Route BotBuilder auth through HttpServer.handle_request#313
Merged
heyitsaamir merged 1 commit intomainfrom Mar 15, 2026
Merged
Conversation
Make HttpServer.handle_request public so plugins can route through SDK-level JWT validation. Change DI from HttpServerAdapter to HttpServer. BotBuilderPlugin now calls handle_request() after CloudAdapter auth. Remove pass-through methods from HttpServer. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the HTTP server and plugin integration so plugins (notably BotBuilder) can route inbound activity requests through HttpServer.handle_request() to ensure SDK-level JWT validation and the Teams activity pipeline are applied consistently.
Changes:
- Made
HttpServer.handle_requestpublic and wired it as the default/api/messageshandler. - Switched plugin DI from
HttpServerAdaptertoHttpServer(accessing adapters via.adapter). - Updated BotBuilderPlugin to run CloudAdapter auth first, then forward to
http_server.handle_request(); removedHttpServerpass-through lifecycle/route helpers and updated call sites/tests accordingly.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/mcpplugin/src/microsoft_teams/mcpplugin/server_plugin.py | Update DI to HttpServer and mount MCP FastAPI app via http_server.adapter. |
| packages/botbuilder/tests/test_botbuilder_plugin.py | Adjust tests for new DI shape and verify routing through HttpServer.handle_request. |
| packages/botbuilder/src/microsoft_teams/botbuilder/botbuilder_plugin.py | Register /api/messages via http_server.adapter and forward requests through http_server.handle_request() after CloudAdapter processing. |
| packages/apps/tests/test_http_server.py | Update tests to call server.handle_request() (public API) instead of private handler. |
| packages/apps/tests/test_app.py | Update app lifecycle and route/static serving tests to call server.adapter.* after removing HttpServer pass-through methods. |
| packages/apps/src/microsoft_teams/apps/http/http_server.py | Expose handle_request() publicly, use it as default /api/messages handler, and remove pass-through adapter methods. |
| packages/apps/src/microsoft_teams/apps/app.py | Provide HttpServer via DI and call adapter lifecycle/static/route APIs directly. |
| packages/a2aprotocol/src/microsoft_teams/a2a/server/plugin.py | Update DI to HttpServer and mount A2A FastAPI app via http_server.adapter. |
You can also share your feedback on Copilot code review. Take the survey.
lilyydu
approved these changes
Mar 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
HttpServer.handle_requestpublic so plugins can route through SDK-level JWT validationHttpServerAdaptertoHttpServer— plugins now injectHttpServerand access the adapter via.adapterhttp_server.handle_request()for SDK auth + Teams pipeline (previously bypassedTokenValidatorentirely)register_route,serve_static,start,stop) fromHttpServer— callers go throughserver.adapterdirectlyTest plan
uv run pyright— no new type errorspoe test— all apps, botbuilder, mcpplugin tests pass (153 tests)