@microsoft/agents-hosting 1.1.0-alpha.5 → 1.1.0-alpha.58

package/dist/src/auth/authConstants.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+export declare const ApxLocalScope = "c16e153d-5d2b-4c21-b7f4-b05ee5d516f1/.default";
+export declare const ApxDevScope = "0d94caae-b412-4943-8a68-83135ad6d35f/.default";
+export declare const ApxProductionScope = "5a807f24-c9de-44ee-a3a7-329e88a00ffc/.default";
+export declare const ApxGCCScope = "c9475445-9789-4fef-9ec5-cde4a9bcd446/.default";
+export declare const ApxGCCHScope = "6f669b9e-7701-4e2b-b624-82c9207fde26/.default";
+export declare const ApxDoDScope = "0a069c81-8c7c-4712-886b-9c542d673ffb/.default";
+export declare const ApxGallatinScope = "bd004c8e-5acf-4c48-8570-4e7d46b2f63b/.default";

package/dist/src/auth/authConstants.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApxGallatinScope = exports.ApxDoDScope = exports.ApxGCCHScope = exports.ApxGCCScope = exports.ApxProductionScope = exports.ApxDevScope = exports.ApxLocalScope = void 0;
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+exports.ApxLocalScope = 'c16e153d-5d2b-4c21-b7f4-b05ee5d516f1/.default';
+exports.ApxDevScope = '0d94caae-b412-4943-8a68-83135ad6d35f/.default';
+exports.ApxProductionScope = '5a807f24-c9de-44ee-a3a7-329e88a00ffc/.default';
+exports.ApxGCCScope = 'c9475445-9789-4fef-9ec5-cde4a9bcd446/.default';
+exports.ApxGCCHScope = '6f669b9e-7701-4e2b-b624-82c9207fde26/.default';
+exports.ApxDoDScope = '0a069c81-8c7c-4712-886b-9c542d673ffb/.default';
+exports.ApxGallatinScope = 'bd004c8e-5acf-4c48-8570-4e7d46b2f63b/.default';
+//# sourceMappingURL=authConstants.js.map

package/dist/src/auth/authConstants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authConstants.js","sourceRoot":"","sources":["../../../src/auth/authConstants.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACU,QAAA,aAAa,GAAG,+CAA+C,CAAA;AAC/D,QAAA,WAAW,GAAG,+CAA+C,CAAA;AAC7D,QAAA,kBAAkB,GAAG,+CAA+C,CAAA;AACpE,QAAA,WAAW,GAAG,+CAA+C,CAAA;AAC7D,QAAA,YAAY,GAAG,+CAA+C,CAAA;AAC9D,QAAA,WAAW,GAAG,+CAA+C,CAAA;AAC7D,QAAA,gBAAgB,GAAG,+CAA+C,CAAA"}

package/dist/src/auth/authProvider.d.ts

@@ -14,4 +14,27 @@ export interface AuthProvider {
      * @returns A promise that resolves to the access token.
      */
     getAccessToken: (authConfig: AuthConfiguration, scope: string) => Promise<string>;
+    /**
+     * Get an access token for the agentic application
+     * @param agentAppInstanceId
+     * @returns a promise that resolves to the access token.
+     */
+    getAgenticApplicationToken: (agentAppInstanceId: string) => Promise<string>;
+    /**
+     * Get an access token for the agentic instance
+     * @param agentAppInstanceId
+     * @returns a promise that resolves to the access token.
+     */
+    getAgenticInstanceToken: (agentAppInstanceId: string) => Promise<string>;
+    /**
+     * Get an access token for the agentic user
+     * @param agentAppInstanceId
+     * @param upn
+     * @param scopes
+     * @returns a promise that resolves to the access token.
+     */
+    getAgenticUserToken: (agentAppInstanceId: string, upn: string, scopes: string[]) => Promise<string>;
+    acquireTokenOnBehalfOf(scopes: string[], oboAssertion: string): Promise<string>;
+    acquireTokenOnBehalfOf(authConfig: AuthConfiguration, scopes: string[], oboAssertion: string): Promise<string>;
+    acquireTokenOnBehalfOf(authConfigOrScopes: AuthConfiguration | string[], scopesOrOboAssertion?: string[] | string, oboAssertion?: string): Promise<string>;
 }

package/dist/src/auth/connections.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Activity } from '@microsoft/agents-activity';
+import { AuthConfiguration } from './authConfiguration';
+import { AuthProvider } from './authProvider';
+export interface Connections {
+    /**
+   * Get the OAuth connection for the agent.
+   * @param name - The connection name. Must match a configured OAuth connection.
+   * @returns An AuthProvider instance.
+   * @throws {Error} If the connection name is not found.
+   */
+    getConnection: (name: string) => AuthProvider;
+    /**
+     * Get the default OAuth connection for the agent.
+     * @returns An AuthProvider instance.
+     */
+    getDefaultConnection: () => AuthProvider;
+    /**
+     * Get the OAuth token provider for the agent.
+     * @param audience - The audience.
+     * @param serviceUrl - The service url.
+     * @returns An AuthProvider instance.
+     */
+    getTokenProvider: (audience: string, serviceUrl: string) => AuthProvider;
+    /**
+     * Get the OAuth token provider for the agent.
+     * @param audience - The audience.
+     * @param activity - The activity.
+     * @returns An AuthProvider instance.
+     */
+    getTokenProviderFromActivity: (audience: string, activity: Activity) => AuthProvider;
+    /**
+     * Get the default connection configuration for the agent.
+     * @returns An Auth Configuration.
+     */
+    getDefaultConnectionConfiguration: () => AuthConfiguration;
+}

package/dist/src/auth/connections.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=connections.js.map

package/dist/src/auth/connections.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connections.js","sourceRoot":"","sources":["../../../src/auth/connections.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/dist/src/auth/index.d.ts

@@ -1,5 +1,7 @@
 export * from './authConfiguration';
+export * from './authConstants';
 export * from './authProvider';
 export * from './msalTokenProvider';
 export * from './request';
 export * from './msalTokenCredential';
+export * from './msalConnectionManager';

package/dist/src/auth/index.js

@@ -15,8 +15,10 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./authConfiguration"), exports);
+__exportStar(require("./authConstants"), exports);
 __exportStar(require("./authProvider"), exports);
 __exportStar(require("./msalTokenProvider"), exports);
 __exportStar(require("./request"), exports);
 __exportStar(require("./msalTokenCredential"), exports);
+__exportStar(require("./msalConnectionManager"), exports);
 //# sourceMappingURL=index.js.map

package/dist/src/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,iDAA8B;AAC9B,sDAAmC;AACnC,4CAAyB;AACzB,wDAAqC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sDAAmC;AACnC,kDAA+B;AAC/B,iDAA8B;AAC9B,sDAAmC;AACnC,4CAAyB;AACzB,wDAAqC;AACrC,0DAAuC"}

package/dist/src/auth/jwt-middleware.js

@@ -19,16 +19,30 @@ const logger = (0, logger_1.debug)('agents:jwt-middleware');
  * @returns A promise that resolves to the JWT payload.
  */
 const verifyToken = async (raw, config) => {
+    const payload = jsonwebtoken_1.default.decode(raw);
+    logger.debug('jwt.decode ', JSON.stringify(payload));
+    if (!payload) {
+        throw new Error('invalid token');
+    }
+    const audience = payload.aud;
+    const matchingEntry = config.connections && config.connections.size > 0
+        ? [...config.connections.entries()].find(([_, configuration]) => configuration.clientId === audience)
+        : undefined;
+    if (!matchingEntry) {
+        const err = new Error('Audience mismatch');
+        logger.error(err.message, audience);
+        throw err;
+    }
+    const [key, authConfig] = matchingEntry;
+    logger.debug(`Audience found at key: ${key}`);
+    const jwksUri = payload.iss === 'https://api.botframework.com'
+        ? 'https://login.botframework.com/v1/.well-known/keys'
+        : `${authConfig.authority}/${authConfig.tenantId}/discovery/v2.0/keys`;
+    logger.debug(`fetching keys from ${jwksUri}`);
+    const jwksClient = (0, jwks_rsa_1.default)({ jwksUri });
     const getKey = (header, callback) => {
-        const payload = jsonwebtoken_1.default.decode(raw);
-        logger.debug('jwt.decode ', JSON.stringify(payload));
-        const jwksUri = payload.iss === 'https://api.botframework.com'
-            ? 'https://login.botframework.com/v1/.well-known/keys'
-            : `${config.authority}/${config.tenantId}/discovery/v2.0/keys`;
-        logger.debug(`fetching keys from ${jwksUri}`);
-        const jwksClient = (0, jwks_rsa_1.default)({ jwksUri });
         jwksClient.getSigningKey(header.kid, (err, key) => {
-            if (err != null) {
+            if (err) {
                 logger.error('jwksClient.getSigningKey ', JSON.stringify(err));
                 logger.error(JSON.stringify(err));
                 callback(err, undefined);
@@ -38,22 +52,21 @@ const verifyToken = async (raw, config) => {
             callback(null, signingKey);
         });
     };
+    const verifyOptions = {
+        issuer: authConfig.issuers,
+        audience: [authConfig.clientId, 'https://api.botframework.com'],
+        ignoreExpiration: false,
+        algorithms: ['RS256'],
+        clockTolerance: 300
+    };
     return await new Promise((resolve, reject) => {
-        const verifyOptions = {
-            issuer: config.issuers,
-            audience: [config.clientId, 'https://api.botframework.com'],
-            ignoreExpiration: false,
-            algorithms: ['RS256'],
-            clockTolerance: 300
-        };
         jsonwebtoken_1.default.verify(raw, getKey, verifyOptions, (err, user) => {
-            if (err != null) {
+            if (err) {
                 logger.error('jwt.verify ', JSON.stringify(err));
                 reject(err);
                 return;
             }
-            const tokenClaims = user;
-            resolve(tokenClaims);
+            resolve(user);
         });
     });
 };

package/dist/src/auth/jwt-middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-middleware.js","sourceRoot":"","sources":["../../../src/auth/jwt-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAKH,wDAA0D;AAC1D,gEAA6F;AAC7F,8DAAyD;AAEzD,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,uBAAuB,CAAC,CAAA;AAE7C;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,GAAW,EAAE,MAAyB,EAAuB,EAAE;IACxF,MAAM,MAAM,GAAyB,CAAC,MAAiB,EAAE,QAAsB,EAAE,EAAE;QACjF,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,GAAG,CAAe,CAAA;QAC7C,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;QACpD,MAAM,OAAO,GAAW,OAAO,CAAC,GAAG,KAAK,8BAA8B;YACpE,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,GAAG,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,sBAAsB,CAAA;QAEhE,MAAM,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;QAC7C,MAAM,UAAU,GAAe,IAAA,kBAAO,EAAC,EAAE,OAAO,EAAE,CAAC,CAAA;QAEnD,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAA2B,EAAQ,EAAE;YAC5F,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAC9D,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBACjC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBACxB,OAAM;YACR,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAA;YACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAC5B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,MAAM,aAAa,GAAsB;YACvC,MAAM,EAAE,MAAM,CAAC,OAAgC;YAC/C,QAAQ,EAAE,CAAC,MAAM,CAAC,QAAS,EAAE,8BAA8B,CAAC;YAC5D,gBAAgB,EAAE,KAAK;YACvB,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,cAAc,EAAE,GAAG;SACpB,CAAA;QAED,sBAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACnD,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBAChB,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAChD,MAAM,CAAC,GAAG,CAAC,CAAA;gBACX,OAAM;YACR,CAAC;YACD,MAAM,WAAW,GAAG,IAAkB,CAAA;YAEtC,OAAO,CAAC,WAAW,CAAC,CAAA;QACtB,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;;GAIG;AACI,MAAM,YAAY,GAAG,CAAC,UAA6B,EAAE,EAAE;IAC5D,OAAO,KAAK,WAAW,GAAY,EAAE,GAAa,EAAE,IAAkB;QACpE,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClD,MAAM,GAAG,IAAI,CAAA;YACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAA;QAClE,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAuB,CAAA;YACtD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,2CAA2C;gBAC1F,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;oBACjD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAA;oBACzC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;gBACjB,CAAC;gBAAC,OAAO,GAAgB,EAAE,CAAC;oBAC1B,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;gBACzD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;oBACnC,GAAG,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;oBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,gCAAgC,EAAE,CAAC,CAAA;gBAC9E,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,EAAE,CAAA;QACR,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AApCY,QAAA,YAAY,gBAoCxB"}
+{"version":3,"file":"jwt-middleware.js","sourceRoot":"","sources":["../../../src/auth/jwt-middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;AAKH,wDAA0D;AAC1D,gEAA6F;AAC7F,8DAAyD;AAEzD,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,uBAAuB,CAAC,CAAA;AAE7C;;;;;GAKG;AACH,MAAM,WAAW,GAAG,KAAK,EAAE,GAAW,EAAE,MAAyB,EAAuB,EAAE;IACxF,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,GAAG,CAAe,CAAA;IAC7C,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAA;IAEpD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAA;IAClC,CAAC;IACD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAA;IAE5B,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC;QACrE,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,KAAK,QAAQ,CAAC;QACrG,CAAC,CAAC,SAAS,CAAA;IAEb,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAA;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAA;QACnC,MAAM,GAAG,CAAA;IACX,CAAC;IAED,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,GAAG,aAAa,CAAA;IACvC,MAAM,CAAC,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAA;IAE7C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,KAAK,8BAA8B;QAC5D,CAAC,CAAC,oDAAoD;QACtD,CAAC,CAAC,GAAG,UAAU,CAAC,SAAS,IAAI,UAAU,CAAC,QAAQ,sBAAsB,CAAA;IAExE,MAAM,CAAC,KAAK,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAA;IAC7C,MAAM,UAAU,GAAe,IAAA,kBAAO,EAAC,EAAE,OAAO,EAAE,CAAC,CAAA;IAEnD,MAAM,MAAM,GAAyB,CAAC,MAAiB,EAAE,QAAsB,EAAE,EAAE;QACjF,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAA2B,EAAQ,EAAE;YAC5F,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAC9D,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBACjC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;gBACxB,OAAM;YACR,CAAC;YACD,MAAM,UAAU,GAAG,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,YAAY,EAAE,CAAA;YACtC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAC5B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,MAAM,aAAa,GAAsB;QACvC,MAAM,EAAE,UAAU,CAAC,OAAgC;QACnD,QAAQ,EAAE,CAAC,UAAU,CAAC,QAAS,EAAE,8BAA8B,CAAC;QAChE,gBAAgB,EAAE,KAAK;QACvB,UAAU,EAAE,CAAC,OAAO,CAAC;QACrB,cAAc,EAAE,GAAG;KACpB,CAAA;IAED,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,sBAAG,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YACnD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;gBAChD,MAAM,CAAC,GAAG,CAAC,CAAA;gBACX,OAAM;YACR,CAAC;YACD,OAAO,CAAC,IAAkB,CAAC,CAAA;QAC7B,CAAC,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED;;;;GAIG;AACI,MAAM,YAAY,GAAG,CAAC,UAA6B,EAAE,EAAE;IAC5D,OAAO,KAAK,WAAW,GAAY,EAAE,GAAa,EAAE,IAAkB;QACpE,IAAI,MAAM,GAAG,KAAK,CAAA;QAClB,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAC/B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClD,MAAM,GAAG,IAAI,CAAA;YACb,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;YAC7C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC,CAAA;QAClE,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAuB,CAAA;YACtD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,KAAK,GAAW,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,2CAA2C;gBAC1F,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;oBACjD,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAA;oBACzC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;gBACjB,CAAC;gBAAC,OAAO,GAAgB,EAAE,CAAC;oBAC1B,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;oBACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;gBACzD,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,UAAU,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;oBAClE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAA;oBACnC,GAAG,CAAC,IAAI,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;gBAClC,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,IAAI,CAAA;oBACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAA;oBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,gBAAgB,EAAE,gCAAgC,EAAE,CAAC,CAAA;gBAC9E,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,IAAI,EAAE,CAAA;QACR,CAAC;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AApCY,QAAA,YAAY,gBAoCxB"}

package/dist/src/auth/msalConnectionManager.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Activity } from '@microsoft/agents-activity';
+import { AuthConfiguration } from './authConfiguration';
+import { AuthProvider } from './authProvider';
+import { Connections } from './connections';
+import { MsalTokenProvider } from './msalTokenProvider';
+export interface ConnectionMapItem {
+    audience?: string;
+    serviceUrl: string;
+    connection: string;
+}
+export declare class MsalConnectionManager implements Connections {
+    private _connections;
+    private _connectionsMap;
+    private _serviceConnectionConfiguration;
+    private static readonly DEFAULT_CONNECTION;
+    constructor(connectionsConfigurations?: Map<string, AuthConfiguration>, connectionsMap?: ConnectionMapItem[], configuration?: AuthConfiguration);
+    /**
+     * Get the OAuth connection for the agent.
+     * @param connectionName The name of the connection.
+     * @returns The OAuth connection for the agent.
+     */
+    getConnection(connectionName: string): MsalTokenProvider;
+    /**
+     * Get the default OAuth connection for the agent.
+     * @returns The default OAuth connection for the agent.
+     */
+    getDefaultConnection(): MsalTokenProvider;
+    /**
+     * Finds a connection based on a map.
+     *
+     * @param audience The audience.
+     * @param serviceUrl The service URL.
+     * @returns The TokenProvider for the connection.
+     *
+     * @remarks
+     * Example environment variables:
+     * connectionsMap__0__connection=seviceConnection
+     * connectionsMap__0__serviceUrl=http://*..botframework.com/*
+     * connectionsMap__0__audience=optional
+     * connectionsMap__1__connection=agentic
+     * connectionsMap__1__serviceUrl=agentic
+     *
+     * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
+     * Connection is: A name in the 'Connections' list.
+     */
+    getTokenProvider(audience: string, serviceUrl: string): MsalTokenProvider;
+    /**
+     * Finds a connection based on an activity's blueprint.
+     * @param audience The audience.
+     * @param activity The activity.
+     * @returns The TokenProvider for the connection.
+     */
+    getTokenProviderFromActivity(audience: string, activity: Activity): AuthProvider;
+    /**
+     * Get the default connection configuration for the agent.
+     * @returns The default connection configuration for the agent.
+     */
+    getDefaultConnectionConfiguration(): AuthConfiguration;
+}

package/dist/src/auth/msalConnectionManager.js

@@ -0,0 +1,124 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MsalConnectionManager = void 0;
+const agents_activity_1 = require("@microsoft/agents-activity");
+const msalTokenProvider_1 = require("./msalTokenProvider");
+class MsalConnectionManager {
+    constructor(connectionsConfigurations = new Map(), connectionsMap = [], configuration = {}) {
+        this._connections = new Map();
+        this._connectionsMap = connectionsMap.length > 0 ? connectionsMap : (configuration.connectionsMap || []);
+        this._serviceConnectionConfiguration = {};
+        const providedConnections = connectionsConfigurations.size > 0 ? connectionsConfigurations : (configuration.connections || new Map());
+        for (const [name, config] of providedConnections) {
+            // Instantiate MsalTokenProvider for each connection
+            this._connections.set(name, new msalTokenProvider_1.MsalTokenProvider(config));
+            if (name === MsalConnectionManager.DEFAULT_CONNECTION) {
+                this._serviceConnectionConfiguration = config;
+            }
+        }
+    }
+    /**
+     * Get the OAuth connection for the agent.
+     * @param connectionName The name of the connection.
+     * @returns The OAuth connection for the agent.
+     */
+    getConnection(connectionName) {
+        const conn = this._connections.get(connectionName);
+        if (!conn) {
+            throw new Error(`Connection not found: ${connectionName}`);
+        }
+        return conn;
+    }
+    /**
+     * Get the default OAuth connection for the agent.
+     * @returns The default OAuth connection for the agent.
+     */
+    getDefaultConnection() {
+        if (this._connections.size === 0) {
+            throw new Error('No connections found for this Agent in the Connections Configuration.');
+        }
+        // Return the wildcard map item instance.
+        for (const item of this._connectionsMap) {
+            if (item.serviceUrl === '*' && !item.audience) {
+                return this.getConnection(item.connection);
+            }
+        }
+        return this._connections.values().next().value;
+    }
+    /**
+     * Finds a connection based on a map.
+     *
+     * @param audience The audience.
+     * @param serviceUrl The service URL.
+     * @returns The TokenProvider for the connection.
+     *
+     * @remarks
+     * Example environment variables:
+     * connectionsMap__0__connection=seviceConnection
+     * connectionsMap__0__serviceUrl=http://*..botframework.com/*
+     * connectionsMap__0__audience=optional
+     * connectionsMap__1__connection=agentic
+     * connectionsMap__1__serviceUrl=agentic
+     *
+     * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
+     * Connection is: A name in the 'Connections' list.
+     */
+    getTokenProvider(audience, serviceUrl) {
+        if (!audience || !serviceUrl)
+            throw new Error('Audience and Service URL are required to get the token provider.');
+        if (this._connectionsMap.length === 0) {
+            return this.getDefaultConnection();
+        }
+        for (const item of this._connectionsMap) {
+            let audienceMatch = true;
+            // if we have an audience to match against, match it.
+            if (item.audience && audience) {
+                audienceMatch = item.audience === audience;
+            }
+            if (audienceMatch) {
+                if (item.serviceUrl === '*' || !item.serviceUrl) {
+                    return this.getConnection(item.connection);
+                }
+                const regex = new RegExp(item.serviceUrl, 'i');
+                if (regex.test(serviceUrl)) {
+                    return this.getConnection(item.connection);
+                }
+            }
+        }
+        throw new Error(`No connection found for audience: ${audience} and serviceUrl: ${serviceUrl}`);
+    }
+    /**
+     * Finds a connection based on an activity's blueprint.
+     * @param audience The audience.
+     * @param activity The activity.
+     * @returns The TokenProvider for the connection.
+     */
+    getTokenProviderFromActivity(audience, activity) {
+        var _a, _b, _c, _d;
+        let connection = this.getTokenProvider(audience, activity.serviceUrl || '');
+        // This is for the case where the Agentic BlueprintId is not the same as the AppId
+        if (connection &&
+            (((_a = activity.recipient) === null || _a === void 0 ? void 0 : _a.role) === agents_activity_1.RoleTypes.AgenticIdentity ||
+                ((_b = activity.recipient) === null || _b === void 0 ? void 0 : _b.role) === agents_activity_1.RoleTypes.AgenticUser)) {
+            if (((_c = connection.connectionSettings) === null || _c === void 0 ? void 0 : _c.altBlueprintConnectionName) &&
+                connection.connectionSettings.altBlueprintConnectionName.trim() !== '') {
+                connection = this.getConnection((_d = connection.connectionSettings) === null || _d === void 0 ? void 0 : _d.altBlueprintConnectionName);
+            }
+        }
+        return connection;
+    }
+    /**
+     * Get the default connection configuration for the agent.
+     * @returns The default connection configuration for the agent.
+     */
+    getDefaultConnectionConfiguration() {
+        return this._serviceConnectionConfiguration;
+    }
+}
+exports.MsalConnectionManager = MsalConnectionManager;
+MsalConnectionManager.DEFAULT_CONNECTION = 'serviceConnection';
+//# sourceMappingURL=msalConnectionManager.js.map

package/dist/src/auth/msalConnectionManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"msalConnectionManager.js","sourceRoot":"","sources":["../../../src/auth/msalConnectionManager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,gEAAgE;AAIhE,2DAAuD;AAQvD,MAAa,qBAAqB;IAMhC,YACE,4BAA4D,IAAI,GAAG,EAAE,EACrE,iBAAsC,EAAE,EACxC,gBAAmC,EAAE;QACrC,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,EAAE,CAAA;QAC7B,IAAI,CAAC,eAAe,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,cAAc,IAAI,EAAE,CAAC,CAAA;QACxG,IAAI,CAAC,+BAA+B,GAAG,EAAE,CAAA;QAEzC,MAAM,mBAAmB,GAAG,yBAAyB,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,WAAW,IAAI,IAAI,GAAG,EAAE,CAAC,CAAA;QAErI,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,mBAAmB,EAAE,CAAC;YACjD,oDAAoD;YACpD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,qCAAiB,CAAC,MAAM,CAAC,CAAC,CAAA;YAC1D,IAAI,IAAI,KAAK,qBAAqB,CAAC,kBAAkB,EAAE,CAAC;gBACtD,IAAI,CAAC,+BAA+B,GAAG,MAAM,CAAA;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAE,cAAsB;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;QAClD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,cAAc,EAAE,CAAC,CAAA;QAC5D,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;OAGG;IACH,oBAAoB;QAClB,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAA;QAC1F,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YAC5C,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAA0B,CAAA;IACrE,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,gBAAgB,CAAE,QAAgB,EAAE,UAAkB;QACpD,IAAI,CAAC,QAAQ,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;QAEjH,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAA;QACpC,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,IAAI,aAAa,GAAG,IAAI,CAAA;YAExB,qDAAqD;YACrD,IAAI,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC;gBAC9B,aAAa,GAAG,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAA;YAC5C,CAAC;YAED,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,IAAI,CAAC,UAAU,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC5C,CAAC;gBAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAA;gBAC9C,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC3B,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,oBAAoB,UAAU,EAAE,CAAC,CAAA;IAChG,CAAC;IAED;;;;;OAKG;IACH,4BAA4B,CAAE,QAAgB,EAAE,QAAkB;;QAChE,IAAI,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAA;QAE3E,kFAAkF;QAClF,IAAI,UAAU;YACZ,CAAC,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,MAAK,2BAAS,CAAC,eAAe;gBACrD,CAAA,MAAA,QAAQ,CAAC,SAAS,0CAAE,IAAI,MAAK,2BAAS,CAAC,WAAW,CAAC,EAAE,CAAC;YACxD,IAAI,CAAA,MAAA,UAAU,CAAC,kBAAkB,0CAAE,0BAA0B;gBACzD,UAAU,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC3E,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC,MAAA,UAAU,CAAC,kBAAkB,0CAAE,0BAAoC,CAAC,CAAA;YACtG,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAA;IACnB,CAAC;IAED;;;OAGG;IACH,iCAAiC;QAC/B,OAAO,IAAI,CAAC,+BAA+B,CAAA;IAC7C,CAAC;;AAnIH,sDAoIC;AAhIyB,wCAAkB,GAAG,mBAAmB,CAAA"}

package/dist/src/auth/msalTokenProvider.d.ts

@@ -8,6 +8,15 @@ import { AuthProvider } from './authProvider';
  * Provides tokens using MSAL.
  */
 export declare class MsalTokenProvider implements AuthProvider {
+    private readonly _agenticTokenCache;
+    readonly connectionSettings?: AuthConfiguration;
+    constructor(connectionSettings?: AuthConfiguration);
+    /**
+     * Gets an access token using the auth configuration from the MsalTokenProvider instance and the provided scope.
+     * @param scope The scope for the token.
+     * @returns A promise that resolves to the access token.
+     */
+    getAccessToken(scope: string): Promise<string>;
     /**
      * Gets an access token.
      * @param authConfig The authentication configuration.
@@ -15,7 +24,22 @@ export declare class MsalTokenProvider implements AuthProvider {
      * @returns A promise that resolves to the access token.
      */
     getAccessToken(authConfig: AuthConfiguration, scope: string): Promise<string>;
+    acquireTokenOnBehalfOf(scopes: string[], oboAssertion: string): Promise<string>;
     acquireTokenOnBehalfOf(authConfig: AuthConfiguration, scopes: string[], oboAssertion: string): Promise<string>;
+    getAgenticInstanceToken(agentAppInstanceId: string): Promise<string>;
+    /**
+     * Does a direct HTTP call to acquire a token for agentic scenarios - do not use this directly!
+     * This method will be removed once MSAL is updated with the necessary features.
+     * (This is required in order to pass additional parameters into the auth call)
+     * @param clientId
+     * @param clientAssertion
+     * @param scopes
+     * @param tokenBodyParameters
+     * @returns
+     */
+    private acquireTokenByForAgenticScenarios;
+    getAgenticUserToken(agentAppInstanceId: string, agenticUserId: string, scopes: string[]): Promise<string>;
+    getAgenticApplicationToken(agentAppInstanceId: string): Promise<string>;
     private readonly sysOptions;
     /**
      * Acquires a token using a user-assigned identity.
@@ -45,6 +69,13 @@ export declare class MsalTokenProvider implements AuthProvider {
      * @returns A promise that resolves to the access token.
      */
     private acquireAccessTokenViaFIC;
+    /**
+     * Acquires a token using a Workload Identity client assertion.
+     * @param authConfig The authentication configuration.
+     * @param scope The scope for the token.
+     * @returns A promise that resolves to the access token.
+     */
+    private acquireAccessTokenViaWID;
     /**
      * Fetches an external token.
      * @param FICClientId The FIC client ID.