Environment
| Component |
Version |
Microsoft.Identity.Web.AgentIdentities |
4.13.0 |
Microsoft.Identity.Web |
4.13.0 (resolved transitively) |
| Target framework |
net8.0 (.NET SDK 10.0.300 installed) |
| Tenant |
Microsoft Entra ID tenant with the Agent ID preview |
| Token form observed |
ver: "1.0" (v1.0-form token for the resource) |
Scenario
An autonomous agent (Entra Agent ID preview) acquires an app-only token for a resource server validating agent tokens. The Agent Identity is genuine: it is a service principal with agentIdentityBlueprintId populated (verified over Graph beta servicePrincipals/<agent-identity-oid>), linked to an agent blueprint holding a valid client credential, and it has a custom app role directly assigned on the resource application.
SDK call pattern (the documented autonomous flow)
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration);
builder.Services.AddAgentIdentities();
builder.Services.AddInMemoryTokenCaches();
var provider = app.Services.GetRequiredService<IAuthorizationHeaderProvider>();
var options = new AuthorizationHeaderProviderOptions()
.WithAgentIdentity("<agent-identity-client-id>");
var header = await provider.CreateAuthorizationHeaderForAppAsync(
"api://<gateway-app-id>/.default", options);
AzureAd:ClientId is the blueprint client ID; the value passed to WithAgentIdentity is the Agent Identity's client ID. Token acquisition succeeds.
Expected
Per the token claims reference for agents and the autonomous agent authentication flow, an autonomous agent access token should carry idtyp: app and the agent attestation facets — xms_sub_fct and xms_act_fct containing 11 — with xms_par_app_azp as audit attribution when available.
Observed
The returned token is a plain app-only token: correct audience, tenant, and identity, but no agent marker claims at all.
| Claim |
Observed |
aud |
api://<gateway-app-id> — present |
tid |
<tenant-id> — present |
oid |
<agent-identity-oid> — present (the Agent Identity service principal; appid carried the same identity) |
roles |
["<app-role>"] — present (the directly-assigned app role) |
scp |
absent (app-only, as expected) |
idtyp |
absent |
xms_sub_fct |
absent |
xms_act_fct |
absent |
xms_par_app_azp |
absent |
xms_idrel |
absent |
(No raw token or credential is reproduced here; this is the decoded claim presence/absence set.)
Impact
A resource server that follows the agent token claims reference and requires the attestation facets before treating a caller as an autonomous agent has no signed evidence to accept: the token is indistinguishable from a regular app-only client-credentials token that happens to hold the app role. Fail-closed validators therefore reject it.
Optional-claims configuration was reviewed as a possible resource-side fix: xms_sub_fct / xms_act_fct / xms_par_app_azp are not names in the optional claims reference, so there appears to be no resource-app opt-in that would surface them — the documentation presents them as emitted by the autonomous Agent ID flow itself.
Question
Is agent-facet issuance currently tenant-gated or rollout-gated in the preview, or is an additional parameter or configuration required (on the acquisition call or the resource application) for the documented autonomous flow to mint idtyp: app plus the facet claims?
Repro summary
- Create an Agent Identity; link it to an agent blueprint with a valid client credential.
- Directly assign a custom app role on the resource application to the Agent Identity.
- Acquire a token via
AddAgentIdentities() + WithAgentIdentity("<agent-identity-client-id>") + CreateAuthorizationHeaderForAppAsync("api://<gateway-app-id>/.default").
- Decode the access token: the app role is present;
idtyp and every xms_* agent claim are absent.
Happy to run diagnostics against a test build.
Environment
Microsoft.Identity.Web.AgentIdentitiesMicrosoft.Identity.Webver: "1.0"(v1.0-form token for the resource)Scenario
An autonomous agent (Entra Agent ID preview) acquires an app-only token for a resource server validating agent tokens. The Agent Identity is genuine: it is a service principal with
agentIdentityBlueprintIdpopulated (verified over Graph betaservicePrincipals/<agent-identity-oid>), linked to an agent blueprint holding a valid client credential, and it has a custom app role directly assigned on the resource application.SDK call pattern (the documented autonomous flow)
AzureAd:ClientIdis the blueprint client ID; the value passed toWithAgentIdentityis the Agent Identity's client ID. Token acquisition succeeds.Expected
Per the token claims reference for agents and the autonomous agent authentication flow, an autonomous agent access token should carry
idtyp: appand the agent attestation facets —xms_sub_fctandxms_act_fctcontaining11— withxms_par_app_azpas audit attribution when available.Observed
The returned token is a plain app-only token: correct audience, tenant, and identity, but no agent marker claims at all.
audapi://<gateway-app-id>— presenttid<tenant-id>— presentoid<agent-identity-oid>— present (the Agent Identity service principal;appidcarried the same identity)roles["<app-role>"]— present (the directly-assigned app role)scpidtypxms_sub_fctxms_act_fctxms_par_app_azpxms_idrel(No raw token or credential is reproduced here; this is the decoded claim presence/absence set.)
Impact
A resource server that follows the agent token claims reference and requires the attestation facets before treating a caller as an autonomous agent has no signed evidence to accept: the token is indistinguishable from a regular app-only client-credentials token that happens to hold the app role. Fail-closed validators therefore reject it.
Optional-claims configuration was reviewed as a possible resource-side fix:
xms_sub_fct/xms_act_fct/xms_par_app_azpare not names in the optional claims reference, so there appears to be no resource-app opt-in that would surface them — the documentation presents them as emitted by the autonomous Agent ID flow itself.Question
Is agent-facet issuance currently tenant-gated or rollout-gated in the preview, or is an additional parameter or configuration required (on the acquisition call or the resource application) for the documented autonomous flow to mint
idtyp: appplus the facet claims?Repro summary
AddAgentIdentities()+WithAgentIdentity("<agent-identity-client-id>")+CreateAuthorizationHeaderForAppAsync("api://<gateway-app-id>/.default").idtypand everyxms_*agent claim are absent.Happy to run diagnostics against a test build.