Added MSALAuthProvider.

[oumizx]

Why are these changes needed?

Summary

This PR adds Microsoft Azure Active Directory authentication support to AutoGen
Studio using the Microsoft Authentication Library (MSAL). Users can now authenticate
with their Microsoft/Azure accounts to access AutoGen Studio securely.

Changes Made

🔐 Backend Authentication Implementation

• Added MSALAuthProvider in autogenstudio/web/auth/providers.py

  • OAuth 2.0 flow with Microsoft identity platform
  • JWT token generation and validation
  • User profile extraction from Microsoft Graph API
  • Secure callback handling with state validation

• Extended authentication models in autogenstudio/web/auth/models.py

  • Added MSALAuthConfig model for Azure app registration settings
  • Enhanced AuthConfig with MSAL validation
  • Added configurable exclude_paths for authentication bypass

• Enhanced auth manager in autogenstudio/web/auth/manager.py

  • Integrated MSAL provider initialization
  • Added MSAL configuration loading and validation

🎨 Frontend Integration

• Updated login page in frontend/src/pages/login.tsx

  • Dynamic auth provider detection
  • Microsoft-branded login button with popup flow
  • Error handling and loading states

• Enhanced auth context in frontend/src/auth/context.tsx

  • MSAL authentication flow support
  • Popup window communication for OAuth callbacks
  • Token management and user state handling

• Added auth utilities in frontend/src/auth/utils.tsx (new file)

  • Provider-specific UI configuration (icons, colors, text)
  • Support for GitHub, MSAL, and future providers
  • Centralized auth provider information management

To enable GitHub authentication, create a auth.yaml file in your app directory:

type: msal
jwt_secret: "your-secret-key"
token_expiry_minutes: 60
msal:
  tenant_id: "<Directory (tenant) ID>"
  client_id: "<Application (client) ID>"
  client_secret: "<Client secret Value>"
  callback_url: "http://localhost:8081/api/auth/callback"
  scopes: ["User.Read"]

To pass in this configuration you can use the --auth-config argument when running the application:

autogenstudio ui --auth-config /path/to/auth.yaml

Or set the environment variable:

export AUTOGENSTUDIO_AUTH_CONFIG="/path/to/auth.yaml"

chrome_KxwQFQXmH0.mp4

Related issue number

Checks

• I've included any doc changes needed for https://microsoft.github.io/autogen/. See https://github.com/microsoft/autogen/blob/main/CONTRIBUTING.md to build and test documentation locally.
• I've added tests (if relevant) corresponding to the changes introduced in this PR.
• I've made sure all auto checks have passed.

[oumizx]

@victordibia @gagb Could you help take a look? Thank you.

[Copilot]

Pull Request Overview

This PR adds Microsoft Azure Active Directory authentication support to AutoGen Studio using the Microsoft Authentication Library (MSAL), enabling users to authenticate with their Microsoft/Azure accounts alongside the existing GitHub authentication.

• Integrates MSAL authentication provider with OAuth 2.0 flow for Microsoft identity platform
• Updates frontend login UI to dynamically support multiple authentication providers
• Adds provider-specific configuration handling for MSAL credentials and settings

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
pyproject.toml	Adds msal dependency for Microsoft authentication support
frontend/src/pages/login.tsx	Updates login page to dynamically display provider-specific UI elements
frontend/src/auth/utils.tsx	New utility file providing provider-specific UI configuration and helper functions
frontend/src/auth/context.tsx	Updates auth context to use provider-specific messaging
autogenstudio/web/auth/providers.py	Implements MSALAuthProvider with complete OAuth flow and user profile extraction
autogenstudio/web/auth/manager.py	Adds MSAL configuration loading from environment variables

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Storing the access token in user metadata could pose a security risk if this data is logged, cached, or exposed through APIs. Consider whether the access token needs to be stored or if it should be handled more securely.

Suggested change

	"access_token": access_token,
	"id_token": result.get("id_token"),

[oumizx]

It follows the same pattern as GithubAuthProvider. GithubAuthProvider also stores token in metadata.

autogen/python/packages/autogen-studio/autogenstudio/web/auth/providers.py

Line 143 in 7eecd95

"access_token": access_token,

To fix it, I think we need a separate PR.

[Copilot]

Using GitHub icon as fallback for unknown auth providers is misleading. Consider using a generic authentication icon or a question mark icon instead.

[oumizx]

Changed from GithubOutlined to LoginOutlined which provides a generic authentication icon that's more appropriate for unknown providers.

[oumizx]

@victordibia Addressed the comments.