Skip to content

AgentIdentities: WithAgentIdentity token acquisition returns app-only token without xms_sub_fct / xms_act_fct / xms_idrel facet claims (Entra Agent ID preview) #3938

Description

@princeanozie25-web

Environment

Component Version
Microsoft.Identity.Web.AgentIdentities 4.13.0
Microsoft.Identity.Web 4.13.0 (resolved transitively)
Target framework net8.0 (.NET SDK 10.0.300 installed)
Tenant Microsoft Entra ID tenant with the Agent ID preview
Token form observed ver: "1.0" (v1.0-form token for the resource)

Scenario

An autonomous agent (Entra Agent ID preview) acquires an app-only token for a resource server validating agent tokens. The Agent Identity is genuine: it is a service principal with agentIdentityBlueprintId populated (verified over Graph beta servicePrincipals/<agent-identity-oid>), linked to an agent blueprint holding a valid client credential, and it has a custom app role directly assigned on the resource application.

SDK call pattern (the documented autonomous flow)

builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration);
builder.Services.AddAgentIdentities();
builder.Services.AddInMemoryTokenCaches();

var provider = app.Services.GetRequiredService<IAuthorizationHeaderProvider>();
var options = new AuthorizationHeaderProviderOptions()
    .WithAgentIdentity("<agent-identity-client-id>");
var header = await provider.CreateAuthorizationHeaderForAppAsync(
    "api://<gateway-app-id>/.default", options);

AzureAd:ClientId is the blueprint client ID; the value passed to WithAgentIdentity is the Agent Identity's client ID. Token acquisition succeeds.

Expected

Per the token claims reference for agents and the autonomous agent authentication flow, an autonomous agent access token should carry idtyp: app and the agent attestation facets — xms_sub_fct and xms_act_fct containing 11 — with xms_par_app_azp as audit attribution when available.

Observed

The returned token is a plain app-only token: correct audience, tenant, and identity, but no agent marker claims at all.

Claim Observed
aud api://<gateway-app-id> — present
tid <tenant-id> — present
oid <agent-identity-oid> — present (the Agent Identity service principal; appid carried the same identity)
roles ["<app-role>"] — present (the directly-assigned app role)
scp absent (app-only, as expected)
idtyp absent
xms_sub_fct absent
xms_act_fct absent
xms_par_app_azp absent
xms_idrel absent

(No raw token or credential is reproduced here; this is the decoded claim presence/absence set.)

Impact

A resource server that follows the agent token claims reference and requires the attestation facets before treating a caller as an autonomous agent has no signed evidence to accept: the token is indistinguishable from a regular app-only client-credentials token that happens to hold the app role. Fail-closed validators therefore reject it.

Optional-claims configuration was reviewed as a possible resource-side fix: xms_sub_fct / xms_act_fct / xms_par_app_azp are not names in the optional claims reference, so there appears to be no resource-app opt-in that would surface them — the documentation presents them as emitted by the autonomous Agent ID flow itself.

Question

Is agent-facet issuance currently tenant-gated or rollout-gated in the preview, or is an additional parameter or configuration required (on the acquisition call or the resource application) for the documented autonomous flow to mint idtyp: app plus the facet claims?

Repro summary

  1. Create an Agent Identity; link it to an agent blueprint with a valid client credential.
  2. Directly assign a custom app role on the resource application to the Agent Identity.
  3. Acquire a token via AddAgentIdentities() + WithAgentIdentity("<agent-identity-client-id>") + CreateAuthorizationHeaderForAppAsync("api://<gateway-app-id>/.default").
  4. Decode the access token: the app role is present; idtyp and every xms_* agent claim are absent.

Happy to run diagnostics against a test build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions