From 3034d239a7b60858bd70b4e7feeacdbe9fead80d Mon Sep 17 00:00:00 2001 From: Pratap Ladhani Date: Mon, 16 Feb 2026 15:56:05 -0800 Subject: [PATCH] fix: bypass JWT middleware for health endpoint in Python agent-framework sample Container orchestrators (Azure Container Apps, Kubernetes, App Service) send unauthenticated health probes to /api/health. When agentic authentication is enabled, jwt_authorization_middleware rejects these probes with 401, causing the platform to consider the container unhealthy. Wrap the JWT middleware so requests to /api/health pass through without token validation while all other routes remain protected. Fixes #186 --- .../sample-agent/host_agent_server.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/python/agent-framework/sample-agent/host_agent_server.py b/python/agent-framework/sample-agent/host_agent_server.py index 00a80375..6524f1b3 100644 --- a/python/agent-framework/sample-agent/host_agent_server.py +++ b/python/agent-framework/sample-agent/host_agent_server.py @@ -291,7 +291,17 @@ async def health(_req: Request) -> Response: middlewares = [] if auth_configuration: - middlewares.append(jwt_authorization_middleware) + + @web_middleware + async def jwt_with_health_bypass(request, handler): + # Skip JWT validation for health endpoint so that container + # orchestrators (Azure Container Apps, Kubernetes, App Service) + # can reach /api/health without a bearer token. + if request.path == "/api/health": + return await handler(request) + return await jwt_authorization_middleware(request, handler) + + middlewares.append(jwt_with_health_bypass) @web_middleware async def anonymous_claims(request, handler):