On-behalf-of flow in Azure AI Agents

Question

On-behalf-of flow in Azure AI Agents

Pawel Grudzien (c) 0

Hello,

I'm working with Azure AI Agent and aiming to integrate a tool that necessitates the OAuth 2.0 On-Behalf-Of (OBO) flow. Specifically, I want the agent to exchange a user's token and pass it to the tool, enabling actions on behalf of the user.

Upon reviewing the documentation (Azure AI Agent OpenAPI Tools), I noticed support for authentication methods like anonymous, API key, and managed identity. However, there doesn't seem to be mention of OBO flow support.

Could you please confirm if implementing the OBO flow is currently supported? If it is, guidance on setting it up would be appreciated. If not, is there any information on when this feature might be available?

Thank you for your assistance.

1 answer

Your answer

Answer 1

Hi @Pawel Grudzien (c)

Currently, Azure AI Agents do not natively support the OAuth 2.0 On-Behalf-Of (OBO) flow within their OpenAPI tool integrations. The supported authentication methods are limited to anonymous, API key, and managed identity.

Link: How to use Azure AI Agent Service with OpenAPI Specified Tools

However, there are workarounds to implement OBO functionality:

1.Custom Middleware or Plugin: You can develop a custom plugin or middleware that handles the OBO token exchange. For instance, the Chat Copilot sample app demonstrates how to enable an AI Agent to call Microsoft Graph APIs using the OBO flow. This involves setting up a web API that exchanges the user's token for a new token to access downstream APIs on the user's behalf.

Link: Allow your AI Agent to call Microsoft Graph APIs securely with Microsoft Entra ID

2.Manual Token Exchange: Implement the OBO flow manually by configuring your application to acquire tokens using the Microsoft Authentication Library (MSAL). This approach requires handling token acquisition and management within your application's codebase.

Link: Authentication flow support in the Microsoft Authentication Library (MSAL)

It's important to note that these methods require additional development effort and are not out-of-the-box features of Azure AI Agents. As of now, there is no official roadmap indicating when native OBO flow support will be available in Azure AI Agents.Hope this helps. Do let me know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let me know.

Thank you!

Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-15T16:08:22.5933333+00:00

Hi Pawel Grudzien (c),

Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let me know.

Thank You.
Prashanth Veeragoni 4,930 Reputation points Microsoft External Staff Moderator

2025-04-16T16:28:15.42+00:00

Hi Pawel Grudzien (c),

Just checking in to see if you have got a chance to see my response to your question in resolving the issue.

If you are still facing any further issues, please don't hesitate to reach out to us. We are happy to assist you.

Looking forward to your response and appreciate your time on this.

If you feel that your quires have been resolved, please accept the answer by clicking the "Upvote" and "Accept Answer" on the post.

Thank you!

Share via

On-behalf-of flow in Azure AI Agents

1 answer

Your answer