web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Connecting an Agent in...
Copilot Studio
Suggested Answer

Connecting an Agent inside an Agent

(0) ShareShare
ReportReport
Posted on by

I’ve been experimenting with agent-to-agent orchestration where:

  • Agent A acts as the orchestrator/router.
  • Agent B has access to an MCP server secured with OAuth 2.0 authentication.
  • Requests are correctly routed from Agent A to Agent B based on intent.

The interesting challenge is around authentication propagation.

While Agent B already has an authenticated connection to the MCP server, when the request is routed through Agent A, the connection manager still prompts for authentication again. The OAuth context does not appear to propagate across the agent boundary, resulting in repeated sign-in requests instead of reusing the existing authenticated session.

Expected behavior:

  • Agent B's authenticated MCP connection should be reusable when invoked through Agent A.
  • OAuth tokens or connection context should flow through the agent chain where appropriate.

Current behavior:

  • Routing works correctly.
  • Tool invocation works correctly.
  • Authentication context is lost, and the connection manager requests a new sign-in.

Has anyone else encountered similar issues with agent-to-agent orchestration and OAuth-protected MCP servers? Curious to understand whether this is a known limitation, a security boundary by design, or if there's a recommended pattern for propagating authentication context between connected agents.

Screenshot 2026-0...

Your file is currently under scan for potential threats. Please wait while we review it for any viruses or malicious content.

I have the same question (0)
  • Suggested answer
    Ashlesha-MSFT Profile Picture
    Microsoft Employee on at

    Based on what you described, this behavior is most likely an expected security boundary in agent-to-agent orchestration rather than a routing/tooling defect.
    In this model, authentication context is typically scoped to each agent/connection, so OAuth state from Agent B’s MCP connection is not automatically propagated when Agent B is invoked via Agent A.

    What this means in practice:

    1. Intent routing and tool invocation can work correctly while auth still re-prompts.
    2. Reuse of Agent B’s authenticated MCP session through Agent A is not guaranteed by default.
    3. Token forwarding between agents is generally restricted for security reasons.

    Recommended approach:

    1. Treat Agent B as the authentication boundary.
    2. Use a stable non-interactive identity for Agent B where possible (service principal/app identity).
    3. If user-delegated access is required, implement an explicit on-behalf-of pattern in a secured backend/API layer instead of passing OAuth tokens across agents.
    4. Pass user context metadata (for example user/tenant/correlation identifiers), not tokens, between agents.
  • Suggested answer
    11manish Profile Picture
    3,333 on at
    What you are seeing is a known and expected limitation of current agent-to-agent orchestration in Copilot Studio.
     
    OAuth authentication is intentionally not propagated across agent boundaries, because each agent is treated as a separate security context.
     
    Recommended direction:
    • Avoid relying on OAuth session reuse across agents
    • Prefer service principal / app identity for MCP
    • Or collapse orchestration layers where possible

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 277

#2
11manish Profile Picture

11manish 206

#3
sannavajjala87 Profile Picture

sannavajjala87 156 Super User 2026 Season 1

Last 30 days Overall leaderboard