User Token Passthrough for Secure Tool Calls

[VerdantForge]

Technical Feedback

I’m really enjoying the agent creation experience in Azure AI Foundry — the formalism is simple and intuitive.
That said, the current authentication model for OpenAPI-based tools feels too loose. At the moment, it’s up to the agent to behave responsibly: not leaking data to users who shouldn’t see it, and not performing actions they shouldn’t be able to trigger.

This puts a lot of trust on the agent logic rather than enforcing security at the infrastructure level.
To strengthen this, it would be extremely useful to pass through the user’s bearer token into tool calls at the thread level, so that:

• All actions are executed under the user’s own identity.
• Tools never have more privileges than the user already has.
• Access control is enforced by the underlying services rather than by the agent’s “good behavior.”

Desired Outcome

Enable bearer token passthrough within a thread.
Ideally, tokens would have an expiration mechanism (or be refreshed appropriately), ensuring that tool authentication remains scoped to the thread and tied to the user’s real permissions.

Current Workaround

Right now, I’m using local function calling from the client side (where the user is already authenticated) instead of routing calls directly through Azure AI Foundry’s orchestration. This works, but it bypasses Foundry’s intended workflow and limits the benefits of the platform.