We need MSAL token acquisition in agents-hosting to support regional ESTS-R endpoints for latency and availability zone isolation requirements.
Currently CloudAdapter constructs MsalTokenProvider internally via loadAuthConfigFromEnv() with no way to pass an azureRegion to the underlying ConfidentialClientApplication instances. As a result we have no way to opt into regional auth without modifying the SDK ourselves.
The change we need is small and additive - expose an optional azureRegion field in MsalTokenProvider's auth config and spread it into each ConfidentialClientApplication constructor call in msalTokenProvider.js. MSAL Node handles the regional routing internally when this property is set, so no other changes are required. The field would be a no-op when not set, making this fully backwards compatible.
We need MSAL token acquisition in agents-hosting to support regional ESTS-R endpoints for latency and availability zone isolation requirements.
Currently CloudAdapter constructs MsalTokenProvider internally via loadAuthConfigFromEnv() with no way to pass an azureRegion to the underlying ConfidentialClientApplication instances. As a result we have no way to opt into regional auth without modifying the SDK ourselves.
The change we need is small and additive - expose an optional azureRegion field in MsalTokenProvider's auth config and spread it into each ConfidentialClientApplication constructor call in msalTokenProvider.js. MSAL Node handles the regional routing internally when this property is set, so no other changes are required. The field would be a no-op when not set, making this fully backwards compatible.