@kodelyth/msteams 2026.5.39 → 2026.5.42

package/dist/index.js

@@ -0,0 +1,22 @@
+import { defineBundledChannelEntry } from "klaw/plugin-sdk/channel-entry-contract";
+//#region extensions/msteams/index.ts
+var msteams_default = defineBundledChannelEntry({
+	id: "msteams",
+	name: "Microsoft Teams",
+	description: "Microsoft Teams channel plugin (Bot Framework)",
+	importMetaUrl: import.meta.url,
+	plugin: {
+		specifier: "./channel-plugin-api.js",
+		exportName: "msteamsPlugin"
+	},
+	secrets: {
+		specifier: "./secret-contract-api.js",
+		exportName: "channelSecrets"
+	},
+	runtime: {
+		specifier: "./runtime-api.js",
+		exportName: "setMSTeamsRuntime"
+	}
+});
+//#endregion
+export { msteams_default as default };

package/dist/oauth-BUxlphX3.js

@@ -0,0 +1,114 @@
+import { a as MSTEAMS_OAUTH_CALLBACK_PORT, i as MSTEAMS_OAUTH_CALLBACK_PATH, o as MSTEAMS_OAUTH_REDIRECT_URI, r as MSTEAMS_DEFAULT_DELEGATED_SCOPES, s as buildMSTeamsAuthEndpoint, t as exchangeMSTeamsCodeForTokens } from "./oauth.token-ebId9946.js";
+import { generateHexPkceVerifierChallenge } from "klaw/plugin-sdk/provider-auth";
+import { generateOAuthState, parseOAuthCallbackInput, waitForLocalOAuthCallback } from "klaw/plugin-sdk/provider-auth-runtime";
+import { isWSL2Sync } from "klaw/plugin-sdk/runtime-env";
+//#region extensions/msteams/src/oauth.flow.ts
+function shouldUseManualOAuthFlow(isRemote) {
+	return isRemote || isWSL2Sync();
+}
+function generatePkce() {
+	return generateHexPkceVerifierChallenge();
+}
+function buildMSTeamsAuthUrl(params) {
+	const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
+	return `${buildMSTeamsAuthEndpoint(params.tenantId)}?${new URLSearchParams({
+		client_id: params.clientId,
+		response_type: "code",
+		redirect_uri: MSTEAMS_OAUTH_REDIRECT_URI,
+		scope: scopes.join(" "),
+		code_challenge: params.challenge,
+		code_challenge_method: "S256",
+		state: params.state,
+		prompt: "consent"
+	}).toString()}`;
+}
+function parseCallbackInput(input, _expectedState) {
+	return parseOAuthCallbackInput(input, {
+		missingState: "Missing 'state' parameter in URL. Paste the full redirect URL.",
+		invalidInput: "Paste the full redirect URL (including code and state parameters), not just the authorization code."
+	});
+}
+async function waitForLocalCallback(params) {
+	return await waitForLocalOAuthCallback({
+		expectedState: params.expectedState,
+		timeoutMs: params.timeoutMs,
+		port: MSTEAMS_OAUTH_CALLBACK_PORT,
+		callbackPath: MSTEAMS_OAUTH_CALLBACK_PATH,
+		redirectUri: MSTEAMS_OAUTH_REDIRECT_URI,
+		successTitle: "MSTeams Delegated OAuth complete",
+		progressMessage: `Waiting for OAuth callback on ${MSTEAMS_OAUTH_REDIRECT_URI}...`,
+		onProgress: params.onProgress
+	});
+}
+//#endregion
+//#region extensions/msteams/src/oauth.ts
+async function loginMSTeamsDelegated(ctx, params) {
+	const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
+	const needsManual = shouldUseManualOAuthFlow(ctx.isRemote);
+	await ctx.note(needsManual ? [
+		"You are running in a remote/VPS environment.",
+		"A URL will be shown for you to open in your LOCAL browser.",
+		"After signing in, copy the redirect URL and paste it back here."
+	].join("\n") : [
+		"Browser will open for Microsoft authentication.",
+		`Sign in to grant delegated permissions for MSTeams.`,
+		`The callback will be captured automatically on localhost:${MSTEAMS_OAUTH_CALLBACK_PORT}.`
+	].join("\n"), "MSTeams Delegated OAuth");
+	const { verifier, challenge } = generatePkce();
+	const state = generateOAuthState();
+	const authUrl = buildMSTeamsAuthUrl({
+		tenantId: params.tenantId,
+		clientId: params.clientId,
+		challenge,
+		state,
+		scopes
+	});
+	if (needsManual) return manualFlow(ctx, authUrl, state, verifier, params);
+	ctx.progress.update("Complete sign-in in browser...");
+	try {
+		await ctx.openUrl(authUrl);
+	} catch {
+		ctx.log(`\nOpen this URL in your browser:\n\n${authUrl}\n`);
+	}
+	try {
+		const { code } = await waitForLocalCallback({
+			expectedState: state,
+			timeoutMs: 300 * 1e3,
+			onProgress: (msg) => ctx.progress.update(msg)
+		});
+		ctx.progress.update("Exchanging authorization code for tokens...");
+		return await exchangeMSTeamsCodeForTokens({
+			tenantId: params.tenantId,
+			clientId: params.clientId,
+			clientSecret: params.clientSecret,
+			code,
+			verifier,
+			scopes
+		});
+	} catch (err) {
+		if (err instanceof Error && (err.message.includes("EADDRINUSE") || err.message.includes("port") || err.message.includes("listen"))) {
+			ctx.progress.update("Local callback server failed. Switching to manual mode...");
+			return manualFlow(ctx, authUrl, state, verifier, params, err);
+		}
+		throw err;
+	}
+}
+async function manualFlow(ctx, authUrl, state, verifier, params, cause) {
+	ctx.progress.update("OAuth URL ready");
+	ctx.log(`\nOpen this URL in your LOCAL browser:\n\n${authUrl}\n`);
+	ctx.progress.update("Waiting for you to paste the callback URL...");
+	const parsed = parseCallbackInput(await ctx.prompt("Paste the redirect URL here: "), state);
+	if ("error" in parsed) throw new Error(parsed.error, cause ? { cause } : void 0);
+	if (parsed.state !== state) throw new Error("OAuth state mismatch - please try again", cause ? { cause } : void 0);
+	ctx.progress.update("Exchanging authorization code for tokens...");
+	return exchangeMSTeamsCodeForTokens({
+		tenantId: params.tenantId,
+		clientId: params.clientId,
+		clientSecret: params.clientSecret,
+		code: parsed.code,
+		verifier,
+		scopes: params.scopes
+	});
+}
+//#endregion
+export { loginMSTeamsDelegated };

package/dist/oauth.token-ebId9946.js

@@ -0,0 +1,116 @@
+import { fetchWithSsrFGuard } from "klaw/plugin-sdk/ssrf-runtime";
+import { readProviderJsonResponse } from "klaw/plugin-sdk/provider-http";
+//#region extensions/msteams/src/oauth.shared.ts
+const MSTEAMS_OAUTH_REDIRECT_URI = "http://localhost:8086/oauth2callback";
+const MSTEAMS_OAUTH_CALLBACK_PORT = 8086;
+const MSTEAMS_OAUTH_CALLBACK_PATH = "/oauth2callback";
+const MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS = 1e4;
+const MSTEAMS_DEFAULT_DELEGATED_SCOPES = [
+	"ChatMessage.Send",
+	"ChannelMessage.Send",
+	"Chat.ReadWrite",
+	"offline_access"
+];
+function buildMSTeamsAuthEndpoint(tenantId) {
+	return `https://login.microsoftonline.com/${encodeURIComponent(tenantId)}/oauth2/v2.0/authorize`;
+}
+function buildMSTeamsTokenEndpoint(tenantId) {
+	return `https://login.microsoftonline.com/${encodeURIComponent(tenantId)}/oauth2/v2.0/token`;
+}
+//#endregion
+//#region extensions/msteams/src/oauth.token.ts
+/** Five-minute buffer subtracted from token expiry to avoid edge-case clock drift. */
+const EXPIRY_BUFFER_MS = 300 * 1e3;
+function createMSTeamsTokenBody(params) {
+	const body = new URLSearchParams({
+		client_id: params.clientId,
+		client_secret: params.clientSecret,
+		grant_type: params.grantType,
+		scope: [...params.scopes].join(" ")
+	});
+	for (const [key, value] of Object.entries(params.values ?? {})) body.set(key, value);
+	return body;
+}
+async function fetchMSTeamsTokens(params) {
+	const currentFetch = globalThis.fetch;
+	const { response, release } = await fetchWithSsrFGuard({
+		url: params.tokenUrl,
+		fetchImpl: async (input, guardedInit) => await currentFetch(input, guardedInit),
+		init: {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
+				Accept: "application/json"
+			},
+			body: params.body,
+			signal: AbortSignal.timeout(MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS)
+		},
+		auditContext: params.auditContext
+	});
+	try {
+		if (!response.ok) {
+			const errorText = await response.text();
+			throw new Error(`MSTeams ${params.failureLabel} failed (${response.status}): ${errorText}`);
+		}
+		return await readProviderJsonResponse(response, `MSTeams ${params.failureLabel} failed`);
+	} finally {
+		await release();
+	}
+}
+async function requestMSTeamsDelegatedTokens(params) {
+	const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
+	const body = createMSTeamsTokenBody({
+		clientId: params.clientId,
+		clientSecret: params.clientSecret,
+		grantType: params.grantType,
+		scopes,
+		values: params.values
+	});
+	const data = await fetchMSTeamsTokens({
+		tokenUrl: buildMSTeamsTokenEndpoint(params.tenantId),
+		body,
+		auditContext: params.auditContext,
+		failureLabel: params.failureLabel
+	});
+	return {
+		accessToken: data.access_token,
+		refreshToken: params.resolveRefreshToken(data),
+		expiresAt: Date.now() + data.expires_in * 1e3 - EXPIRY_BUFFER_MS,
+		scopes: data.scope ? data.scope.split(" ") : [...scopes]
+	};
+}
+async function exchangeMSTeamsCodeForTokens(params) {
+	return await requestMSTeamsDelegatedTokens({
+		tenantId: params.tenantId,
+		clientId: params.clientId,
+		clientSecret: params.clientSecret,
+		grantType: "authorization_code",
+		scopes: params.scopes,
+		values: {
+			code: params.code,
+			redirect_uri: MSTEAMS_OAUTH_REDIRECT_URI,
+			code_verifier: params.verifier
+		},
+		auditContext: "msteams-oauth-token-exchange",
+		failureLabel: "token exchange",
+		resolveRefreshToken: (data) => {
+			if (!data.refresh_token) throw new Error("No refresh token received from Azure AD. Please try again.");
+			return data.refresh_token;
+		}
+	});
+}
+async function refreshMSTeamsDelegatedTokens(params) {
+	return await requestMSTeamsDelegatedTokens({
+		tenantId: params.tenantId,
+		clientId: params.clientId,
+		clientSecret: params.clientSecret,
+		grantType: "refresh_token",
+		scopes: params.scopes,
+		values: { refresh_token: params.refreshToken },
+		auditContext: "msteams-oauth-token-refresh",
+		failureLabel: "token refresh",
+		resolveRefreshToken: (data) => data.refresh_token ?? params.refreshToken
+	});
+}
+//#endregion
+export { MSTEAMS_OAUTH_CALLBACK_PORT as a, MSTEAMS_OAUTH_CALLBACK_PATH as i, refreshMSTeamsDelegatedTokens as n, MSTEAMS_OAUTH_REDIRECT_URI as o, MSTEAMS_DEFAULT_DELEGATED_SCOPES as r, buildMSTeamsAuthEndpoint as s, exchangeMSTeamsCodeForTokens as t };