@microsoft/agents-hosting 1.1.0-alpha.2 → 1.1.0-alpha.58

package/dist/src/auth/connections.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connections.js","sourceRoot":"","sources":["../../../src/auth/connections.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/dist/src/auth/index.d.ts

@@ -1,5 +1,7 @@
 export * from './authConfiguration';
+export * from './authConstants';
 export * from './authProvider';
 export * from './msalTokenProvider';
 export * from './request';
 export * from './msalTokenCredential';
+export * from './msalConnectionManager';

package/dist/src/auth/index.js

@@ -15,8 +15,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authConfiguration"), exports);
+__exportStar(require("./authConstants"), exports);
 __exportStar(require("./authProvider"), exports);
 __exportStar(require("./msalTokenProvider"), exports);
 __exportStar(require("./request"), exports);
 __exportStar(require("./msalTokenCredential"), exports);
+__exportStar(require("./msalConnectionManager"), exports);
 //# sourceMappingURL=index.js.map

package/dist/src/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,iDAA8B;AAC9B,sDAAmC;AACnC,4CAAyB;AACzB,wDAAqC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,kDAA+B;AAC/B,iDAA8B;AAC9B,sDAAmC;AACnC,4CAAyB;AACzB,wDAAqC;AACrC,0DAAuC"}

package/dist/src/auth/jwt-middleware.js

@@ -19,16 +19,30 @@ const logger = (0, logger_1.debug)('agents:jwt-middleware');
  * @returns A promise that resolves to the JWT payload.
  */
 const verifyToken = async (raw, config) => {
+    const payload = jsonwebtoken_1.default.decode(raw);
+    logger.debug('jwt.decode ', JSON.stringify(payload));
+    if (!payload) {
+        throw new Error('invalid token');
+    }
+    const audience = payload.aud;
+    const matchingEntry = config.connections && config.connections.size > 0
+        ? [...config.connections.entries()].find(([_, configuration]) => configuration.clientId === audience)
+        : undefined;
+    if (!matchingEntry) {
+        const err = new Error('Audience mismatch');
+        logger.error(err.message, audience);
+        throw err;
+    }
+    const [key, authConfig] = matchingEntry;
+    logger.debug(`Audience found at key: ${key}`);
+    const jwksUri = payload.iss === 'https://api.botframework.com'
+        ? 'https://login.botframework.com/v1/.well-known/keys'
+        : `${authConfig.authority}/${authConfig.tenantId}/discovery/v2.0/keys`;
+    logger.debug(`fetching keys from ${jwksUri}`);
+    const jwksClient = (0, jwks_rsa_1.default)({ jwksUri });
     const getKey = (header, callback) => {
-        const payload = jsonwebtoken_1.default.decode(raw);
-        logger.debug('jwt.decode ', JSON.stringify(payload));
-        const jwksUri = payload.iss === 'https://api.botframework.com'
-            ? 'https://login.botframework.com/v1/.well-known/keys'
-            : `${config.authority}/${config.tenantId}/discovery/v2.0/keys`;
-        logger.debug(`fetching keys from ${jwksUri}`);
-        const jwksClient = (0, jwks_rsa_1.default)({ jwksUri });
         jwksClient.getSigningKey(header.kid, (err, key) => {
-            if (err != null) {
+            if (err) {
                 logger.error('jwksClient.getSigningKey ', JSON.stringify(err));
                 logger.error(JSON.stringify(err));
                 callback(err, undefined);
@@ -38,22 +52,21 @@ const verifyToken = async (raw, config) => {
             callback(null, signingKey);
         });
     };
+    const verifyOptions = {
+        issuer: authConfig.issuers,
+        audience: [authConfig.clientId, 'https://api.botframework.com'],
+        ignoreExpiration: false,
+        algorithms: ['RS256'],
+        clockTolerance: 300
+    };
     return await new Promise((resolve, reject) => {
-        const verifyOptions = {
-            issuer: config.issuers,
-            audience: [config.clientId, 'https://api.botframework.com'],
-            ignoreExpiration: false,
-            algorithms: ['RS256'],
-            clockTolerance: 300
-        };
         jsonwebtoken_1.default.verify(raw, getKey, verifyOptions, (err, user) => {
-            if (err != null) {
+            if (err) {
                 logger.error('jwt.verify ', JSON.stringify(err));
                 reject(err);
                 return;
             }
-            const tokenClaims = user;
-            resolve(tokenClaims);
+            resolve(user);
         });
     });
 };

package/dist/src/auth/jwt-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-middleware.js","sourceRoot":"","sources":["../../../src/auth/jwt-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAKH,wDAA0D;AAC1D,gEAA6F;AAC7F,8DAAyD;AAEzD,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,uBAAuB,CAAC,CAAA;AAE7C;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,GAAW,EAAE,MAAyB,EAAuB,EAAE;IACxF,MAAM,MAAM,GAAyB,CAAC,MAAiB,EAAE,QAAsB,EAAE,EAAE;QACjF,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,GAAG,CAAe,CAAA;QAC7C,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;QACpD,MAAM,OAAO,GAAW,OAAO,CAAC,GAAG,KAAK,8BAA8B;YACpE,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,sBAAsB,CAAA;QAEhE,MAAM,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;QAC7C,MAAM,UAAU,GAAe,IAAA,kBAAO,EAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QAEnD,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAA2B,EAAQ,EAAE;YAC5F,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAC9D,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBACjC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBACxB,OAAM;YACR,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAA;YACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAC5B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,MAAM,aAAa,GAAsB;YACvC,MAAM,EAAE,MAAM,CAAC,OAAgC;YAC/C,QAAQ,EAAE,CAAC,MAAM,CAAC,QAAS,EAAE,8BAA8B,CAAC;YAC5D,gBAAgB,EAAE,KAAK;YACvB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,cAAc,EAAE,GAAG;SACpB,CAAA;QAED,sBAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACnD,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAChD,MAAM,CAAC,GAAG,CAAC,CAAA;gBACX,OAAM;YACR,CAAC;YACD,MAAM,WAAW,GAAG,IAAkB,CAAA;YAEtC,OAAO,CAAC,WAAW,CAAC,CAAA;QACtB,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;;GAIG;AACI,MAAM,YAAY,GAAG,CAAC,UAA6B,EAAE,EAAE;IAC5D,OAAO,KAAK,WAAW,GAAY,EAAE,GAAa,EAAE,IAAkB;QACpE,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClD,MAAM,GAAG,IAAI,CAAA;YACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAA;QAClE,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAuB,CAAA;YACtD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,2CAA2C;gBAC1F,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;oBACjD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAA;oBACzC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;gBACjB,CAAC;gBAAC,OAAO,GAAgB,EAAE,CAAC;oBAC1B,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;gBACzD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;oBACnC,GAAG,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;oBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,gCAAgC,EAAE,CAAC,CAAA;gBAC9E,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,EAAE,CAAA;QACR,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AApCY,QAAA,YAAY,gBAoCxB"}
+{"version":3,"file":"jwt-middleware.js","sourceRoot":"","sources":["../../../src/auth/jwt-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAKH,wDAA0D;AAC1D,gEAA6F;AAC7F,8DAAyD;AAEzD,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,uBAAuB,CAAC,CAAA;AAE7C;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,GAAW,EAAE,MAAyB,EAAuB,EAAE;IACxF,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,GAAG,CAAe,CAAA;IAC7C,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;IAEpD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;IAClC,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;IAE5B,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC;QACrE,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,KAAK,QAAQ,CAAC;QACrG,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;QACnC,MAAM,GAAG,CAAA;IACX,CAAC;IAED,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,GAAG,aAAa,CAAA;IACvC,MAAM,CAAC,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAA;IAE7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,KAAK,8BAA8B;QAC5D,CAAC,CAAC,oDAAoD;QACtD,CAAC,CAAC,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,sBAAsB,CAAA;IAExE,MAAM,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;IAC7C,MAAM,UAAU,GAAe,IAAA,kBAAO,EAAC,EAAE,OAAO,EAAE,CAAC,CAAA;IAEnD,MAAM,MAAM,GAAyB,CAAC,MAAiB,EAAE,QAAsB,EAAE,EAAE;QACjF,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAA2B,EAAQ,EAAE;YAC5F,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAC9D,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBACjC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBACxB,OAAM;YACR,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAA;YACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAC5B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,MAAM,aAAa,GAAsB;QACvC,MAAM,EAAE,UAAU,CAAC,OAAgC;QACnD,QAAQ,EAAE,CAAC,UAAU,CAAC,QAAS,EAAE,8BAA8B,CAAC;QAChE,gBAAgB,EAAE,KAAK;QACvB,UAAU,EAAE,CAAC,OAAO,CAAC;QACrB,cAAc,EAAE,GAAG;KACpB,CAAA;IAED,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,sBAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACnD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAChD,MAAM,CAAC,GAAG,CAAC,CAAA;gBACX,OAAM;YACR,CAAC;YACD,OAAO,CAAC,IAAkB,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;;GAIG;AACI,MAAM,YAAY,GAAG,CAAC,UAA6B,EAAE,EAAE;IAC5D,OAAO,KAAK,WAAW,GAAY,EAAE,GAAa,EAAE,IAAkB;QACpE,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClD,MAAM,GAAG,IAAI,CAAA;YACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAA;QAClE,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAuB,CAAA;YACtD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,2CAA2C;gBAC1F,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;oBACjD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAA;oBACzC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;gBACjB,CAAC;gBAAC,OAAO,GAAgB,EAAE,CAAC;oBAC1B,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;gBACzD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;oBACnC,GAAG,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;oBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,gCAAgC,EAAE,CAAC,CAAA;gBAC9E,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,EAAE,CAAA;QACR,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AApCY,QAAA,YAAY,gBAoCxB"}

package/dist/src/auth/msalConnectionManager.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Activity } from '@microsoft/agents-activity';
+import { AuthConfiguration } from './authConfiguration';
+import { AuthProvider } from './authProvider';
+import { Connections } from './connections';
+import { MsalTokenProvider } from './msalTokenProvider';
+export interface ConnectionMapItem {
+    audience?: string;
+    serviceUrl: string;
+    connection: string;
+}
+export declare class MsalConnectionManager implements Connections {
+    private _connections;
+    private _connectionsMap;
+    private _serviceConnectionConfiguration;
+    private static readonly DEFAULT_CONNECTION;
+    constructor(connectionsConfigurations?: Map<string, AuthConfiguration>, connectionsMap?: ConnectionMapItem[], configuration?: AuthConfiguration);
+    /**
+     * Get the OAuth connection for the agent.
+     * @param connectionName The name of the connection.
+     * @returns The OAuth connection for the agent.
+     */
+    getConnection(connectionName: string): MsalTokenProvider;
+    /**
+     * Get the default OAuth connection for the agent.
+     * @returns The default OAuth connection for the agent.
+     */
+    getDefaultConnection(): MsalTokenProvider;
+    /**
+     * Finds a connection based on a map.
+     *
+     * @param audience The audience.
+     * @param serviceUrl The service URL.
+     * @returns The TokenProvider for the connection.
+     *
+     * @remarks
+     * Example environment variables:
+     * connectionsMap__0__connection=seviceConnection
+     * connectionsMap__0__serviceUrl=http://*..botframework.com/*
+     * connectionsMap__0__audience=optional
+     * connectionsMap__1__connection=agentic
+     * connectionsMap__1__serviceUrl=agentic
+     *
+     * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
+     * Connection is: A name in the 'Connections' list.
+     */
+    getTokenProvider(audience: string, serviceUrl: string): MsalTokenProvider;
+    /**
+     * Finds a connection based on an activity's blueprint.
+     * @param audience The audience.
+     * @param activity The activity.
+     * @returns The TokenProvider for the connection.
+     */
+    getTokenProviderFromActivity(audience: string, activity: Activity): AuthProvider;
+    /**
+     * Get the default connection configuration for the agent.
+     * @returns The default connection configuration for the agent.
+     */
+    getDefaultConnectionConfiguration(): AuthConfiguration;
+}

package/dist/src/auth/msalConnectionManager.js

@@ -0,0 +1,124 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MsalConnectionManager = void 0;
+const agents_activity_1 = require("@microsoft/agents-activity");
+const msalTokenProvider_1 = require("./msalTokenProvider");
+class MsalConnectionManager {
+    constructor(connectionsConfigurations = new Map(), connectionsMap = [], configuration = {}) {
+        this._connections = new Map();
+        this._connectionsMap = connectionsMap.length > 0 ? connectionsMap : (configuration.connectionsMap || []);
+        this._serviceConnectionConfiguration = {};
+        const providedConnections = connectionsConfigurations.size > 0 ? connectionsConfigurations : (configuration.connections || new Map());
+        for (const [name, config] of providedConnections) {
+            // Instantiate MsalTokenProvider for each connection
+            this._connections.set(name, new msalTokenProvider_1.MsalTokenProvider(config));
+            if (name === MsalConnectionManager.DEFAULT_CONNECTION) {
+                this._serviceConnectionConfiguration = config;
+            }
+        }
+    }
+    /**
+     * Get the OAuth connection for the agent.
+     * @param connectionName The name of the connection.
+     * @returns The OAuth connection for the agent.
+     */
+    getConnection(connectionName) {
+        const conn = this._connections.get(connectionName);
+        if (!conn) {
+            throw new Error(`Connection not found: ${connectionName}`);
+        }
+        return conn;
+    }
+    /**
+     * Get the default OAuth connection for the agent.
+     * @returns The default OAuth connection for the agent.
+     */
+    getDefaultConnection() {
+        if (this._connections.size === 0) {
+            throw new Error('No connections found for this Agent in the Connections Configuration.');
+        }
+        // Return the wildcard map item instance.
+        for (const item of this._connectionsMap) {
+            if (item.serviceUrl === '*' && !item.audience) {
+                return this.getConnection(item.connection);
+            }
+        }
+        return this._connections.values().next().value;
+    }
+    /**
+     * Finds a connection based on a map.
+     *
+     * @param audience The audience.
+     * @param serviceUrl The service URL.
+     * @returns The TokenProvider for the connection.
+     *
+     * @remarks
+     * Example environment variables:
+     * connectionsMap__0__connection=seviceConnection
+     * connectionsMap__0__serviceUrl=http://*..botframework.com/*
+     * connectionsMap__0__audience=optional
+     * connectionsMap__1__connection=agentic
+     * connectionsMap__1__serviceUrl=agentic
+     *
+     * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
+     * Connection is: A name in the 'Connections' list.
+     */
+    getTokenProvider(audience, serviceUrl) {
+        if (!audience || !serviceUrl)
+            throw new Error('Audience and Service URL are required to get the token provider.');
+        if (this._connectionsMap.length === 0) {
+            return this.getDefaultConnection();
+        }
+        for (const item of this._connectionsMap) {
+            let audienceMatch = true;
+            // if we have an audience to match against, match it.
+            if (item.audience && audience) {
+                audienceMatch = item.audience === audience;
+            }
+            if (audienceMatch) {
+                if (item.serviceUrl === '*' || !item.serviceUrl) {
+                    return this.getConnection(item.connection);
+                }
+                const regex = new RegExp(item.serviceUrl, 'i');
+                if (regex.test(serviceUrl)) {
+                    return this.getConnection(item.connection);
+                }
+            }
+        }
+        throw new Error(`No connection found for audience: ${audience} and serviceUrl: ${serviceUrl}`);
+    }
+    /**
+     * Finds a connection based on an activity's blueprint.
+     * @param audience The audience.
+     * @param activity The activity.
+     * @returns The TokenProvider for the connection.
+     */
+    getTokenProviderFromActivity(audience, activity) {
+        var _a, _b, _c, _d;
+        let connection = this.getTokenProvider(audience, activity.serviceUrl || '');
+        // This is for the case where the Agentic BlueprintId is not the same as the AppId
+        if (connection &&
+            (((_a = activity.recipient) === null || _a === void 0 ? void 0 : _a.role) === agents_activity_1.RoleTypes.AgenticIdentity ||
+                ((_b = activity.recipient) === null || _b === void 0 ? void 0 : _b.role) === agents_activity_1.RoleTypes.AgenticUser)) {
+            if (((_c = connection.connectionSettings) === null || _c === void 0 ? void 0 : _c.altBlueprintConnectionName) &&
+                connection.connectionSettings.altBlueprintConnectionName.trim() !== '') {
+                connection = this.getConnection((_d = connection.connectionSettings) === null || _d === void 0 ? void 0 : _d.altBlueprintConnectionName);
+            }
+        }
+        return connection;
+    }
+    /**
+     * Get the default connection configuration for the agent.
+     * @returns The default connection configuration for the agent.
+     */
+    getDefaultConnectionConfiguration() {
+        return this._serviceConnectionConfiguration;
+    }
+}
+exports.MsalConnectionManager = MsalConnectionManager;
+MsalConnectionManager.DEFAULT_CONNECTION = 'serviceConnection';
+//# sourceMappingURL=msalConnectionManager.js.map

package/dist/src/auth/msalConnectionManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"msalConnectionManager.js","sourceRoot":"","sources":["../../../src/auth/msalConnectionManager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,gEAAgE;AAIhE,2DAAuD;AAQvD,MAAa,qBAAqB;IAMhC,YACE,4BAA4D,IAAI,GAAG,EAAE,EACrE,iBAAsC,EAAE,EACxC,gBAAmC,EAAE;QACrC,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAA;QAC7B,IAAI,CAAC,eAAe,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,cAAc,IAAI,EAAE,CAAC,CAAA;QACxG,IAAI,CAAC,+BAA+B,GAAG,EAAE,CAAA;QAEzC,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,IAAI,IAAI,GAAG,EAAE,CAAC,CAAA;QAErI,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC;YACjD,oDAAoD;YACpD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,qCAAiB,CAAC,MAAM,CAAC,CAAC,CAAA;YAC1D,IAAI,IAAI,KAAK,qBAAqB,CAAC,kBAAkB,EAAE,CAAC;gBACtD,IAAI,CAAC,+BAA+B,GAAG,MAAM,CAAA;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAE,cAAsB;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QAClD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAA;QAC5D,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;OAGG;IACH,oBAAoB;QAClB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAA;QAC1F,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAA0B,CAAA;IACrE,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,gBAAgB,CAAE,QAAgB,EAAE,UAAkB;QACpD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;QAEjH,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAA;QACpC,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,IAAI,aAAa,GAAG,IAAI,CAAA;YAExB,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAA;YAC5C,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC5C,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;gBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC3B,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,oBAAoB,UAAU,EAAE,CAAC,CAAA;IAChG,CAAC;IAED;;;;;OAKG;IACH,4BAA4B,CAAE,QAAgB,EAAE,QAAkB;;QAChE,IAAI,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAA;QAE3E,kFAAkF;QAClF,IAAI,UAAU;YACZ,CAAC,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,MAAK,2BAAS,CAAC,eAAe;gBACrD,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,MAAK,2BAAS,CAAC,WAAW,CAAC,EAAE,CAAC;YACxD,IAAI,CAAA,MAAA,UAAU,CAAC,kBAAkB,0CAAE,0BAA0B;gBACzD,UAAU,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC3E,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,MAAA,UAAU,CAAC,kBAAkB,0CAAE,0BAAoC,CAAC,CAAA;YACtG,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAA;IACnB,CAAC;IAED;;;OAGG;IACH,iCAAiC;QAC/B,OAAO,IAAI,CAAC,+BAA+B,CAAA;IAC7C,CAAC;;AAnIH,sDAoIC;AAhIyB,wCAAkB,GAAG,mBAAmB,CAAA"}

package/dist/src/auth/msalTokenProvider.d.ts

@@ -8,6 +8,15 @@ import { AuthProvider } from './authProvider';
  * Provides tokens using MSAL.
  */
 export declare class MsalTokenProvider implements AuthProvider {
+    private readonly _agenticTokenCache;
+    readonly connectionSettings?: AuthConfiguration;
+    constructor(connectionSettings?: AuthConfiguration);
+    /**
+     * Gets an access token using the auth configuration from the MsalTokenProvider instance and the provided scope.
+     * @param scope The scope for the token.
+     * @returns A promise that resolves to the access token.
+     */
+    getAccessToken(scope: string): Promise<string>;
     /**
      * Gets an access token.
      * @param authConfig The authentication configuration.
@@ -15,7 +24,22 @@ export declare class MsalTokenProvider implements AuthProvider {
      * @returns A promise that resolves to the access token.
      */
     getAccessToken(authConfig: AuthConfiguration, scope: string): Promise<string>;
+    acquireTokenOnBehalfOf(scopes: string[], oboAssertion: string): Promise<string>;
     acquireTokenOnBehalfOf(authConfig: AuthConfiguration, scopes: string[], oboAssertion: string): Promise<string>;
+    getAgenticInstanceToken(agentAppInstanceId: string): Promise<string>;
+    /**
+     * Does a direct HTTP call to acquire a token for agentic scenarios - do not use this directly!
+     * This method will be removed once MSAL is updated with the necessary features.
+     * (This is required in order to pass additional parameters into the auth call)
+     * @param clientId
+     * @param clientAssertion
+     * @param scopes
+     * @param tokenBodyParameters
+     * @returns
+     */
+    private acquireTokenByForAgenticScenarios;
+    getAgenticUserToken(agentAppInstanceId: string, agenticUserId: string, scopes: string[]): Promise<string>;
+    getAgenticApplicationToken(agentAppInstanceId: string): Promise<string>;
     private readonly sysOptions;
     /**
      * Acquires a token using a user-assigned identity.
@@ -45,6 +69,13 @@ export declare class MsalTokenProvider implements AuthProvider {
      * @returns A promise that resolves to the access token.
      */
     private acquireAccessTokenViaFIC;
+    /**
+     * Acquires a token using a Workload Identity client assertion.
+     * @param authConfig The authentication configuration.
+     * @param scope The scope for the token.
+     * @returns A promise that resolves to the access token.
+     */
+    private acquireAccessTokenViaWID;
     /**
      * Fetches an external token.
      * @param FICClientId The FIC client ID.

package/dist/src/auth/msalTokenProvider.js

@@ -9,8 +9,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MsalTokenProvider = void 0;
 const msal_node_1 = require("@azure/msal-node");
+const axios_1 = __importDefault(require("axios"));
 const logger_1 = require("@microsoft/agents-activity/logger");
 const uuid_1 = require("uuid");
+const MemoryCache_1 = require("./MemoryCache");
 const fs_1 = __importDefault(require("fs"));
 const crypto_1 = __importDefault(require("crypto"));
 const audience = 'api://AzureADTokenExchange';
@@ -19,7 +21,7 @@ const logger = (0, logger_1.debug)('agents:msal');
  * Provides tokens using MSAL.
  */
 class MsalTokenProvider {
-    constructor() {
+    constructor(connectionSettings) {
         this.sysOptions = {
             loggerOptions: {
                 logLevel: msal_node_1.LogLevel.Trace,
@@ -46,32 +48,46 @@ class MsalTokenProvider {
                 piiLoggingEnabled: false
             }
         };
+        this._agenticTokenCache = new MemoryCache_1.MemoryCache();
+        this.connectionSettings = connectionSettings;
     }
-    /**
-     * Gets an access token.
-     * @param authConfig The authentication configuration.
-     * @param scope The scope for the token.
-     * @returns A promise that resolves to the access token.
-     */
-    async getAccessToken(authConfig, scope) {
+    async getAccessToken(authConfigOrScope, scope) {
+        let authConfig;
+        let actualScope;
+        if (typeof authConfigOrScope === 'string') {
+            // Called as getAccessToken(scope)
+            if (!this.connectionSettings) {
+                throw new Error('Connection settings must be provided to constructor when calling getAccessToken(scope)');
+            }
+            authConfig = this.connectionSettings;
+            actualScope = authConfigOrScope;
+        }
+        else {
+            // Called as getAccessToken(authConfig, scope)
+            authConfig = authConfigOrScope;
+            actualScope = scope;
+        }
         if (!authConfig.clientId && process.env.NODE_ENV !== 'production') {
             return '';
         }
         let token;
-        if (authConfig.FICClientId !== undefined) {
-            token = await this.acquireAccessTokenViaFIC(authConfig, scope);
+        if (authConfig.WIDAssertionFile !== undefined) {
+            token = await this.acquireAccessTokenViaWID(authConfig, actualScope);
+        }
+        else if (authConfig.FICClientId !== undefined) {
+            token = await this.acquireAccessTokenViaFIC(authConfig, actualScope);
         }
         else if (authConfig.clientSecret !== undefined) {
-            token = await this.acquireAccessTokenViaSecret(authConfig, scope);
+            token = await this.acquireAccessTokenViaSecret(authConfig, actualScope);
         }
         else if (authConfig.certPemFile !== undefined &&
             authConfig.certKeyFile !== undefined) {
-            token = await this.acquireTokenWithCertificate(authConfig, scope);
+            token = await this.acquireTokenWithCertificate(authConfig, actualScope);
         }
         else if (authConfig.clientSecret === undefined &&
             authConfig.certPemFile === undefined &&
             authConfig.certKeyFile === undefined) {
-            token = await this.acquireTokenWithUserAssignedIdentity(authConfig, scope);
+            token = await this.acquireTokenWithUserAssignedIdentity(authConfig, actualScope);
         }
         else {
             throw new Error('Invalid authConfig. ');
@@ -81,7 +97,25 @@ class MsalTokenProvider {
         }
         return token;
     }
-    async acquireTokenOnBehalfOf(authConfig, scopes, oboAssertion) {
+    async acquireTokenOnBehalfOf(authConfigOrScopes, scopesOrOboAssertion, oboAssertion) {
+        let authConfig;
+        let actualScopes;
+        let actualOboAssertion;
+        if (Array.isArray(authConfigOrScopes)) {
+            // Called as acquireTokenOnBehalfOf(scopes, oboAssertion)
+            if (!this.connectionSettings) {
+                throw new Error('Connection settings must be provided to constructor when calling acquireTokenOnBehalfOf(scopes, oboAssertion)');
+            }
+            authConfig = this.connectionSettings;
+            actualScopes = authConfigOrScopes;
+            actualOboAssertion = scopesOrOboAssertion;
+        }
+        else {
+            // Called as acquireTokenOnBehalfOf(authConfig, scopes, oboAssertion)
+            authConfig = authConfigOrScopes;
+            actualScopes = scopesOrOboAssertion;
+            actualOboAssertion = oboAssertion;
+        }
         const cca = new msal_node_1.ConfidentialClientApplication({
             auth: {
                 clientId: authConfig.clientId,
@@ -91,11 +125,107 @@ class MsalTokenProvider {
             system: this.sysOptions
         });
         const token = await cca.acquireTokenOnBehalfOf({
-            oboAssertion,
-            scopes
+            oboAssertion: actualOboAssertion,
+            scopes: actualScopes
         });
         return token === null || token === void 0 ? void 0 : token.accessToken;
     }
+    async getAgenticInstanceToken(agentAppInstanceId) {
+        logger.debug('Getting agentic instance token');
+        if (!this.connectionSettings) {
+            throw new Error('Connection settings must be provided when calling getAgenticInstanceToken');
+        }
+        const appToken = await this.getAgenticApplicationToken(agentAppInstanceId);
+        const cca = new msal_node_1.ConfidentialClientApplication({
+            auth: {
+                clientId: agentAppInstanceId,
+                clientAssertion: appToken,
+                authority: `${this.connectionSettings.authority}/${this.connectionSettings.tenantId || 'botframework.com'}`,
+            },
+            system: this.sysOptions
+        });
+        const token = await cca.acquireTokenByClientCredential({
+            scopes: ['api://AzureAdTokenExchange/.default'],
+            correlationId: (0, uuid_1.v4)()
+        });
+        if (!(token === null || token === void 0 ? void 0 : token.accessToken)) {
+            throw new Error(`Failed to acquire instance token for agent instance: ${agentAppInstanceId}`);
+        }
+        return token.accessToken;
+    }
+    /**
+     * Does a direct HTTP call to acquire a token for agentic scenarios - do not use this directly!
+     * This method will be removed once MSAL is updated with the necessary features.
+     * (This is required in order to pass additional parameters into the auth call)
+     * @param clientId
+     * @param clientAssertion
+     * @param scopes
+     * @param tokenBodyParameters
+     * @returns
+     */
+    async acquireTokenByForAgenticScenarios(clientId, clientAssertion, scopes, tokenBodyParameters) {
+        if (!this.connectionSettings) {
+            throw new Error('Connection settings must be provided when calling getAgenticInstanceToken');
+        }
+        // Check cache first
+        const cacheKey = `${clientId}/${Object.keys(tokenBodyParameters).map(key => key !== 'user_federated_identity_credential' ? `${key}=${tokenBodyParameters[key]}` : '').join('&')}/${scopes.join(';')}`;
+        if (this._agenticTokenCache.get(cacheKey)) {
+            return this._agenticTokenCache.get(cacheKey);
+        }
+        const url = `${this.connectionSettings.authority}/${this.connectionSettings.tenantId || 'botframework.com'}/oauth2/v2.0/token`;
+        const data = {
+            client_id: clientId,
+            scope: scopes.join(' '),
+            ...tokenBodyParameters
+        };
+        if (clientAssertion) {
+            data.client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';
+            data.client_assertion = clientAssertion;
+        }
+        else {
+            data.client_secret = this.connectionSettings.clientSecret;
+        }
+        const token = await axios_1.default.post(url, data, {
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8'
+            }
+        }).catch((error) => {
+            logger.error('Error acquiring token: ', error.toJSON());
+            throw error;
+        });
+        // capture token, expire local cache 5 minutes early
+        this._agenticTokenCache.set(cacheKey, token.data.access_token, token.data.expires_in - 300);
+        return token.data.access_token;
+    }
+    async getAgenticUserToken(agentAppInstanceId, agenticUserId, scopes) {
+        logger.debug('Getting agentic user token');
+        const agentToken = await this.getAgenticApplicationToken(agentAppInstanceId);
+        const instanceToken = await this.getAgenticInstanceToken(agentAppInstanceId);
+        const token = await this.acquireTokenByForAgenticScenarios(agentAppInstanceId, agentToken, scopes, {
+            user_id: agenticUserId,
+            user_federated_identity_credential: instanceToken,
+            grant_type: 'user_fic',
+        });
+        if (!token) {
+            throw new Error(`Failed to acquire instance token for user token: ${agentAppInstanceId}`);
+        }
+        return token;
+    }
+    async getAgenticApplicationToken(agentAppInstanceId) {
+        var _a;
+        if (!((_a = this.connectionSettings) === null || _a === void 0 ? void 0 : _a.clientId)) {
+            throw new Error('Connection settings must be provided when calling getAgenticApplicationToken');
+        }
+        logger.debug('Getting agentic application token');
+        const token = await this.acquireTokenByForAgenticScenarios(this.connectionSettings.clientId, undefined, ['api://AzureAdTokenExchange/.default'], {
+            grant_type: 'client_credentials',
+            fmi_path: agentAppInstanceId,
+        });
+        if (!token) {
+            throw new Error(`Failed to acquire token for agent instance: ${agentAppInstanceId}`);
+        }
+        return token;
+    }
     /**
      * Acquires a token using a user-assigned identity.
      * @param authConfig The authentication configuration.
@@ -191,6 +321,27 @@ class MsalTokenProvider {
         logger.debug('got token using FIC client assertion');
         return token === null || token === void 0 ? void 0 : token.accessToken;
     }
+    /**
+     * Acquires a token using a Workload Identity client assertion.
+     * @param authConfig The authentication configuration.
+     * @param scope The scope for the token.
+     * @returns A promise that resolves to the access token.
+     */
+    async acquireAccessTokenViaWID(authConfig, scope) {
+        const scopes = [`${scope}/.default`];
+        const clientAssertion = fs_1.default.readFileSync(authConfig.WIDAssertionFile, 'utf8');
+        const cca = new msal_node_1.ConfidentialClientApplication({
+            auth: {
+                clientId: authConfig.clientId,
+                authority: `https://login.microsoftonline.com/${authConfig.tenantId}`,
+                clientAssertion
+            },
+            system: this.sysOptions
+        });
+        const token = await cca.acquireTokenByClientCredential({ scopes });
+        logger.info('got token using WID client assertion');
+        return token === null || token === void 0 ? void 0 : token.accessToken;
+    }
     /**
      * Fetches an external token.
      * @param FICClientId The FIC client ID.

package/dist/src/auth/msalTokenProvider.js.map

@@ -1 +1 @@
-{"version":3,"file":"msalTokenProvider.js","sourceRoot":"","sources":["../../../src/auth/msalTokenProvider.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAEH,gDAAyH;AAGzH,8DAAyD;AACzD,+BAAyB;AAEzB,4CAAmB;AACnB,oDAA2B;AAE3B,MAAM,QAAQ,GAAG,4BAA4B,CAAA;AAC7C,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,aAAa,CAAC,CAAA;AAEnC;;GAEG;AACH,MAAa,iBAAiB;IAA9B;QAiDmB,eAAU,GAAsB;YAC/C,aAAa,EAAE;gBACb,QAAQ,EAAE,oBAAQ,CAAC,KAAK;gBACxB,cAAc,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE;oBAC9C,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAM;oBACR,CAAC;oBACD,QAAQ,KAAK,EAAE,CAAC;wBACd,KAAK,oBAAQ,CAAC,KAAK;4BACjB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;4BACrB,OAAM;wBACR,KAAK,oBAAQ,CAAC,IAAI;4BAChB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;4BACrB,OAAM;wBACR,KAAK,oBAAQ,CAAC,OAAO;4BACnB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC,EAAE,CAAC;gCAC9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;4BACtB,CAAC;4BACD,OAAM;wBACR,KAAK,oBAAQ,CAAC,OAAO;4BACnB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;oBACzB,CAAC;gBACH,CAAC;gBACD,iBAAiB,EAAE,KAAK;aACzB;SACF,CAAA;IA6HH,CAAC;IAtMC;;;;;OAKG;IACI,KAAK,CAAC,cAAc,CAAE,UAA6B,EAAE,KAAa;QACvE,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAI,KAAK,CAAA;QACT,IAAI,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACzC,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QAChE,CAAC;aAAM,IAAI,UAAU,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACjD,KAAK,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QACnE,CAAC;aAAM,IAAI,UAAU,CAAC,WAAW,KAAK,SAAS;YAC7C,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACvC,KAAK,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QACnE,CAAC;aAAM,IAAI,UAAU,CAAC,YAAY,KAAK,SAAS;YAC9C,UAAU,CAAC,WAAW,KAAK,SAAS;YACpC,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACvC,KAAK,GAAG,MAAM,IAAI,CAAC,oCAAoC,CAAC,UAAU,EAAE,KAAK,CAAC,CAAA;QAC5E,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QACzC,CAAC;QACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;QAC5C,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAE,UAA6B,EAAE,MAAgB,EAAE,YAAoB;QACxG,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,YAAY,EAAE,UAAU,CAAC,YAAY;aACtC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,sBAAsB,CAAC;YAC7C,YAAY;YACZ,MAAM;SACP,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IA6BD;;;;;OAKG;IACK,KAAK,CAAC,oCAAoC,CAAE,UAA6B,EAAE,KAAa;QAC9F,MAAM,GAAG,GAAG,IAAI,sCAA0B,CAAC;YACzC,uBAAuB,EAAE;gBACvB,oBAAoB,EAAE,UAAU,CAAC,QAAQ,IAAI,EAAE;aAChD;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC;YACnC,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,CAAA;IAC3B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,2BAA2B,CAAE,UAA6B,EAAE,KAAa;QACrF,MAAM,gBAAgB,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAA;QAE1E,MAAM,gBAAgB,GAAG,gBAAM,CAAC,gBAAgB,CAAC;YAC/C,GAAG,EAAE,gBAAgB;YACrB,MAAM,EAAE,KAAK;SACd,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC;YACzC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,IAAI,gBAAM,CAAC,eAAe,CAAC,YAAE,CAAC,YAAY,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAC,CAAA;QAElG,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,EAAE;gBACnC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,iBAAiB,EAAE;oBACjB,UAAU,EAAE,UAAoB;oBAChC,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;oBACxD,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE;iBACxE;aACF;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC;YACrD,MAAM,EAAE,CAAC,GAAG,KAAK,WAAW,CAAC;YAC7B,aAAa,EAAE,IAAA,SAAE,GAAE;SACpB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,2BAA2B,CAAE,UAA6B,EAAE,KAAa;QACrF,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,YAAY,EAAE,UAAU,CAAC,YAAY;aACtC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC;YACrD,MAAM,EAAE,CAAC,GAAG,KAAK,WAAW,CAAC;YAC7B,aAAa,EAAE,IAAA,SAAE,GAAE;SACpB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,wBAAwB,CAAE,UAA6B,EAAE,KAAa;QAClF,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,WAAW,CAAC,CAAA;QACpC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAA;QACvF,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,EAAE;gBAC3D,eAAe;aAChB;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClE,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;QACpD,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAAE,WAAmB;QACnD,MAAM,8BAA8B,GAAG,IAAI,sCAA0B,CAAC;YACpE,uBAAuB,EAAE;gBACvB,oBAAoB,EAAE,WAAW;aAClC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CACA,CAAA;QACD,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,YAAY,CAAC;YACjE,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;QACF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACjC,OAAO,QAAQ,CAAC,WAAW,CAAA;IAC7B,CAAC;CACF;AAvMD,8CAuMC"}
+{"version":3,"file":"msalTokenProvider.js","sourceRoot":"","sources":["../../../src/auth/msalTokenProvider.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAEH,gDAAyH;AACzH,kDAAyB;AAGzB,8DAAyD;AACzD,+BAAyB;AACzB,+CAA2C;AAE3C,4CAAmB;AACnB,oDAA2B;AAE3B,MAAM,QAAQ,GAAG,4BAA4B,CAAA;AAC7C,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,aAAa,CAAC,CAAA;AAEnC;;GAEG;AACH,MAAa,iBAAiB;IAI5B,YAAa,kBAAsC;QA6NlC,eAAU,GAAsB;YAC/C,aAAa,EAAE;gBACb,QAAQ,EAAE,oBAAQ,CAAC,KAAK;gBACxB,cAAc,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE;oBAC9C,IAAI,WAAW,EAAE,CAAC;wBAChB,OAAM;oBACR,CAAC;oBACD,QAAQ,KAAK,EAAE,CAAC;wBACd,KAAK,oBAAQ,CAAC,KAAK;4BACjB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;4BACrB,OAAM;wBACR,KAAK,oBAAQ,CAAC,IAAI;4BAChB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;4BACrB,OAAM;wBACR,KAAK,oBAAQ,CAAC,OAAO;4BACnB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,sCAAsC,CAAC,EAAE,CAAC;gCAC9D,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;4BACtB,CAAC;4BACD,OAAM;wBACR,KAAK,oBAAQ,CAAC,OAAO;4BACnB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;oBACzB,CAAC;gBACH,CAAC;gBACD,iBAAiB,EAAE,KAAK;aACzB;SACF,CAAA;QArPC,IAAI,CAAC,kBAAkB,GAAG,IAAI,yBAAW,EAAU,CAAA;QACnD,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAA;IAC9C,CAAC;IAgBM,KAAK,CAAC,cAAc,CAAE,iBAA6C,EAAE,KAAc;QACxF,IAAI,UAA6B,CAAA;QACjC,IAAI,WAAmB,CAAA;QAEvB,IAAI,OAAO,iBAAiB,KAAK,QAAQ,EAAE,CAAC;YAC5C,kCAAkC;YAChC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,wFAAwF,CAAC,CAAA;YAC3G,CAAC;YACD,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAA;YACpC,WAAW,GAAG,iBAAiB,CAAA;QACjC,CAAC;aAAM,CAAC;YACR,8CAA8C;YAC5C,UAAU,GAAG,iBAAiB,CAAA;YAC9B,WAAW,GAAG,KAAe,CAAA;QAC/B,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YAClE,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAI,KAAK,CAAA;QACT,IAAI,UAAU,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;YAC9C,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;QACtE,CAAC;aAAM,IAAI,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAChD,KAAK,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;QACtE,CAAC;aAAM,IAAI,UAAU,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACjD,KAAK,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;QACzE,CAAC;aAAM,IAAI,UAAU,CAAC,WAAW,KAAK,SAAS;YAC7C,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACvC,KAAK,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;QACzE,CAAC;aAAM,IAAI,UAAU,CAAC,YAAY,KAAK,SAAS;YAC9C,UAAU,CAAC,WAAW,KAAK,SAAS;YACpC,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACvC,KAAK,GAAG,MAAM,IAAI,CAAC,oCAAoC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAA;QAClF,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;QACzC,CAAC;QACD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;QAC5C,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAKM,KAAK,CAAC,sBAAsB,CACjC,kBAAgD,EAChD,oBAAwC,EACxC,YAAqB;QAErB,IAAI,UAA6B,CAAA;QACjC,IAAI,YAAsB,CAAA;QAC1B,IAAI,kBAA0B,CAAA;QAE9B,IAAI,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACxC,yDAAyD;YACvD,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CAAC,+GAA+G,CAAC,CAAA;YAClI,CAAC;YACD,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAA;YACpC,YAAY,GAAG,kBAAkB,CAAA;YACjC,kBAAkB,GAAG,oBAA8B,CAAA;QACrD,CAAC;aAAM,CAAC;YACR,qEAAqE;YACnE,UAAU,GAAG,kBAAkB,CAAA;YAC/B,YAAY,GAAG,oBAAgC,CAAA;YAC/C,kBAAkB,GAAG,YAAa,CAAA;QACpC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,YAAY,EAAE,UAAU,CAAC,YAAY;aACtC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,sBAAsB,CAAC;YAC7C,YAAY,EAAE,kBAAkB;YAChC,MAAM,EAAE,YAAY;SACrB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAEM,KAAK,CAAC,uBAAuB,CAAE,kBAA0B;QAC9D,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;QAC9C,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAA;QAC9F,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAA;QAC1E,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,kBAAkB;gBAC5B,eAAe,EAAE,QAAQ;gBACzB,SAAS,EAAE,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,IAAI,IAAI,CAAC,kBAAkB,CAAC,QAAQ,IAAI,kBAAkB,EAAE;aAC5G;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QAEF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC;YACrD,MAAM,EAAE,CAAC,qCAAqC,CAAC;YAC/C,aAAa,EAAE,IAAA,SAAE,GAAE;SACpB,CAAC,CAAA;QAEF,IAAI,CAAC,CAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,CAAA,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wDAAwD,kBAAkB,EAAE,CAAC,CAAA;QAC/F,CAAC;QAED,OAAO,KAAK,CAAC,WAAW,CAAA;IAC1B,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,iCAAiC,CAAE,QAAgB,EAAE,eAAmC,EAAE,MAAgB,EAAE,mBAA2C;QACnK,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAA;QAC9F,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,oCAAoC,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAA;QACrM,IAAI,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1C,OAAO,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAW,CAAA;QACxD,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,IAAI,IAAI,CAAC,kBAAkB,CAAC,QAAQ,IAAI,kBAAkB,oBAAoB,CAAA;QAE9H,MAAM,IAAI,GAA2B;YACnC,SAAS,EAAE,QAAQ;YACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,GAAG,mBAAmB;SACvB,CAAA;QAED,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,qBAAqB,GAAG,wDAAwD,CAAA;YACrF,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAA;QACzC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAA;QAC3D,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,eAAK,CAAC,IAAI,CAC5B,GAAG,EACH,IAAI,EACJ;YACE,OAAO,EAAE;gBACP,cAAc,EAAE,iDAAiD;aAClE;SACF,CACF,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAA;YACvD,MAAM,KAAK,CAAA;QACb,CAAC,CAAC,CAAA;QAEF,oDAAoD;QACpD,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,CAAA;QAC3F,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAA;IAChC,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAE,kBAA0B,EAAE,aAAqB,EAAE,MAAgB;QACnG,MAAM,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAA;QAC1C,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,0BAA0B,CAAC,kBAAkB,CAAC,CAAA;QAC5E,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,kBAAkB,CAAC,CAAA;QAE5E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,kBAAkB,EAAE,UAAU,EAAE,MAAM,EAAE;YACjG,OAAO,EAAE,aAAa;YACtB,kCAAkC,EAAE,aAAa;YACjD,UAAU,EAAE,UAAU;SACvB,CAAC,CAAA;QAEF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,oDAAoD,kBAAkB,EAAE,CAAC,CAAA;QAC3F,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAEM,KAAK,CAAC,0BAA0B,CAAE,kBAA0B;;QACjE,IAAI,CAAC,CAAA,MAAA,IAAI,CAAC,kBAAkB,0CAAE,QAAQ,CAAA,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,8EAA8E,CAAC,CAAA;QACjG,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;QACjD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iCAAiC,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC,qCAAqC,CAAC,EAAE;YAC/I,UAAU,EAAE,oBAAoB;YAChC,QAAQ,EAAE,kBAAkB;SAC7B,CAAC,CAAA;QAEF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,+CAA+C,kBAAkB,EAAE,CAAC,CAAA;QACtF,CAAC;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IA6BD;;;;;OAKG;IACK,KAAK,CAAC,oCAAoC,CAAE,UAA6B,EAAE,KAAa;QAC9F,MAAM,GAAG,GAAG,IAAI,sCAA0B,CAAC;YACzC,uBAAuB,EAAE;gBACvB,oBAAoB,EAAE,UAAU,CAAC,QAAQ,IAAI,EAAE;aAChD;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC;YACnC,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAW,CAAA;IAC3B,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,2BAA2B,CAAE,UAA6B,EAAE,KAAa;QACrF,MAAM,gBAAgB,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAA;QAE1E,MAAM,gBAAgB,GAAG,gBAAM,CAAC,gBAAgB,CAAC;YAC/C,GAAG,EAAE,gBAAgB;YACrB,MAAM,EAAE,KAAK;SACd,CAAC,CAAA;QAEF,MAAM,UAAU,GAAG,gBAAgB,CAAC,MAAM,CAAC;YACzC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SACd,CAAC,CAAA;QAEF,MAAM,YAAY,GAAG,IAAI,gBAAM,CAAC,eAAe,CAAC,YAAE,CAAC,YAAY,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAC,CAAA;QAElG,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAQ,IAAI,EAAE;gBACnC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,iBAAiB,EAAE;oBACjB,UAAU,EAAE,UAAoB;oBAChC,UAAU,EAAE,YAAY,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC;oBACxD,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,WAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE;iBACxE;aACF;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC;YACrD,MAAM,EAAE,CAAC,GAAG,KAAK,WAAW,CAAC;YAC7B,aAAa,EAAE,IAAA,SAAE,GAAE;SACpB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,2BAA2B,CAAE,UAA6B,EAAE,KAAa;QACrF,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,IAAI,kBAAkB,EAAE;gBACjF,YAAY,EAAE,UAAU,CAAC,YAAY;aACtC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC;YACrD,MAAM,EAAE,CAAC,GAAG,KAAK,WAAW,CAAC;YAC7B,aAAa,EAAE,IAAA,SAAE,GAAE;SACpB,CAAC,CAAA;QACF,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,wBAAwB,CAAE,UAA6B,EAAE,KAAa;QAClF,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,WAAW,CAAC,CAAA;QACpC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,WAAqB,CAAC,CAAA;QACvF,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,EAAE;gBAC3D,eAAe;aAChB;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClE,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAA;QACpD,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,wBAAwB,CAAE,UAA6B,EAAE,KAAa;QAClF,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,WAAW,CAAC,CAAA;QACpC,MAAM,eAAe,GAAG,YAAE,CAAC,YAAY,CAAC,UAAU,CAAC,gBAA0B,EAAE,MAAM,CAAC,CAAA;QACtF,MAAM,GAAG,GAAG,IAAI,yCAA6B,CAAC;YAC5C,IAAI,EAAE;gBACJ,QAAQ,EAAE,UAAU,CAAC,QAAkB;gBACvC,SAAS,EAAE,qCAAqC,UAAU,CAAC,QAAQ,EAAE;gBACrE,eAAe;aAChB;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC,CAAA;QACF,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAClE,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAA;QACnD,OAAO,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,WAAqB,CAAA;IACrC,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,kBAAkB,CAAE,WAAmB;QACnD,MAAM,8BAA8B,GAAG,IAAI,sCAA0B,CAAC;YACpE,uBAAuB,EAAE;gBACvB,oBAAoB,EAAE,WAAW;aAClC;YACD,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CACA,CAAA;QACD,MAAM,QAAQ,GAAG,MAAM,8BAA8B,CAAC,YAAY,CAAC;YACjE,QAAQ,EAAE,QAAQ;YAClB,YAAY,EAAE,IAAI;SACnB,CAAC,CAAA;QACF,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;QACjC,OAAO,QAAQ,CAAC,WAAW,CAAA;IAC7B,CAAC;CACF;AA7YD,8CA6YC"}