@chat-adapter/teams 4.16.0 → 4.17.0

package/dist/index.d.ts

@@ -76,17 +76,37 @@ declare class TeamsFormatConverter extends BaseFormatConverter {
     private tableToGfm;
 }
 
+/** Certificate-based authentication config */
+interface TeamsAuthCertificate {
+    /** PEM-encoded certificate private key */
+    certificatePrivateKey: string;
+    /** Hex-encoded certificate thumbprint (optional when x5c is provided) */
+    certificateThumbprint?: string;
+    /** Public certificate for subject-name validation (optional) */
+    x5c?: string;
+}
+/** Federated (workload identity) authentication config */
+interface TeamsAuthFederated {
+    /** Audience for the federated credential (defaults to api://AzureADTokenExchange) */
+    clientAudience?: string;
+    /** Client ID for the managed identity assigned to the bot */
+    clientId: string;
+}
 interface TeamsAdapterConfig {
-    /** Microsoft App ID */
-    appId: string;
-    /** Microsoft App Password */
-    appPassword: string;
-    /** Microsoft App Tenant ID */
+    /** Microsoft App ID. Defaults to TEAMS_APP_ID env var. */
+    appId?: string;
+    /** Microsoft App Password. Defaults to TEAMS_APP_PASSWORD env var. */
+    appPassword?: string;
+    /** Microsoft App Tenant ID. Defaults to TEAMS_APP_TENANT_ID env var. */
     appTenantId?: string;
     /** Microsoft App Type */
     appType?: "MultiTenant" | "SingleTenant";
-    /** Logger instance for error reporting */
-    logger: Logger;
+    /** Certificate-based authentication */
+    certificate?: TeamsAuthCertificate;
+    /** Federated (workload identity) authentication */
+    federated?: TeamsAuthFederated;
+    /** Logger instance for error reporting. Defaults to ConsoleLogger. */
+    logger?: Logger;
     /** Override bot username (optional) */
     userName?: string;
 }
@@ -106,7 +126,7 @@ declare class TeamsAdapter implements Adapter<TeamsThreadId, unknown> {
     private readonly logger;
     private readonly formatConverter;
     private readonly config;
-    constructor(config: TeamsAdapterConfig);
+    constructor(config?: TeamsAdapterConfig);
     initialize(chat: ChatInstance): Promise<void>;
     handleWebhook(request: Request, options?: WebhookOptions): Promise<Response>;
     private handleTurn;
@@ -225,6 +245,6 @@ declare class TeamsAdapter implements Adapter<TeamsThreadId, unknown> {
      */
     private handleTeamsError;
 }
-declare function createTeamsAdapter(config?: Partial<TeamsAdapterConfig>): TeamsAdapter;
+declare function createTeamsAdapter(config?: TeamsAdapterConfig): TeamsAdapter;
 
-export { TeamsAdapter, type TeamsAdapterConfig, TeamsFormatConverter, type TeamsThreadId, cardToAdaptiveCard, cardToFallbackText, createTeamsAdapter };
+export { TeamsAdapter, type TeamsAdapterConfig, type TeamsAuthCertificate, type TeamsAuthFederated, TeamsFormatConverter, type TeamsThreadId, cardToAdaptiveCard, cardToFallbackText, createTeamsAdapter };

package/dist/index.js

@@ -671,7 +671,11 @@ var require_azureTokenCredentials = __commonJS({
 });
 
 // src/index.ts
-import { ClientSecretCredential } from "@azure/identity";
+import {
+  ClientCertificateCredential,
+  ClientSecretCredential,
+  DefaultAzureCredential
+} from "@azure/identity";
 
 // ../../node_modules/.pnpm/@microsoft+microsoft-graph-client@3.0.7_@azure+identity@4.13.0/node_modules/@microsoft/microsoft-graph-client/lib/es/src/content/BatchRequestContent.js
 init_tslib_es6();
@@ -3563,6 +3567,10 @@ import {
   ConfigurationBotFrameworkAuthentication,
   TeamsInfo
 } from "botbuilder";
+import {
+  CertificateServiceClientCredentialsFactory,
+  FederatedServiceClientCredentialsFactory
+} from "botframework-connector";
 import {
   AdapterRateLimitError,
   AuthenticationError,
@@ -3820,7 +3828,6 @@ import {
   isEmphasisNode,
   isInlineCodeNode,
   isLinkNode,
-  isListItemNode,
   isListNode,
   isParagraphNode,
   isStrongNode,
@@ -3922,14 +3929,7 @@ ${node.value}
       return getNodeChildren(node).map((child) => `> ${this.nodeToTeams(child)}`).join("\n");
     }
     if (isListNode(node)) {
-      return getNodeChildren(node).map((item, i) => {
-        const prefix = node.ordered ? `${i + 1}.` : "-";
-        const content = getNodeChildren(item).map((child) => this.nodeToTeams(child)).join("");
-        return `${prefix} ${content}`;
-      }).join("\n");
-    }
-    if (isListItemNode(node)) {
-      return getNodeChildren(node).map((child) => this.nodeToTeams(child)).join("");
+      return this.renderList(node, 0, (child) => this.nodeToTeams(child));
     }
     if (node.type === "break") {
       return "\n";
@@ -3989,31 +3989,110 @@ var TeamsAdapter = class {
   logger;
   formatConverter = new TeamsFormatConverter();
   config;
-  constructor(config) {
-    this.config = config;
-    this.logger = config.logger;
+  constructor(config = {}) {
+    const appId = config.appId ?? process.env.TEAMS_APP_ID;
+    if (!appId) {
+      throw new ValidationError(
+        "teams",
+        "appId is required. Set TEAMS_APP_ID or provide it in config."
+      );
+    }
+    const hasExplicitAuth = config.appPassword || config.certificate || config.federated;
+    const appPassword = hasExplicitAuth ? config.appPassword : config.appPassword ?? process.env.TEAMS_APP_PASSWORD;
+    const appTenantId = config.appTenantId ?? process.env.TEAMS_APP_TENANT_ID;
+    this.config = {
+      ...config,
+      appId,
+      appPassword,
+      appTenantId
+    };
+    this.logger = config.logger ?? new ConsoleLogger("info").child("teams");
     this.userName = config.userName || "bot";
-    if (config.appType === "SingleTenant" && !config.appTenantId) {
+    const authMethodCount = [
+      appPassword,
+      config.certificate,
+      config.federated
+    ].filter(Boolean).length;
+    if (authMethodCount === 0) {
+      throw new ValidationError(
+        "teams",
+        "One of appPassword, certificate, or federated must be provided"
+      );
+    }
+    if (authMethodCount > 1) {
+      throw new ValidationError(
+        "teams",
+        "Only one of appPassword, certificate, or federated can be provided"
+      );
+    }
+    if (config.appType === "SingleTenant" && !appTenantId) {
       throw new ValidationError(
         "teams",
         "appTenantId is required for SingleTenant app type"
       );
     }
-    const auth = new ConfigurationBotFrameworkAuthentication({
-      MicrosoftAppId: config.appId,
-      MicrosoftAppPassword: config.appPassword,
+    const botFrameworkConfig = {
+      MicrosoftAppId: appId,
       MicrosoftAppType: config.appType || "MultiTenant",
-      MicrosoftAppTenantId: config.appType === "SingleTenant" ? config.appTenantId : void 0
-    });
-    this.botAdapter = new ServerlessCloudAdapter(auth);
-    if (config.appTenantId) {
-      const credential = new ClientSecretCredential(
-        config.appTenantId,
-        config.appId,
-        config.appPassword
+      MicrosoftAppTenantId: config.appType === "SingleTenant" ? appTenantId : void 0
+    };
+    let credentialsFactory;
+    let graphCredential;
+    if (config.certificate) {
+      const { certificatePrivateKey, certificateThumbprint, x5c } = config.certificate;
+      if (x5c) {
+        credentialsFactory = new CertificateServiceClientCredentialsFactory(
+          appId,
+          x5c,
+          certificatePrivateKey,
+          appTenantId
+        );
+      } else if (certificateThumbprint) {
+        credentialsFactory = new CertificateServiceClientCredentialsFactory(
+          appId,
+          certificateThumbprint,
+          certificatePrivateKey,
+          appTenantId
+        );
+      } else {
+        throw new ValidationError(
+          "teams",
+          "Certificate auth requires either certificateThumbprint or x5c"
+        );
+      }
+      if (appTenantId) {
+        graphCredential = new ClientCertificateCredential(appTenantId, appId, {
+          certificate: certificatePrivateKey
+        });
+      }
+    } else if (config.federated) {
+      credentialsFactory = new FederatedServiceClientCredentialsFactory(
+        appId,
+        config.federated.clientId,
+        appTenantId,
+        config.federated.clientAudience
       );
+      if (appTenantId) {
+        graphCredential = new DefaultAzureCredential();
+      }
+    } else if (appPassword && appTenantId) {
+      graphCredential = new ClientSecretCredential(
+        appTenantId,
+        appId,
+        appPassword
+      );
+    }
+    const auth = new ConfigurationBotFrameworkAuthentication(
+      {
+        ...botFrameworkConfig,
+        ...appPassword ? { MicrosoftAppPassword: appPassword } : {}
+      },
+      credentialsFactory
+    );
+    this.botAdapter = new ServerlessCloudAdapter(auth);
+    if (graphCredential) {
       const authProvider = new import_azureTokenCredentials.TokenCredentialAuthenticationProvider(
-        credential,
+        graphCredential,
         {
           scopes: ["https://graph.microsoft.com/.default"]
         }
@@ -5597,29 +5676,7 @@ var TeamsAdapter = class {
   }
 };
 function createTeamsAdapter(config) {
-  const appId = config?.appId ?? process.env.TEAMS_APP_ID;
-  if (!appId) {
-    throw new ValidationError(
-      "teams",
-      "appId is required. Set TEAMS_APP_ID or provide it in config."
-    );
-  }
-  const appPassword = config?.appPassword ?? process.env.TEAMS_APP_PASSWORD;
-  if (!appPassword) {
-    throw new ValidationError(
-      "teams",
-      "appPassword is required. Set TEAMS_APP_PASSWORD or provide it in config."
-    );
-  }
-  const resolved = {
-    appId,
-    appPassword,
-    appTenantId: config?.appTenantId ?? process.env.TEAMS_APP_TENANT_ID,
-    appType: config?.appType,
-    logger: config?.logger ?? new ConsoleLogger("info").child("teams"),
-    userName: config?.userName
-  };
-  return new TeamsAdapter(resolved);
+  return new TeamsAdapter(config ?? {});
 }
 export {
   TeamsAdapter,