Foundry Agent using Open API Tool configured for Managed Identity unable to get past 401 response

Question

Foundry Agent using Open API Tool configured for Managed Identity unable to get past 401 response

Mike Rains 20

I have spent several days on this. Following articles such as:
https://learn.microsoft.com/en-us/azure/ai-foundry/agents/how-to/tools/openapi?view=foundry&preserve-view=true&pivots=csharp#authenticate-by-using-managed-identity-microsoft-entra-id

I have an Api 421xxxxxxxxxxxx deployed that has an AppRole named 'AppOnlyRole' which I have assigned to the Service Principal bbbxxxxxxxxxxxx which is the Foundry System-assigned Managed Identity. I have also created a Federated Credential for that Managed Identity on the Api AppReg 421xxxxxxxxxxxxxxxx

I have confirmed the API works by invoking it from a React client.

The Agent's Open API Tool Audience is set to 421xxxxxxxxxxxxxxxx
It is not api://421xxxxxxxxxxxxxxx or api://421xxxxxxxxxxxxxx/AppOnlyRole.

I have used New-MgServicePrincipalAppRoleAssignment to assign the AppOnlyRole to the Foundry Managed Identity, and I see it on the Enterprise App Security blade confirming it is assigned.

Using the Agent Playground, I send a message "get user info" and the agent correctly finds the Open API Endpoint and invokes it with an access token. The agent responds with this error:
Error{ "error": "Validation Error", "message": "('HTTP error 401: Unauthorized', 'http_client_error', {'curl': "curl -X GET 'https://mike-ai-crudtool-yrmg5np.azurewebsites.net/api/tasks/GetUserInfo?REDACTED' -H 'Content-Type: REDACTED' -H 'Accept: REDACTED' -H 'Authorization: REDACTED'"})", "func_call_name": "GetUserInfo", "spec_id": "MikeTestApiAuth", "type": "ValidationError", "debug_info": { "error_type": "validation_error", "tool_name": "python_openapi_tool_MikeTestApiAuth", "curl_command": "curl -X GET 'https://mike-ai-crudtool-yrmg5np.azurewebsites.net/api/tasks/GetUserInfo?REDACTED' -H 'Content-Type: REDACTED' -H 'Accept: REDACTED' -H 'Authorization: REDACTED'" } }

My API logs the access token to the console, and I can see the Application Identity claim value is the Foundry Managed Identity App Id. The token passes validation:
IDX10234: Audience Validated.Audience: '421xxxxxxxxxxxxxxxxxxxxxx'
but user?.Identity?.IsAuthenticated is false. There are no scp or role claims in the token.

The Controller is not demanding a scope, it simply has the attribute [Authorize]

The API configuration for MS Identity is:
builder.Services

.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)

.AddMicrosoftIdentityWebApi(jwtOptions =>

{

    jwtOptions.Authority = "https://login.microsoftonline.com/97d1fbxxxxxxxxxxxxxxxx";

    jwtOptions.Audience = "421xxxxxxxxxxxxxxxxxxxxx";

    jwtOptions.TokenValidationParameters.ValidAudiences = new[]

    {

        "api://421xxxxxxxxxxxxxxxxxxx", // v2-style audience

        "421xxxxxxxxxxxxxxxxxxxxx"        // bare GUID (v1-style MI token)

    };

    jwtOptions.TokenValidationParameters.ValidIssuers = new[]

    {

        // v1 issuer

        "https://sts.windows.net/97dxxxxxxxxxxxxxxxxxxx/",

        // v2 issuer

        "https://login.microsoftonline.com/97dxxxxxxxxxxxxxxxxxxxxxx/v2.0",

        // some libraries still emit this form

        "https://login.microsoftonline.com/97dxxxxxxxxxxxxxxxxxxxxxx/"

    };

},

identityOptions =>

{

    identityOptions.Instance = "https://login.microsoftonline.com/";

    identityOptions.TenantId = "97dxxxxxxxxxxxxxxxx";

    identityOptions.ClientId = "421xxxxxxxxxxxxxxxxxxxxxxxxxe";

});

builder.Services.AddAuthorization();

Mike Rains 20

More detail:

The endpoint that the Agent is calling is defined as follows, and I expect it would return the name of my Foundry, but the token, which gets past validating the issuer and audience (as seen in the API console logs), does not get past Authorization to make it inside the endpoint code, but returns a 401. I suspect it is an Idenity token, and not an Access Token.

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Swashbuckle.AspNetCore.Annotations;
using TasksApiForFoundry.Api.Models;
using TasksApiForFoundry.Api.Services;
namespace TasksApiForFoundry.Api.Controllers;
[ApiController]
[Route("api/tasks")]
[Produces("application/json")]
[Authorize]
public class TasksController : ControllerBase
{
    private readonly TaskService _taskService;
    public TasksController(TaskService taskService)
    {
        _taskService = taskService;
    }
    [HttpGet("GetUserInfo")]
    [SwaggerOperation(Summary = "Gets User Info from OAuth token", Description = "Gets User Info from OAuth token.", OperationId = "GetUserInfo")]
    [ProducesResponseType(typeof(object), StatusCodes.Status200OK)]
    public IActionResult GetUserInfo()
    {
        return Ok(new
        {
            IsAuthenticated = User.Identity?.IsAuthenticated ?? false,
            Name = User.Identity?.Name,
            Claims = User.Claims.Select(c => new { c.Type, c.Value })
        });
    }

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Mike Rains 20 Reputation points

2026-01-29T21:37:13.5433333+00:00

Well ... I disabled the Foundry Managed Identity, then reenabled it. It created a whole to Service Principal for the System-managed Identity. Then I created a FIC, assign the SP the AppOnlyRole, and assign it the READER RBAC role on my subscription. And now, the endpoint works. And I see the token has the roles claim as well.

So probably it was just that the Foundry was refreshing the original token and not picking up the App Role assignment.

Mike Rains 20

I am following: https://learn.microsoft.com/en-us/entra/agent-id/identity-platform/call-api-custom?view=graph-rest-beta&tabs=authheaderprovider#related-content

Previously I had the API configured with a ClientID of an App Reg that I created myself, 421c.....

But on re-reading the documentation (yet again) I realize the API should use a ClientID value of the Agent Blueprint Id. So I have updated appsettings.json clientId to be the Agent Blueprint Id "8ce......".

Now the Agent can call my "GetUserInfo" endpoint (controller cs code above) and it works.

But the agent is getting a 500 exception when it tries to gets the OBO token in this code:


    [HttpGet("GetOboToken")]
    [SwaggerOperation(Summary = "Gets an OBO token for the agent's end user", Description = "Gets an OBO token for the agent's end user", OperationId = "GetOboToken")]
    [ProducesResponseType(typeof(object), StatusCodes.Status200OK)]
    public async Task<IActionResult> GetOboToken()
    {
        string agentIdentity = "70fb82dxxxxxxxxx6";
        var options = new AuthorizationHeaderProviderOptions()
            .WithAgentIdentity(agentIdentity);
        // Acquire an access token for the agent identity
        var authHeader = await _headerProvider.CreateAuthorizationHeaderForUserAsync(
            scopes: new[] { "api://421cxxxxxxxxx/.default" }, options);
        return Ok(new
        {
            AccessToken = authHeader
        });

The runtime gets this exception:

info: Microsoft.Identity.Web.TokenAcquisition[0]

2026-01-29T23:15:09.4284597Z       No client credential could be used. Secret may have been defined elsewhere. Count 0
2026-01-29T23:15:09.5279555Z info: Microsoft.Identity.Web.TokenAcquisition[300]
2026-01-29T23:15:09.5290469Z       [MsIdWeb] An error occured during token acquisition: One client credential type required either: ClientSecret, Certificate, ClientAssertion or AppTokenProvider must be defined when creating a Confidential Client. Only specify one. See 
2026-01-29T23:15:09.5290731Z       MSAL.NetCore.4.79.2.0.MsalClientException:
2026-01-29T23:15:09.5290791Z       	ErrorCode: Client_Credentials_Required_In_Confidential_Client_Application
2026-01-29T23:15:09.5368423Z       Microsoft.Identity.Client.MsalClientException: One client credential type required either: ClientSecret, Certificate, ClientAssertion or AppTokenProvider must be defined when creating a Confidential Client. Only specify one. See

The appsettings.json looks like this, where 8cexxxxx is my Agent BlueprintId as seen in the Azure Foundry Project JSON view:

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "97d1xxxxxxxxxxxxxxxxxxxxxxxxxxxxx2",
    "ClientId": "8cexxxxxxxxx8"
  },

and the program.cs initializes MS Identity here:

builder.Services.AddAgentIdentities();
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();
builder.Services.AddAuthorization();

I have also tried this in appsettings.json but get the same result:

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "TenantId": "97dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "ClientId": "8cexxxxxxxxxxxxx",
    "ClientCredentials": [
      {
        "SourceType": "ClientAssertion"
      }
    ]
  }

1 answer

Your answer

Mike Rains 20 Reputation points

2026-01-29T20:44:41.0333333+00:00

More detail:

The endpoint that the Agent is calling is defined as follows, and I expect it would return the name of my Foundry, but the token, which gets past validating the issuer and audience (as seen in the API console logs), does not get past Authorization to make it inside the endpoint code, but returns a 401. I suspect it is an Idenity token, and not an Access Token.

using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using Swashbuckle.AspNetCore.Annotations; using TasksApiForFoundry.Api.Models; using TasksApiForFoundry.Api.Services; namespace TasksApiForFoundry.Api.Controllers; [ApiController] [Route("api/tasks")] [Produces("application/json")] [Authorize] public class TasksController : ControllerBase { private readonly TaskService _taskService; public TasksController(TaskService taskService) { _taskService = taskService; } [HttpGet("GetUserInfo")] [SwaggerOperation(Summary = "Gets User Info from OAuth token", Description = "Gets User Info from OAuth token.", OperationId = "GetUserInfo")] [ProducesResponseType(typeof(object), StatusCodes.Status200OK)] public IActionResult GetUserInfo() { return Ok(new { IsAuthenticated = User.Identity?.IsAuthenticated ?? false, Name = User.Identity?.Name, Claims = User.Claims.Select(c => new { c.Type, c.Value }) }); }
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Mike Rains 20 Reputation points

2026-01-29T21:37:13.5433333+00:00

Well ... I disabled the Foundry Managed Identity, then reenabled it. It created a whole to Service Principal for the System-managed Identity. Then I created a FIC, assign the SP the AppOnlyRole, and assign it the READER RBAC role on my subscription. And now, the endpoint works. And I see the token has the roles claim as well.

So probably it was just that the Foundry was refreshing the original token and not picking up the App Role assignment.

Answer 1

"Call custom APIs from an agent using .NET" - https://learn.microsoft.com/en-us/entra/agent-id/identity-platform/call-api-custom?view=graph-rest-beta&tabs=authheaderprovider

The documentation isn't very clear about it. I thought the point was that when an Agent invokes an Api, such as via the Open API Tool, that API would receive a token representing the Agent Blueprint Identity, and using Microsoft.Identity.Web.AgentIdentities extension methods like "With Identity", would be able to get an OBO token representing the identity that sent the chat message to the Agent (the human). At this point I'd like confirmation on when it is that an Agent calls a custom API.

Share via

Foundry Agent using Open API Tool configured for Managed Identity unable to get past 401 response

1 answer

Your answer