Fix three MCP tooling bugs: bearer token fallback, x-ms-agentid header, and legacy path per-audience tokens

Author: biswapm

packages/agents-a365-tooling-extensions-claude/src/McpToolRegistrationService.ts

@@ -66,7 +66,7 @@ export class McpToolRegistrationService {
     for (const server of servers) {
       // server.headers contains the per-audience Authorization token set by listToolServers.
       // Merge with non-auth headers (channelId, user-agent); server.headers auth takes precedence.
-      const baseHeaders = Utility.GetToolRequestHeaders(undefined, turnContext, options);
+      const baseHeaders = Utility.GetToolRequestHeaders(authToken, turnContext, options);
       const headers = { ...baseHeaders, ...server.headers };
 
       // Add each server to the config object

packages/agents-a365-tooling-extensions-langchain/src/McpToolRegistrationService.ts

@@ -80,7 +80,7 @@ export class McpToolRegistrationService {
 
     for (const server of servers) {
       // Merge base headers (channel, user-agent) with per-audience Authorization from server.headers
-      const baseHeaders: Record<string, string> = Utility.GetToolRequestHeaders(undefined, turnContext, options);
+      const baseHeaders: Record<string, string> = Utility.GetToolRequestHeaders(authToken, turnContext, options);
       const headers: Record<string, string> = { ...baseHeaders, ...server.headers };
 
       // Create Connection instance for LangChain agents

packages/agents-a365-tooling-extensions-openai/src/McpToolRegistrationService.ts

@@ -68,7 +68,7 @@ export class McpToolRegistrationService {
 
     for (const server of servers) {
       // Merge base headers (channel, user-agent) with per-audience Authorization from server.headers
-      const baseHeaders: Record<string, string> = Utility.GetToolRequestHeaders(undefined, turnContext, options);
+      const baseHeaders: Record<string, string> = Utility.GetToolRequestHeaders(authToken, turnContext, options);
       const headers: Record<string, string> = { ...baseHeaders, ...server.headers };
 
       // Create MCPServerStreamableHttp instance for OpenAI agents

packages/agents-a365-tooling/src/McpToolServerConfigurationService.ts

@@ -89,9 +89,20 @@ export class McpToolServerConfigurationService {
       const authToken = authTokenOrAuthorization;
       const toolOptions = optionsOrAuthHandlerName as ToolOptions | undefined;
 
-      return await (this.isDevScenario()
+      const servers = await (this.isDevScenario()
         ? this.getMCPServerConfigsFromManifest()
         : this.getMCPServerConfigsFromToolingGateway(agenticAppId, authToken, undefined, toolOptions));
+
+      // Apply per-audience tokens on the legacy path too, using the same structural path as the
+      // new overload so V2 servers are never silently missing an Authorization header.
+      // Dev: reads from BEARER_TOKEN_<NAME> / BEARER_TOKEN env vars, supports V1 and V2.
+      // Prod: uses the shared authToken for V1 servers; throws for V2 servers (OBO requires
+      //       Authorization and authHandlerName — use the TurnContext-based overload instead).
+      const acquire = this.isDevScenario()
+        ? this.createDevTokenAcquirer()
+        : this.createLegacyProdTokenAcquirer(authToken);
+
+      return await this.attachPerAudienceTokens(servers, acquire);
     } else {
       // NEW PATH: listToolServers(turnContext, authorization, authHandlerName, authToken?, options?)
       const turnContext = agenticAppIdOrTurnContext;
@@ -183,6 +194,27 @@ export class McpToolServerConfigurationService {
     };
   }
 
+  /**
+   * Returns a TokenAcquirer for the deprecated legacy (agenticAppId, authToken) overload in prod.
+   * V1 servers (ATG shared scope) receive the caller-supplied authToken directly.
+   * V2 servers (per-audience scope) throw immediately — OBO exchange requires Authorization and
+   * authHandlerName which the legacy signature does not provide; callers must migrate to the
+   * TurnContext-based overload.
+   */
+  private createLegacyProdTokenAcquirer(authToken: string): TokenAcquirer {
+    const sharedScope = this.configProvider.getConfiguration().mcpPlatformAuthenticationScope;
+    return (server, scope) => {
+      if (scope !== sharedScope) {
+        throw new Error(
+          `MCP server '${server.mcpServerName}' requires a per-audience token (scope: '${scope}'). ` +
+          `Per-audience token exchange is not supported by the deprecated listToolServers(agenticAppId, authToken) overload. ` +
+          `Migrate to listToolServers(turnContext, authorization, authHandlerName) instead.`
+        );
+      }
+      return Promise.resolve(authToken);
+    };
+  }
+
   /**
    * Returns a TokenAcquirer that performs OBO token exchange via AgenticAuthenticationService.
    * Throws if the exchange returns null so callers receive an explicit error rather than a

packages/agents-a365-tooling/src/configuration/ToolingConfiguration.ts

@@ -97,6 +97,6 @@ export class ToolingConfiguration extends RuntimeConfiguration {
    */
   getBearerTokenForServer(mcpServerName: string): string | undefined {
     const key = mcpServerName.toUpperCase();
-    return process.env[`BEARER_TOKEN_${key}`];
+    return process.env[`BEARER_TOKEN_${key}`] ?? process.env['BEARER_TOKEN'];
   }
 }

tests/tooling/McpToolServerConfigurationService.test.ts

@@ -1405,9 +1405,10 @@ describe('McpToolServerConfigurationService', () => {
       expect(servers[0].headers?.Authorization).toBe(`Bearer ${mockToken}`);
     });
 
-    it('should pass audience and scope through from gateway into MCPServerConfig (legacy path)', async () => {
-      // Uses legacy path so attachPerAudienceTokens is not called — pure field passthrough check
+    it('should pass audience and scope through from gateway into MCPServerConfig (TurnContext path)', async () => {
+      // Verifies gateway response fields are preserved end-to-end using the preferred TurnContext path.
       const v2Audience = 'eeeeffff-0000-1111-2222-333344445555';
+      const mockToken = createMockJwt('v2-fields');
       // eslint-disable-next-line @typescript-eslint/no-require-imports
       const axios = require('axios');
       jest.spyOn(axios, 'get').mockResolvedValue({
@@ -1418,11 +1419,129 @@ describe('McpToolServerConfigurationService', () => {
           scope: 'Tools.ListInvoke.All'
         }]
       });
+      getAgenticUserTokenSpy.mockResolvedValue(mockToken);
 
-      const servers = await service.listToolServers('agent-id', 'mock-auth-token');
+      const servers = await service.listToolServers(mockContext, mockAuthorization, 'graph', mockToken);
 
       expect(servers[0].audience).toBe(v2Audience);
       expect(servers[0].scope).toBe('Tools.ListInvoke.All');
     });
   });
+
+  describe('listToolServers legacy path — per-audience token attachment', () => {
+    const createMockJwt = () => {
+      const header = Buffer.from(JSON.stringify({ alg: 'HS256', typ: 'JWT' })).toString('base64url');
+      const payload = Buffer.from(JSON.stringify({ exp: Math.floor(Date.now() / 1000) + 3600 })).toString('base64url');
+      return `${header}.${payload}.mock-sig`;
+    };
+
+    afterEach(() => {
+      delete process.env.BEARER_TOKEN;
+      delete process.env.BEARER_TOKEN_MAILSERVER;
+      delete process.env.BEARER_TOKEN_V2SERVER;
+    });
+
+    describe('dev mode (manifest)', () => {
+      beforeEach(() => { process.env.NODE_ENV = 'Development'; });
+
+      it('should attach BEARER_TOKEN for a V1 server when BEARER_TOKEN is set', async () => {
+        process.env.BEARER_TOKEN = 'shared-dev-token';
+        const manifestContent = {
+          mcpServers: [{ mcpServerName: 'mailServer', url: 'http://localhost:3000' }]
+        };
+        jest.spyOn(fs, 'existsSync').mockReturnValue(true);
+        jest.spyOn(fs, 'readFileSync').mockReturnValue(JSON.stringify(manifestContent));
+
+        const servers = await service.listToolServers('agent-id', 'mock-auth-token');
+
+        expect(servers[0].headers?.Authorization).toBe('Bearer shared-dev-token');
+      });
+
+      it('should attach BEARER_TOKEN_<NAME> for a V2 server when per-server env var is set', async () => {
+        process.env.BEARER_TOKEN_V2SERVER = 'v2-dev-token';
+        const v2Audience = 'aaaabbbb-1234-5678-abcd-111122223333';
+        const manifestContent = {
+          mcpServers: [{ mcpServerName: 'v2Server', url: 'http://localhost:3001', audience: v2Audience }]
+        };
+        jest.spyOn(fs, 'existsSync').mockReturnValue(true);
+        jest.spyOn(fs, 'readFileSync').mockReturnValue(JSON.stringify(manifestContent));
+
+        const servers = await service.listToolServers('agent-id', 'mock-auth-token');
+
+        expect(servers[0].headers?.Authorization).toBe('Bearer v2-dev-token');
+      });
+
+      it('should leave headers undefined when no env var tokens are set', async () => {
+        const manifestContent = {
+          mcpServers: [{ mcpServerName: 'mailServer', url: 'http://localhost:3000' }]
+        };
+        jest.spyOn(fs, 'existsSync').mockReturnValue(true);
+        jest.spyOn(fs, 'readFileSync').mockReturnValue(JSON.stringify(manifestContent));
+
+        const servers = await service.listToolServers('agent-id', 'mock-auth-token');
+
+        expect(servers[0].headers?.Authorization).toBeUndefined();
+      });
+    });
+
+    describe('prod mode (gateway)', () => {
+      beforeEach(() => {
+        process.env.NODE_ENV = 'production';
+        jest.spyOn(Utility, 'ValidateAuthToken').mockImplementation(() => {});
+      });
+
+      it('should attach the shared authToken for a V1 server (no audience)', async () => {
+        const mockToken = createMockJwt();
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const axios = require('axios');
+        jest.spyOn(axios, 'get').mockResolvedValue({
+          data: [{ mcpServerName: 'mailServer', url: 'http://prod.example.com' }]
+        });
+
+        const servers = await service.listToolServers('agent-id', mockToken);
+
+        expect(servers[0].headers?.Authorization).toBe(`Bearer ${mockToken}`);
+      });
+
+      it('should throw for a V2 server (non-ATG audience) with a message directing to the TurnContext overload', async () => {
+        const v2Audience = 'aaaabbbb-1234-5678-abcd-111122223333';
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const axios = require('axios');
+        jest.spyOn(axios, 'get').mockResolvedValue({
+          data: [{ mcpServerName: 'v2Server', url: 'http://v2.example.com', audience: v2Audience }]
+        });
+
+        await expect(
+          service.listToolServers('agent-id', 'mock-auth-token')
+        ).rejects.toThrow("MCP server 'v2Server' requires a per-audience token");
+      });
+
+      it('should throw with a message that names the migration overload', async () => {
+        const v2Audience = 'ccccdddd-5678-9012-efab-444455556666';
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const axios = require('axios');
+        jest.spyOn(axios, 'get').mockResolvedValue({
+          data: [{ mcpServerName: 'v2Tools', url: 'http://v2tools.example.com', audience: v2Audience }]
+        });
+
+        await expect(
+          service.listToolServers('agent-id', 'mock-auth-token')
+        ).rejects.toThrow('listToolServers(turnContext, authorization, authHandlerName)');
+      });
+
+      it('should NOT throw for a V1 server whose audience explicitly equals the shared ATG AppId', async () => {
+        const atgAppId = 'ea9ffc3e-8a23-4a7d-836d-234d7c7565c1';
+        const mockToken = createMockJwt();
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const axios = require('axios');
+        jest.spyOn(axios, 'get').mockResolvedValue({
+          data: [{ mcpServerName: 'legacyServer', url: 'http://legacy.example.com', audience: atgAppId }]
+        });
+
+        const servers = await service.listToolServers('agent-id', mockToken);
+
+        expect(servers[0].headers?.Authorization).toBe(`Bearer ${mockToken}`);
+      });
+    });
+  });
 });

tests/tooling/configuration/ToolingConfiguration.test.ts

@@ -225,6 +225,41 @@ describe('ToolingConfiguration', () => {
     });
   });
 
+  describe('getBearerTokenForServer', () => {
+    it('should return per-server token when BEARER_TOKEN_<NAME> is set', () => {
+      process.env.BEARER_TOKEN_MYSERVER = 'per-server-token';
+      const config = new ToolingConfiguration({});
+      expect(config.getBearerTokenForServer('myserver')).toBe('per-server-token');
+    });
+
+    it('should fall back to BEARER_TOKEN when per-server var is not set', () => {
+      delete process.env.BEARER_TOKEN_MYSERVER;
+      process.env.BEARER_TOKEN = 'shared-token';
+      const config = new ToolingConfiguration({});
+      expect(config.getBearerTokenForServer('myserver')).toBe('shared-token');
+    });
+
+    it('should return undefined when neither per-server nor shared token is set', () => {
+      delete process.env.BEARER_TOKEN_MYSERVER;
+      delete process.env.BEARER_TOKEN;
+      const config = new ToolingConfiguration({});
+      expect(config.getBearerTokenForServer('myserver')).toBeUndefined();
+    });
+
+    it('should prefer per-server token over shared BEARER_TOKEN when both are set', () => {
+      process.env.BEARER_TOKEN_MYSERVER = 'per-server-token';
+      process.env.BEARER_TOKEN = 'shared-token';
+      const config = new ToolingConfiguration({});
+      expect(config.getBearerTokenForServer('myserver')).toBe('per-server-token');
+    });
+
+    it('should uppercase the server name when looking up the env var', () => {
+      process.env.BEARER_TOKEN_MY_SERVER = 'upper-token';
+      const config = new ToolingConfiguration({});
+      expect(config.getBearerTokenForServer('my_server')).toBe('upper-token');
+    });
+  });
+
   describe('combined overrides', () => {
     it('should allow overriding both runtime and tooling settings', () => {
       const config = new ToolingConfiguration({