Remove ManagedIdentityType

Author: heyitsaamir

packages/apps/src/microsoft/teams/apps/app.py

@@ -292,41 +292,30 @@ def _init_credentials(self) -> Optional[Credentials]:
         tenant_id = self.options.tenant_id or os.getenv("TENANT_ID")
         token = self.options.token
         managed_identity_client_id = self.options.managed_identity_client_id or os.getenv("MANAGED_IDENTITY_CLIENT_ID")
-        managed_identity_type = self.options.managed_identity_type or os.getenv("MANAGED_IDENTITY_TYPE")
 
         self.log.debug(f"Using CLIENT_ID: {client_id}")
         if not tenant_id:
             self.log.warning("TENANT_ID is not set, assuming multi-tenant app")
         else:
             self.log.debug(f"Using TENANT_ID: {tenant_id} (assuming single-tenant app)")
 
-        # - If client_id + client_secret : use ClientCredentials (standard client auth)
         if client_id and client_secret:
             self.log.debug("Using client secret for auth")
             return ClientCredentials(client_id=client_id, client_secret=client_secret, tenant_id=tenant_id)
 
-        # - If client_id + token callable : use TokenCredentials (where token is a custom token provider)
         if client_id and token:
             return TokenCredentials(client_id=client_id, tenant_id=tenant_id, token=token)
 
-        # - If client_id but no client_secret : use Managed Identity (direct or federated)
         if client_id:
-            # If managed_identity_type is explicitly provided, use Federated Identity Credentials
-            if managed_identity_type:
-                assert managed_identity_type in ("system", "user"), (
-                    f"managed_identity_type must be 'system' or 'user', got: {managed_identity_type}"
-                )
-                self.log.debug(
-                    f"Using Federated Identity Credentials with {managed_identity_type}-assigned managed identity"
-                )
+            if managed_identity_client_id == "system":
+                self.log.debug("Using Federated Identity Credentials with system-assigned managed identity")
                 return FederatedIdentityCredentials(
                     client_id=client_id,
-                    managed_identity_type=managed_identity_type,
-                    managed_identity_client_id=managed_identity_client_id,
+                    managed_identity_type="system",
+                    managed_identity_client_id=None,
                     tenant_id=tenant_id,
                 )
 
-            # If managed_identity_client_id is provided and different from client_id, use Federated Identity Credentials
             if managed_identity_client_id and managed_identity_client_id != client_id:
                 self.log.debug("Using Federated Identity Credentials with user-assigned managed identity")
                 return FederatedIdentityCredentials(
@@ -336,7 +325,6 @@ def _init_credentials(self) -> Optional[Credentials]:
                     tenant_id=tenant_id,
                 )
 
-            # Otherwise, use direct Managed Identity (no federation)
             self.log.debug("Using user-assigned managed identity (direct)")
             mi_client_id = managed_identity_client_id or client_id
             return ManagedIdentityCredentials(

packages/apps/src/microsoft/teams/apps/options.py

@@ -5,7 +5,7 @@
 
 from dataclasses import dataclass, field
 from logging import Logger
-from typing import Any, Awaitable, Callable, List, Literal, Optional, TypedDict, Union, cast
+from typing import Any, Awaitable, Callable, List, Optional, TypedDict, Union, cast
 
 from microsoft.teams.common import Storage
 from typing_extensions import Unpack
@@ -30,12 +30,9 @@ class AppOptions(TypedDict, total=False):
     managed_identity_client_id: Optional[str]
     """
     The managed identity client ID for user-assigned managed identity.
-    If different from client_id, triggers Federated Identity Credentials.
-    """
-    managed_identity_type: Optional[Literal["system", "user"]]
-    """
-    The type of managed identity for Federated Identity Credentials.
-    If provided, triggers Federated Identity Credentials flow.
+    Set to "system" for system-assigned managed identity (triggers Federated Identity Credentials).
+    If set to a different client ID than client_id, triggers Federated Identity Credentials with user-assigned MI.
+    If not set or equals client_id, uses direct managed identity (no federation).
     """
 
     # Infrastructure
@@ -68,13 +65,10 @@ class InternalAppOptions:
     """Custom token provider function. If provided with client_id (no client_secret), uses TokenCredentials."""
     managed_identity_client_id: Optional[str] = None
     """
-    The managed identity client ID for user-assigned managed identity. If different from client_id, triggers
-    Federated Identity Credentials.
-    """
-    managed_identity_type: Optional[Literal["system", "user"]] = None
-    """
-    The type of managed identity for Federated Identity Credentials. If provided, triggers
-    Federated Identity Credentials flow.
+    The managed identity client ID for user-assigned managed identity.
+    Set to "system" for system-assigned managed identity (triggers Federated Identity Credentials).
+    If set to a different client ID than client_id, triggers Federated Identity Credentials with user-assigned MI.
+    If not set or equals client_id, uses direct managed identity (no federation).
     """
     logger: Optional[Logger] = None
     storage: Optional[Storage[str, Any]] = None