npm - @kodelyth/msteams - Versions diffs - 2026.5.42 → 2026.6.2 - Mend

@kodelyth/msteams 2026.5.42 → 2026.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/klaw.plugin.json +726 -2
package/package.json +18 -6
package/api.ts +0 -3
package/channel-config-api.ts +0 -1
package/channel-plugin-api.ts +0 -2
package/config-api.ts +0 -4
package/contract-api.ts +0 -4
package/index.ts +0 -20
package/runtime-api.ts +0 -66
package/secret-contract-api.ts +0 -5
package/setup-entry.ts +0 -13
package/setup-plugin-api.ts +0 -3
package/src/ai-entity.ts +0 -7
package/src/approval-auth.ts +0 -44
package/src/attachments/bot-framework.test.ts +0 -506
package/src/attachments/bot-framework.ts +0 -348
package/src/attachments/download.ts +0 -328
package/src/attachments/graph.test.ts +0 -441
package/src/attachments/graph.ts +0 -489
package/src/attachments/html.ts +0 -122
package/src/attachments/payload.ts +0 -14
package/src/attachments/remote-media.test.ts +0 -187
package/src/attachments/remote-media.ts +0 -86
package/src/attachments/shared.test.ts +0 -547
package/src/attachments/shared.ts +0 -655
package/src/attachments/types.ts +0 -47
package/src/attachments.graph.test.ts +0 -414
package/src/attachments.helpers.test.ts +0 -245
package/src/attachments.test-helpers.ts +0 -17
package/src/attachments.test.ts +0 -754
package/src/attachments.ts +0 -18
package/src/block-streaming-config.test.ts +0 -61
package/src/channel-api.ts +0 -1
package/src/channel.actions.test.ts +0 -797
package/src/channel.directory.test.ts +0 -176
package/src/channel.message-adapter.test.ts +0 -227
package/src/channel.runtime.ts +0 -56
package/src/channel.setup.ts +0 -77
package/src/channel.test.ts +0 -136
package/src/channel.ts +0 -1176
package/src/config-schema.ts +0 -6
package/src/config-ui-hints.ts +0 -40
package/src/conversation-store-fs.test.ts +0 -81
package/src/conversation-store-fs.ts +0 -149
package/src/conversation-store-helpers.test.ts +0 -202
package/src/conversation-store-helpers.ts +0 -105
package/src/conversation-store-memory.ts +0 -51
package/src/conversation-store.shared.test.ts +0 -260
package/src/conversation-store.ts +0 -71
package/src/directory-live.test.ts +0 -156
package/src/directory-live.ts +0 -111
package/src/doctor.ts +0 -27
package/src/errors.test.ts +0 -154
package/src/errors.ts +0 -270
package/src/feedback-reflection-prompt.ts +0 -117
package/src/feedback-reflection-store.ts +0 -113
package/src/feedback-reflection.test.ts +0 -237
package/src/feedback-reflection.ts +0 -268
package/src/file-consent-helpers.test.ts +0 -328
package/src/file-consent-helpers.ts +0 -115
package/src/file-consent-invoke.ts +0 -150
package/src/file-consent.test.ts +0 -378
package/src/file-consent.ts +0 -223
package/src/graph-chat.ts +0 -36
package/src/graph-group-management.test.ts +0 -332
package/src/graph-group-management.ts +0 -168
package/src/graph-members.test.ts +0 -89
package/src/graph-members.ts +0 -48
package/src/graph-messages.actions.test.ts +0 -253
package/src/graph-messages.read.test.ts +0 -391
package/src/graph-messages.search.test.ts +0 -227
package/src/graph-messages.test-helpers.ts +0 -50
package/src/graph-messages.ts +0 -534
package/src/graph-teams.test.ts +0 -222
package/src/graph-teams.ts +0 -114
package/src/graph-thread.test.ts +0 -252
package/src/graph-thread.ts +0 -146
package/src/graph-upload.test.ts +0 -253
package/src/graph-upload.ts +0 -531
package/src/graph-users.ts +0 -29
package/src/graph.test.ts +0 -540
package/src/graph.ts +0 -308
package/src/inbound.test.ts +0 -221
package/src/inbound.ts +0 -148
package/src/index.ts +0 -4
package/src/media-helpers.test.ts +0 -220
package/src/media-helpers.ts +0 -105
package/src/mentions.test.ts +0 -254
package/src/mentions.ts +0 -114
package/src/messenger.test.ts +0 -961
package/src/messenger.ts +0 -608
package/src/monitor-handler/access.ts +0 -136
package/src/monitor-handler/inbound-media.test.ts +0 -314
package/src/monitor-handler/inbound-media.ts +0 -180
package/src/monitor-handler/message-handler-mock-support.test-support.ts +0 -28
package/src/monitor-handler/message-handler.authz.test.ts +0 -739
package/src/monitor-handler/message-handler.dm-media.test.ts +0 -54
package/src/monitor-handler/message-handler.test-support.ts +0 -99
package/src/monitor-handler/message-handler.thread-parent.test.ts +0 -225
package/src/monitor-handler/message-handler.thread-session.test.ts +0 -132
package/src/monitor-handler/message-handler.ts +0 -1003
package/src/monitor-handler/reaction-handler.test.ts +0 -325
package/src/monitor-handler/reaction-handler.ts +0 -122
package/src/monitor-handler/thread-session.ts +0 -30
package/src/monitor-handler.adaptive-card.test.ts +0 -158
package/src/monitor-handler.feedback-authz.test.ts +0 -357
package/src/monitor-handler.file-consent.test.ts +0 -443
package/src/monitor-handler.sso.test.ts +0 -576
package/src/monitor-handler.test-helpers.ts +0 -181
package/src/monitor-handler.ts +0 -538
package/src/monitor-handler.types.ts +0 -27
package/src/monitor-types.ts +0 -6
package/src/monitor.lifecycle.test.ts +0 -457
package/src/monitor.test.ts +0 -119
package/src/monitor.ts +0 -476
package/src/oauth.flow.ts +0 -77
package/src/oauth.shared.ts +0 -37
package/src/oauth.test.ts +0 -350
package/src/oauth.token.ts +0 -162
package/src/oauth.ts +0 -130
package/src/outbound.test.ts +0 -400
package/src/outbound.ts +0 -198
package/src/pending-uploads-fs.test.ts +0 -261
package/src/pending-uploads-fs.ts +0 -235
package/src/pending-uploads.test.ts +0 -186
package/src/pending-uploads.ts +0 -121
package/src/policy.test.ts +0 -156
package/src/policy.ts +0 -245
package/src/polls-store-memory.ts +0 -32
package/src/polls.test.ts +0 -169
package/src/polls.ts +0 -312
package/src/presentation.ts +0 -93
package/src/probe.test.ts +0 -79
package/src/probe.ts +0 -132
package/src/reply-dispatcher.test.ts +0 -543
package/src/reply-dispatcher.ts +0 -523
package/src/reply-stream-controller.test.ts +0 -424
package/src/reply-stream-controller.ts +0 -334
package/src/resolve-allowlist.test.ts +0 -253
package/src/resolve-allowlist.ts +0 -309
package/src/revoked-context.ts +0 -17
package/src/runtime.ts +0 -12
package/src/sdk-types.ts +0 -59
package/src/sdk.test.ts +0 -727
package/src/sdk.ts +0 -916
package/src/secret-contract.ts +0 -49
package/src/secret-input.ts +0 -7
package/src/send-context.test.ts +0 -93
package/src/send-context.ts +0 -269
package/src/send.test.ts +0 -588
package/src/send.ts +0 -697
package/src/sent-message-cache.test.ts +0 -106
package/src/sent-message-cache.ts +0 -174
package/src/session-route.ts +0 -40
package/src/setup-core.ts +0 -162
package/src/setup-surface.test.ts +0 -175
package/src/setup-surface.ts +0 -319
package/src/sso-token-store.test.ts +0 -74
package/src/sso-token-store.ts +0 -166
package/src/sso.ts +0 -300
package/src/storage.ts +0 -25
package/src/store-fs.ts +0 -42
package/src/streaming-message.test.ts +0 -323
package/src/streaming-message.ts +0 -327
package/src/test-runtime.ts +0 -16
package/src/thread-parent-context.test.ts +0 -224
package/src/thread-parent-context.ts +0 -159
package/src/token-response.ts +0 -11
package/src/token.test.ts +0 -268
package/src/token.ts +0 -194
package/src/user-agent.test.ts +0 -121
package/src/user-agent.ts +0 -53
package/src/webhook-timeouts.ts +0 -27
package/src/welcome-card.test.ts +0 -104
package/src/welcome-card.ts +0 -57
package/test-api.ts +0 -1
package/tsconfig.json +0 -16

package/src/oauth.test.ts DELETED Viewed

@@ -1,350 +0,0 @@
-import { createHash } from "node:crypto";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-vi.mock("klaw/plugin-sdk/ssrf-runtime", () => ({
-  fetchWithSsrFGuard: async (params: {
-    url: string;
-    init?: RequestInit;
-    fetchImpl?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
-  }) => {
-    const fetchImpl = params.fetchImpl ?? globalThis.fetch;
-    const response = await fetchImpl(params.url, params.init);
-    return {
-      response,
-      finalUrl: params.url,
-      release: async () => {},
-    };
-  },
-}));
-import {
-  generatePkce,
-  generateOAuthState,
-  buildMSTeamsAuthUrl,
-  parseCallbackInput,
-} from "./oauth.flow.js";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_OAUTH_REDIRECT_URI,
-  buildMSTeamsAuthEndpoint,
-  buildMSTeamsTokenEndpoint,
-} from "./oauth.shared.js";
-import { exchangeMSTeamsCodeForTokens, refreshMSTeamsDelegatedTokens } from "./oauth.token.js";
-function responseJson(body: unknown, status = 200): Response {
-  return new Response(JSON.stringify(body), {
-    status,
-    headers: { "Content-Type": "application/json" },
-  });
-}
-function firstFetchCall(fetchSpy: ReturnType<typeof vi.fn>): [string, RequestInit] {
-  const [call] = fetchSpy.mock.calls;
-  if (!call) {
-    throw new Error("expected fetch call");
-  }
-  return call as [string, RequestInit];
-}
-describe("generatePkce", () => {
-  it("produces a 64-char hex verifier and a base64url SHA-256 challenge", () => {
-    const { verifier, challenge } = generatePkce();
-    expect(verifier).toMatch(/^[0-9a-f]{64}$/);
-    const expected = createHash("sha256").update(verifier).digest("base64url");
-    expect(challenge).toBe(expected);
-  });
-});
-describe("generateOAuthState", () => {
-  it("produces a 64-char hex string separate from the PKCE verifier", () => {
-    const state = generateOAuthState();
-    expect(state).toMatch(/^[0-9a-f]{64}$/);
-    const { verifier } = generatePkce();
-    expect(state).not.toBe(verifier);
-  });
-});
-describe("buildMSTeamsAuthUrl", () => {
-  it("includes correct tenant, client_id, scopes, PKCE params, and redirect_uri", () => {
-    const { challenge } = generatePkce();
-    const state = generateOAuthState();
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "my-tenant-id",
-      clientId: "my-client-id",
-      challenge,
-      state,
-    });
-    const parsed = new URL(url);
-    expect(parsed.origin + parsed.pathname).toBe(buildMSTeamsAuthEndpoint("my-tenant-id"));
-    expect(parsed.searchParams.get("client_id")).toBe("my-client-id");
-    expect(parsed.searchParams.get("response_type")).toBe("code");
-    expect(parsed.searchParams.get("redirect_uri")).toBe(MSTEAMS_OAUTH_REDIRECT_URI);
-    expect(parsed.searchParams.get("scope")).toBe(MSTEAMS_DEFAULT_DELEGATED_SCOPES.join(" "));
-    expect(parsed.searchParams.get("code_challenge")).toBe(challenge);
-    expect(parsed.searchParams.get("code_challenge_method")).toBe("S256");
-    expect(parsed.searchParams.get("state")).toBe(state);
-    expect(parsed.searchParams.get("prompt")).toBe("consent");
-  });
-  it("does not expose the PKCE verifier in the URL", () => {
-    const { verifier, challenge } = generatePkce();
-    const state = generateOAuthState();
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "t",
-      clientId: "c",
-      challenge,
-      state,
-    });
-    expect(url).not.toContain(verifier);
-    expect(url).toContain(`state=${state}`);
-  });
-  it("uses custom scopes when provided", () => {
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "t",
-      clientId: "c",
-      challenge: "ch",
-      state: "s",
-      scopes: ["User.Read", "offline_access"],
-    });
-    const parsed = new URL(url);
-    expect(parsed.searchParams.get("scope")).toBe("User.Read offline_access");
-  });
-});
-describe("parseCallbackInput", () => {
-  const expectedState = "expected-state-value";
-  it("extracts code and state from a valid callback URL", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?code=abc123&state=${expectedState}`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({ code: "abc123", state: expectedState });
-  });
-  it("returns error when code is missing from URL", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?state=${expectedState}`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({ error: "Missing 'code' parameter in URL" });
-  });
-  it("rejects bare authorization codes to prevent CSRF bypass", () => {
-    const result = parseCallbackInput("bare-code-value", expectedState);
-    expect(result).toEqual({
-      error:
-        "Paste the full redirect URL (including code and state parameters), not just the authorization code.",
-    });
-  });
-  it("returns error on empty input", () => {
-    const result = parseCallbackInput("", expectedState);
-    expect(result).toEqual({ error: "No input provided" });
-  });
-  it("returns error when state is missing from a valid URL (CSRF protection)", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?code=abc123`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({
-      error: "Missing 'state' parameter in URL. Paste the full redirect URL.",
-    });
-  });
-  it("rejects bare codes even when expectedState is empty", () => {
-    const result = parseCallbackInput("bare-code", "");
-    expect(result).toEqual({
-      error:
-        "Paste the full redirect URL (including code and state parameters), not just the authorization code.",
-    });
-  });
-});
-describe("exchangeMSTeamsCodeForTokens", () => {
-  let fetchSpy: ReturnType<typeof vi.fn>;
-  beforeEach(() => {
-    fetchSpy = vi.fn();
-    vi.stubGlobal("fetch", fetchSpy);
-  });
-  afterEach(() => {
-    vi.unstubAllGlobals();
-  });
-  it("exchanges an authorization code for delegated tokens", async () => {
-    const now = Date.now();
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "at-123",
-        refresh_token: "rt-456",
-        expires_in: 3600,
-        scope: "ChatMessage.Send offline_access",
-      }),
-    );
-    const tokens = await exchangeMSTeamsCodeForTokens({
-      tenantId: "tenant-1",
-      clientId: "client-1",
-      clientSecret: "secret-1", // pragma: allowlist secret
-      code: "auth-code",
-      verifier: "pkce-verifier",
-    });
-    const afterExchange = Date.now();
-    expect(tokens.accessToken).toBe("at-123");
-    expect(tokens.refreshToken).toBe("rt-456");
-    expect(tokens.scopes).toEqual(["ChatMessage.Send", "offline_access"]);
-    // expiresAt should be roughly now + 3600s - 300s
-    expect(tokens.expiresAt).toBeGreaterThanOrEqual(now + 3300 * 1000 - 1000);
-    expect(tokens.expiresAt).toBeLessThanOrEqual(afterExchange + 3300 * 1000 + 2000);
-    // Verify the request was well-formed
-    expect(fetchSpy).toHaveBeenCalledOnce();
-    const [url, init] = firstFetchCall(fetchSpy);
-    expect(url).toBe(buildMSTeamsTokenEndpoint("tenant-1"));
-    const body = new URLSearchParams(init.body as string);
-    expect(body.get("client_id")).toBe("client-1");
-    expect(body.get("client_secret")).toBe("secret-1");
-    expect(body.get("grant_type")).toBe("authorization_code");
-    expect(body.get("code")).toBe("auth-code");
-    expect(body.get("code_verifier")).toBe("pkce-verifier");
-    expect(body.get("redirect_uri")).toBe(MSTEAMS_OAUTH_REDIRECT_URI);
-  });
-  it("throws on a 400 error response", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response(JSON.stringify({ error: "invalid_grant" }), {
-        status: 400,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      exchangeMSTeamsCodeForTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        code: "bad-code",
-        verifier: "v",
-      }),
-    ).rejects.toThrow(/MSTeams token exchange failed \(400\)/);
-  });
-  it("reports malformed token exchange JSON with a stable OAuth error", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response("{ nope", {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      exchangeMSTeamsCodeForTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        code: "bad-json",
-        verifier: "v",
-      }),
-    ).rejects.toThrow("MSTeams token exchange failed: malformed JSON response");
-  });
-});
-describe("refreshMSTeamsDelegatedTokens", () => {
-  let fetchSpy: ReturnType<typeof vi.fn>;
-  beforeEach(() => {
-    fetchSpy = vi.fn();
-    vi.stubGlobal("fetch", fetchSpy);
-  });
-  afterEach(() => {
-    vi.unstubAllGlobals();
-  });
-  it("refreshes tokens using refresh_token grant and keeps old refresh token when Azure omits it", async () => {
-    const now = Date.now();
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "new-at",
-        // Azure sometimes does not return a new refresh_token
-        expires_in: 3600,
-        scope: "ChatMessage.Send offline_access",
-      }),
-    );
-    const tokens = await refreshMSTeamsDelegatedTokens({
-      tenantId: "tenant-1",
-      clientId: "client-1",
-      clientSecret: "secret-1", // pragma: allowlist secret
-      refreshToken: "original-rt",
-    });
-    expect(tokens.accessToken).toBe("new-at");
-    // Old refresh token should be preserved
-    expect(tokens.refreshToken).toBe("original-rt");
-    expect(tokens.scopes).toEqual(["ChatMessage.Send", "offline_access"]);
-    expect(tokens.expiresAt).toBeGreaterThanOrEqual(now + 3300 * 1000 - 1000);
-    // Verify the request body includes refresh_token grant type
-    const [, init] = firstFetchCall(fetchSpy);
-    const body = new URLSearchParams(init.body as string);
-    expect(body.get("grant_type")).toBe("refresh_token");
-    expect(body.get("refresh_token")).toBe("original-rt");
-    expect(body.get("client_secret")).toBe("secret-1");
-  });
-  it("uses new refresh token when Azure returns one", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "new-at",
-        refresh_token: "new-rt",
-        expires_in: 3600,
-      }),
-    );
-    const tokens = await refreshMSTeamsDelegatedTokens({
-      tenantId: "t",
-      clientId: "c",
-      clientSecret: "s", // pragma: allowlist secret
-      refreshToken: "old-rt",
-    });
-    expect(tokens.refreshToken).toBe("new-rt");
-  });
-  it("throws on a 401 error response", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response(JSON.stringify({ error: "invalid_grant" }), {
-        status: 401,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      refreshMSTeamsDelegatedTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        refreshToken: "expired-rt",
-      }),
-    ).rejects.toThrow(/MSTeams token refresh failed \(401\)/);
-  });
-  it("reports malformed token refresh JSON with a stable OAuth error", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response("{ nope", {
-        status: 200,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      refreshMSTeamsDelegatedTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        refreshToken: "bad-json",
-      }),
-    ).rejects.toThrow("MSTeams token refresh failed: malformed JSON response");
-  });
-});

package/src/oauth.token.ts DELETED Viewed

@@ -1,162 +0,0 @@
-import { readProviderJsonResponse } from "klaw/plugin-sdk/provider-http";
-import { fetchWithSsrFGuard } from "klaw/plugin-sdk/ssrf-runtime";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS,
-  MSTEAMS_OAUTH_REDIRECT_URI,
-  buildMSTeamsTokenEndpoint,
-  type MSTeamsDelegatedTokens,
-} from "./oauth.shared.js";
-/** Five-minute buffer subtracted from token expiry to avoid edge-case clock drift. */
-const EXPIRY_BUFFER_MS = 5 * 60 * 1000;
-type MSTeamsTokenResponse = {
-  access_token: string;
-  refresh_token?: string;
-  expires_in: number;
-  scope?: string;
-};
-function createMSTeamsTokenBody(params: {
-  clientId: string;
-  clientSecret: string;
-  grantType: string;
-  scopes: readonly string[];
-  values?: Record<string, string>;
-}): URLSearchParams {
-  const body = new URLSearchParams({
-    client_id: params.clientId,
-    client_secret: params.clientSecret,
-    grant_type: params.grantType,
-    scope: [...params.scopes].join(" "),
-  });
-  for (const [key, value] of Object.entries(params.values ?? {})) {
-    body.set(key, value);
-  }
-  return body;
-}
-async function fetchMSTeamsTokens(params: {
-  tokenUrl: string;
-  body: URLSearchParams;
-  auditContext: string;
-  failureLabel: string;
-}): Promise<MSTeamsTokenResponse> {
-  const currentFetch = globalThis.fetch;
-  const { response, release } = await fetchWithSsrFGuard({
-    url: params.tokenUrl,
-    fetchImpl: async (input, guardedInit) => await currentFetch(input, guardedInit),
-    init: {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
-        Accept: "application/json",
-      },
-      body: params.body,
-      signal: AbortSignal.timeout(MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS),
-    },
-    auditContext: params.auditContext,
-  });
-  try {
-    if (!response.ok) {
-      const errorText = await response.text();
-      throw new Error(`MSTeams ${params.failureLabel} failed (${response.status}): ${errorText}`);
-    }
-    return await readProviderJsonResponse<MSTeamsTokenResponse>(
-      response,
-      `MSTeams ${params.failureLabel} failed`,
-    );
-  } finally {
-    await release();
-  }
-}
-async function requestMSTeamsDelegatedTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  scopes?: readonly string[];
-  grantType: string;
-  values: Record<string, string>;
-  auditContext: string;
-  failureLabel: string;
-  resolveRefreshToken: (data: MSTeamsTokenResponse) => string;
-}): Promise<MSTeamsDelegatedTokens> {
-  const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
-  const body = createMSTeamsTokenBody({
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: params.grantType,
-    scopes,
-    values: params.values,
-  });
-  const data = await fetchMSTeamsTokens({
-    tokenUrl: buildMSTeamsTokenEndpoint(params.tenantId),
-    body,
-    auditContext: params.auditContext,
-    failureLabel: params.failureLabel,
-  });
-  return {
-    accessToken: data.access_token,
-    refreshToken: params.resolveRefreshToken(data),
-    expiresAt: Date.now() + data.expires_in * 1000 - EXPIRY_BUFFER_MS,
-    scopes: data.scope ? data.scope.split(" ") : [...scopes],
-  };
-}
-export async function exchangeMSTeamsCodeForTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  code: string;
-  verifier: string;
-  scopes?: readonly string[];
-}): Promise<MSTeamsDelegatedTokens> {
-  return await requestMSTeamsDelegatedTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: "authorization_code",
-    scopes: params.scopes,
-    values: {
-      code: params.code,
-      redirect_uri: MSTEAMS_OAUTH_REDIRECT_URI,
-      code_verifier: params.verifier,
-    },
-    auditContext: "msteams-oauth-token-exchange",
-    failureLabel: "token exchange",
-    resolveRefreshToken: (data) => {
-      if (!data.refresh_token) {
-        throw new Error("No refresh token received from Azure AD. Please try again.");
-      }
-      return data.refresh_token;
-    },
-  });
-}
-export async function refreshMSTeamsDelegatedTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  refreshToken: string;
-  scopes?: readonly string[];
-}): Promise<MSTeamsDelegatedTokens> {
-  return await requestMSTeamsDelegatedTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: "refresh_token",
-    scopes: params.scopes,
-    values: {
-      refresh_token: params.refreshToken,
-    },
-    auditContext: "msteams-oauth-token-refresh",
-    failureLabel: "token refresh",
-    resolveRefreshToken: (data) => data.refresh_token ?? params.refreshToken,
-  });
-}

package/src/oauth.ts DELETED Viewed

@@ -1,130 +0,0 @@
-import {
-  buildMSTeamsAuthUrl,
-  generateOAuthState,
-  generatePkce,
-  parseCallbackInput,
-  shouldUseManualOAuthFlow,
-  waitForLocalCallback,
-} from "./oauth.flow.js";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_OAUTH_CALLBACK_PORT,
-  type MSTeamsDelegatedOAuthContext,
-  type MSTeamsDelegatedTokens,
-} from "./oauth.shared.js";
-import { exchangeMSTeamsCodeForTokens } from "./oauth.token.js";
-export type { MSTeamsDelegatedOAuthContext, MSTeamsDelegatedTokens };
-export async function loginMSTeamsDelegated(
-  ctx: MSTeamsDelegatedOAuthContext,
-  params: {
-    tenantId: string;
-    clientId: string;
-    clientSecret: string;
-    scopes?: readonly string[];
-  },
-): Promise<MSTeamsDelegatedTokens> {
-  const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
-  const needsManual = shouldUseManualOAuthFlow(ctx.isRemote);
-  await ctx.note(
-    needsManual
-      ? [
-          "You are running in a remote/VPS environment.",
-          "A URL will be shown for you to open in your LOCAL browser.",
-          "After signing in, copy the redirect URL and paste it back here.",
-        ].join("\n")
-      : [
-          "Browser will open for Microsoft authentication.",
-          `Sign in to grant delegated permissions for MSTeams.`,
-          `The callback will be captured automatically on localhost:${MSTEAMS_OAUTH_CALLBACK_PORT}.`,
-        ].join("\n"),
-    "MSTeams Delegated OAuth",
-  );
-  const { verifier, challenge } = generatePkce();
-  const state = generateOAuthState();
-  const authUrl = buildMSTeamsAuthUrl({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    challenge,
-    state,
-    scopes,
-  });
-  if (needsManual) {
-    return manualFlow(ctx, authUrl, state, verifier, params);
-  }
-  ctx.progress.update("Complete sign-in in browser...");
-  try {
-    await ctx.openUrl(authUrl);
-  } catch {
-    ctx.log(`\nOpen this URL in your browser:\n\n${authUrl}\n`);
-  }
-  try {
-    const { code } = await waitForLocalCallback({
-      expectedState: state,
-      timeoutMs: 5 * 60 * 1000,
-      onProgress: (msg) => ctx.progress.update(msg),
-    });
-    ctx.progress.update("Exchanging authorization code for tokens...");
-    return await exchangeMSTeamsCodeForTokens({
-      tenantId: params.tenantId,
-      clientId: params.clientId,
-      clientSecret: params.clientSecret,
-      code,
-      verifier,
-      scopes,
-    });
-  } catch (err) {
-    // EADDRINUSE or other listen errors: fall back to manual flow
-    if (
-      err instanceof Error &&
-      (err.message.includes("EADDRINUSE") ||
-        err.message.includes("port") ||
-        err.message.includes("listen"))
-    ) {
-      ctx.progress.update("Local callback server failed. Switching to manual mode...");
-      return manualFlow(ctx, authUrl, state, verifier, params, err);
-    }
-    throw err;
-  }
-}
-async function manualFlow(
-  ctx: MSTeamsDelegatedOAuthContext,
-  authUrl: string,
-  state: string,
-  verifier: string,
-  params: {
-    tenantId: string;
-    clientId: string;
-    clientSecret: string;
-    scopes?: readonly string[];
-  },
-  cause?: Error,
-): Promise<MSTeamsDelegatedTokens> {
-  ctx.progress.update("OAuth URL ready");
-  ctx.log(`\nOpen this URL in your LOCAL browser:\n\n${authUrl}\n`);
-  ctx.progress.update("Waiting for you to paste the callback URL...");
-  const callbackInput = await ctx.prompt("Paste the redirect URL here: ");
-  const parsed = parseCallbackInput(callbackInput, state);
-  if ("error" in parsed) {
-    throw new Error(parsed.error, cause ? { cause } : undefined);
-  }
-  if (parsed.state !== state) {
-    throw new Error("OAuth state mismatch - please try again", cause ? { cause } : undefined);
-  }
-  ctx.progress.update("Exchanging authorization code for tokens...");
-  return exchangeMSTeamsCodeForTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    code: parsed.code,
-    verifier,
-    scopes: params.scopes,
-  });
-}