP tool registration to gracefully fall back to local tools only
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| dotnet/agent-framework/sample-agent/appsettings.json | Adds UseAgenticAuth configuration flag with inline comment explaining its purpose for local testing |
| dotnet/agent-framework/sample-agent/Agent/MyAgent.cs | Removes unused "MyAuthHandler", adds UseAgenticAuth check before MCP tool registration, wraps MCP tool loading in try-catch with fallback logging |
Comments suppressed due to low confidence (1)
dotnet/agent-framework/sample-agent/Agent/MyAgent.cs:223
- Condition is always false because of ... != ....
else if (toolService != null && !useAgenticAuth)
| _logger?.LogWarning(ex, "Failed to register MCP tool servers. Continuing with local tools only."); | ||
| } | ||
| } | ||
| else if (toolService != null && !useAgenticAuth) |
There was a problem hiding this comment.
The condition checking logic may be redundant. Line 223 checks "toolService != null && !useAgenticAuth", but this branch will never execute when toolService is null. If toolService is null, neither branch (line 187 or 223) will execute. Consider simplifying to just check "!useAgenticAuth" in the else if condition, or restructure the logic to handle the null toolService case explicitly if logging is desired in that scenario.
| else if (toolService != null && !useAgenticAuth) | |
| else if (!useAgenticAuth) |
| "ApiKey": "----" // This is the API Key of the Azure OpenAI model deployment | ||
| } | ||
| }, | ||
| "UseAgenticAuth": true, // Set to false for local testing without agentic authentication (MCP tools will be skipped) |
There was a problem hiding this comment.
The new UseAgenticAuth configuration option should be documented in the README.md file. This setting is important for local testing scenarios and helps users understand when MCP tools will be skipped. Consider adding a configuration section that explains this option and when to set it to false (e.g., for local testing without agentic authentication).
| var cachedTools = _agentToolCache[toolCacheKey]; | ||
| if (cachedTools != null && cachedTools.Count > 0) | ||
| string toolCacheKey = GetToolCacheKey(turnState); | ||
| if (_agentToolCache.ContainsKey(toolCacheKey)) |
| // Agentic requests require the "agentic" handler for user authorization | ||
| OnActivity(ActivityTypes.Message, OnMessageAsync, isAgenticOnly: true, autoSignInHandlers: new[] { AgenticIdAuthHanlder }); | ||
| OnActivity(ActivityTypes.Message, OnMessageAsync, isAgenticOnly: false , autoSignInHandlers: new[] { MyAuthHanlder }); | ||
| // Non-agentic requests (local testing with Playground) - no auth handler required |
There was a problem hiding this comment.
We need to make sure that this works not just using Agents Playground, but also in regular scenarios.
| // Setup reusable auto sign-in handlers | ||
| // Setup reusable auto sign-in handler for agentic requests | ||
| private readonly string AgenticIdAuthHanlder = "agentic"; | ||
| private readonly string MyAuthHanlder = "me"; |
There was a problem hiding this comment.
By removing the me auth handler we're basically removing the functionality to use OBO authentication, which is not what we should be doing.
| } | ||
| else if (toolService != null && !useAgenticAuth) | ||
| { | ||
| _logger?.LogInformation("UseAgenticAuth is disabled. Skipping MCP tools - using local tools only."); |
There was a problem hiding this comment.
Why would we skip tools if agentic auth is disabled? I think in case the user is unable to authenticate against the MCP platform, the "workaround" should be for them to use the mock MCP servers. By just skipping the tools, the sample will not be doing anything.
| catch (Exception ex) | ||
| { | ||
| // Log warning and continue with local tools only | ||
| _logger?.LogWarning(ex, "Failed to register MCP tool servers. Continuing with local tools only."); |
There was a problem hiding this comment.
I don't mind logging information that can help troubleshoot issue, but I think this should be an error and we should be failing the request if this happens.
- Add MsalUserAuthorization configuration for 'me' handler in appsettings.json - Change MCP tool registration error handling to throw instead of swallow - Remove UseAgenticAuth skip logic - use mock MCP servers for local testing
No description provided.