@microsoft/agents-hosting 1.1.0-alpha.5 → 1.1.0-alpha.75

package/dist/src/app/auth/authorizationManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorizationManager.js","sourceRoot":"","sources":["../../../../src/app/auth/authorizationManager.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,gEAA4D;AAE5D,yCAAwE;AAExE,qDAAiD;AACjD,mCAA0J;AAG1J,MAAM,MAAM,GAAG,IAAA,uBAAK,EAAC,8BAA8B,CAAC,CAAA;AAyBpD;;;;;;;GAOG;AACH,MAAa,oBAAoB;IAG/B;;;OAGG;IACH,YAAqB,GAA0B,EAAE,WAAwB;QAApD,QAAG,GAAH,GAAG,CAAuB;QANvC,cAAS,GAAyC,EAAE,CAAA;QAO1D,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,sHAAsH,CAAC,CAAA;QACzI,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnG,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAA;QACvF,CAAC;QAED,MAAM,QAAQ,GAAiC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,CAAA;QAC5F,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACtE,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;YAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,IAAI,+BAAoB,CAAC,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;YACtE,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,GAAG,IAAI,gCAAqB,CAAC,EAAE,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;YACvE,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CAAE,EAAU,EAAE,OAAqC;;QACpE,MAAM,MAAM,GAAiC;YAC3C,GAAG,OAAO;YACV,IAAI,EAAE,MAAA,CAAC,MAAA,OAAO,CAAC,IAAI,mCAAI,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,0CAAE,WAAW,EAAyB;SACxF,CAAA;QAED,yEAAyE;QACzE,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC7C,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,4CAA4C,MAAM,CAAC,IAAI,wBAAwB,EAAE,4BAA4B,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QACjL,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;OAGG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,SAAS,CAAA;IACvB,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAE,OAAoB,EAAE,aAA4B;;QACtE,MAAM,OAAO,GAAG,IAAI,+BAAc,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAQ,EAAE,OAAO,CAAC,CAAA;QAEtE,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;QAEtD,MAAM,QAAQ,GAAG,MAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,mCAAI,IAAI,CAAC,WAAW,CAAC,MAAA,MAAM,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,mCAAI,EAAE,CAAC,mCAAI,EAAE,CAAA;QAExG,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,IAAI,CAAC,CAAA;YACzE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,mBAAmB,MAAM,EAAE,CAAC,CAAC,CAAA;YAElE,IAAI,MAAM,KAAK,kCAA0B,CAAC,OAAO,EAAE,CAAC;gBAClD,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;gBACtB,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;YAC7B,CAAC;YAED,IAAI,MAAM,KAAK,kCAA0B,CAAC,OAAO,EAAE,CAAC;gBAClD,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAA;YAC9B,CAAC;YAED,IAAI,MAAM,KAAK,kCAA0B,CAAC,QAAQ,EAAE,CAAC;gBACnD,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;gBACtB,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAA;YAC9B,CAAC;YAED,IAAI,MAAM,KAAK,kCAA0B,CAAC,UAAU,EAAE,CAAC;gBACrD,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;gBACtB,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;YAC7C,CAAC;YAED,IAAI,MAAM,KAAK,kCAA0B,CAAC,QAAQ,EAAE,CAAC;gBACnD,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,mCAAmC,MAAM,EAAE,CAAC,CAAC,CAAA;YACvF,CAAC;YAED,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;YAEtB,IAAI,MAAM,EAAE,CAAC;gBACX,qFAAqF;gBACrF,mFAAmF;gBAClF,OAAe,CAAC,SAAS,GAAG,0BAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;gBACtE,MAAM,GAAG,SAAS,CAAA;YACpB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,CAAA;IAC7B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,MAAM,CAAE,OAAuB,EAAE,aAA4B;;QACzE,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QACjC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAM;QACR,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,0BAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAA;QAC1E,IAAI,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,EAAE,CAAC,CAAA;QAEjD,uFAAuF;QACvF,QAAQ,GAAG,MAAA,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,IAAI,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACrB,OAAO,CAAC,CAAC,CAAA;YACX,CAAC;YACD,IAAI,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;gBACrB,OAAO,CAAC,CAAA;YACV,CAAC;YACD,OAAO,CAAC,CAAA;QACV,CAAC,CAAC,mCAAI,EAAE,CAAA;QACR,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,MAAM,CAAE,OAAuB,EAAE,OAA6B,EAAE,OAAoB,EAAE,MAAmC;QACrI,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAA;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,CAAC,MAAM,EAAE,CAAA;YACtB,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,mBAAmB,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC1E,CAAC;IACH,CAAC;IAED;;OAEG;IACK,WAAW,CAAE,GAAa;QAChC,IAAI,eAAe,GAAG,EAAE,CAAA;QACxB,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;YAC5B,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,CAAC;gBACxB,eAAe,IAAI,IAAI,EAAE,EAAE,CAAA;YAC7B,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QAC3B,CAAC,CAAC,CAAA;QACF,IAAI,eAAe,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,yCAAyC,eAAe,EAAE,CAAC,CAAA;QAC7E,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC;IAED;;OAEG;IACK,MAAM,CAAE,EAAU,EAAE,OAAe;QACzC,OAAO,YAAY,EAAE,KAAK,OAAO,EAAE,CAAA;IACrC,CAAC;CACF;AAtKD,oDAsKC"}

package/dist/src/app/auth/handlerStorage.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { ActiveAuthorizationHandler } from './types';
+import { TurnContext } from '../../turnContext';
+import { Storage } from '../../storage';
+/**
+ * Storage manager for handler state.
+ */
+export declare class HandlerStorage<TActiveHandler extends ActiveAuthorizationHandler = ActiveAuthorizationHandler> {
+    private storage;
+    private context;
+    /**
+     * Creates an instance of the HandlerStorage.
+     * @param storage The storage provider.
+     * @param context The turn context.
+     */
+    constructor(storage: Storage, context: TurnContext);
+    /**
+     * Gets the unique key for a handler session.
+     */
+    get key(): string;
+    /**
+     * Reads the active handler state from storage.
+     */
+    read(): Promise<TActiveHandler | undefined>;
+    /**
+     * Writes handler state to storage.
+     */
+    write(data: TActiveHandler): Promise<void>;
+    /**
+     * Deletes handler state from storage.
+     */
+    delete(): Promise<void>;
+}

package/dist/src/app/auth/handlerStorage.js

@@ -0,0 +1,62 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HandlerStorage = void 0;
+/**
+ * Storage manager for handler state.
+ */
+class HandlerStorage {
+    /**
+     * Creates an instance of the HandlerStorage.
+     * @param storage The storage provider.
+     * @param context The turn context.
+     */
+    constructor(storage, context) {
+        this.storage = storage;
+        this.context = context;
+    }
+    /**
+     * Gets the unique key for a handler session.
+     */
+    get key() {
+        var _a, _b, _c;
+        const channelId = (_a = this.context.activity.channelId) === null || _a === void 0 ? void 0 : _a.trim();
+        const userId = (_c = (_b = this.context.activity.from) === null || _b === void 0 ? void 0 : _b.id) === null || _c === void 0 ? void 0 : _c.trim();
+        if (!channelId || !userId) {
+            throw new Error(`Both 'activity.channelId' and 'activity.from.id' are required to generate the ${HandlerStorage.name} key.`);
+        }
+        return `auth/${channelId}/${userId}`;
+    }
+    /**
+     * Reads the active handler state from storage.
+     */
+    async read() {
+        const ongoing = await this.storage.read([this.key]);
+        return ongoing === null || ongoing === void 0 ? void 0 : ongoing[this.key];
+    }
+    /**
+     * Writes handler state to storage.
+     */
+    write(data) {
+        return this.storage.write({ [this.key]: data });
+    }
+    /**
+     * Deletes handler state from storage.
+     */
+    async delete() {
+        try {
+            await this.storage.delete([this.key]);
+        }
+        catch (error) {
+            if (error instanceof Error && 'code' in error && error.code === 404) {
+                return;
+            }
+            throw error;
+        }
+    }
+}
+exports.HandlerStorage = HandlerStorage;
+//# sourceMappingURL=handlerStorage.js.map

package/dist/src/app/auth/handlerStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlerStorage.js","sourceRoot":"","sources":["../../../../src/app/auth/handlerStorage.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAMH;;GAEG;AACH,MAAa,cAAc;IACzB;;;;OAIG;IACH,YAAqB,OAAgB,EAAU,OAAoB;QAA9C,YAAO,GAAP,OAAO,CAAS;QAAU,YAAO,GAAP,OAAO,CAAa;IAAI,CAAC;IAExE;;OAEG;IACH,IAAW,GAAG;;QACZ,MAAM,SAAS,GAAG,MAAA,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,0CAAE,IAAI,EAAE,CAAA;QACzD,MAAM,MAAM,GAAG,MAAA,MAAA,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,0CAAE,EAAE,0CAAE,IAAI,EAAE,CAAA;QACrD,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,iFAAiF,cAAc,CAAC,IAAI,OAAO,CAAC,CAAA;QAC9H,CAAC;QACD,OAAO,QAAQ,SAAS,IAAI,MAAM,EAAE,CAAA;IACtC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,IAAI;QACf,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACnD,OAAO,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAG,IAAI,CAAC,GAAG,CAAC,CAAA;IAC5B,CAAC;IAED;;OAEG;IACI,KAAK,CAAE,IAAoB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAA;IACjD,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM;QACjB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACvC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,IAAI,MAAM,IAAI,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBACpE,OAAM;YACR,CAAC;YACD,MAAM,KAAK,CAAA;QACb,CAAC;IACH,CAAC;CACF;AAhDD,wCAgDC"}

package/dist/src/app/auth/handlers/agenticAuthorization.d.ts

@@ -0,0 +1,93 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { TurnContext } from '../../../turnContext';
+import { AuthorizationHandler, AuthorizationHandlerSettings, AuthorizationHandlerStatus, AuthorizationHandlerTokenOptions } from '../types';
+import { TokenResponse } from '../../../oauth';
+/**
+ * Options for configuring the Agentic authorization handler.
+ */
+export interface AgenticAuthorizationOptions {
+    /**
+     * The type of authorization handler.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_type` variable.
+     */
+    type: 'agentic';
+    /**
+     * The scopes required for the authorization.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_scopes` variable (comma-separated values, e.g. `scope1,scope2`).
+     */
+    scopes?: string[];
+    /**
+     * (Optional) An alternative connection name to use for the authorization process.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_altBlueprintConnectionName` variable.
+     */
+    altBlueprintConnectionName?: string;
+}
+/**
+ * Settings for configuring the Agentic authorization handler.
+ */
+export interface AgenticAuthorizationSettings extends AuthorizationHandlerSettings {
+}
+/**
+ * Authorization handler for Agentic authentication.
+ */
+export declare class AgenticAuthorization implements AuthorizationHandler {
+    readonly id: string;
+    private settings;
+    private _options;
+    private _onSuccess?;
+    private _onFailure?;
+    /**
+     * Creates an instance of the AgenticAuthorization class.
+     * @param id The unique identifier for the authorization handler.
+     * @param options The options for configuring the authorization handler.
+     * @param settings The settings for the authorization handler.
+     */
+    constructor(id: string, options: AgenticAuthorizationOptions, settings: AgenticAuthorizationSettings);
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    private loadOptions;
+    /**
+     * @inheritdoc
+     */
+    signin(): Promise<AuthorizationHandlerStatus>;
+    /**
+     * @inheritdoc
+     */
+    signout(): Promise<boolean>;
+    /**
+     * @inheritdoc
+     */
+    token(context: TurnContext, options?: AuthorizationHandlerTokenOptions): Promise<TokenResponse>;
+    /**
+     * @inheritdoc
+     */
+    onSuccess(callback: (context: TurnContext) => void): void;
+    /**
+     * @inheritdoc
+     */
+    onFailure(callback: (context: TurnContext, reason?: string) => void): void;
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    private prefix;
+    private _key;
+    /**
+     * Sets the authorization context in the turn state.
+     */
+    private setContext;
+    /**
+     * Gets the authorization context from the turn state.
+     */
+    private getContext;
+    /**
+     * Loads the OAuth scopes from the environment variables.
+     */
+    private loadScopes;
+}

package/dist/src/app/auth/handlers/agenticAuthorization.js

@@ -0,0 +1,134 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgenticAuthorization = void 0;
+const agents_activity_1 = require("@microsoft/agents-activity");
+const types_1 = require("../types");
+const logger = (0, agents_activity_1.debug)('agents:authorization:agentic');
+/**
+ * Authorization handler for Agentic authentication.
+ */
+class AgenticAuthorization {
+    /**
+     * Creates an instance of the AgenticAuthorization class.
+     * @param id The unique identifier for the authorization handler.
+     * @param options The options for configuring the authorization handler.
+     * @param settings The settings for the authorization handler.
+     */
+    constructor(id, options, settings) {
+        this.id = id;
+        this.settings = settings;
+        this._key = `${AgenticAuthorization.name}/${this.id}`;
+        if (!this.settings.connections) {
+            throw new Error(this.prefix('The \'connections\' option is not available in the app options. Ensure that the app is properly configured.'));
+        }
+        this._options = this.loadOptions(options);
+    }
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    loadOptions(settings) {
+        var _a, _b;
+        const result = {
+            type: 'agentic',
+            altBlueprintConnectionName: (_a = settings.altBlueprintConnectionName) !== null && _a !== void 0 ? _a : (process.env[`${this.id}_altBlueprintConnectionName`]),
+            scopes: (_b = settings.scopes) !== null && _b !== void 0 ? _b : this.loadScopes(process.env[`${this.id}_scopes`]),
+        };
+        if (!result.scopes || result.scopes.length === 0) {
+            throw new Error(this.prefix('At least one scope must be specified for the Agentic authorization handler.'));
+        }
+        return result;
+    }
+    /**
+     * @inheritdoc
+     */
+    signin() {
+        return Promise.resolve(types_1.AuthorizationHandlerStatus.IGNORED);
+    }
+    /**
+     * @inheritdoc
+     */
+    signout() {
+        return Promise.resolve(false);
+    }
+    /**
+     * @inheritdoc
+     */
+    async token(context, options) {
+        var _a, _b, _c, _d, _e, _f;
+        try {
+            const tokenResponse = this.getContext(context);
+            if (tokenResponse.token) {
+                logger.debug(this.prefix('Using cached Agentic user token'));
+                return tokenResponse;
+            }
+            let connection;
+            if ((_a = this._options.altBlueprintConnectionName) === null || _a === void 0 ? void 0 : _a.trim()) {
+                connection = this.settings.connections.getConnection(this._options.altBlueprintConnectionName);
+            }
+            else {
+                connection = this.settings.connections.getTokenProvider(context.identity, (_b = context.activity.serviceUrl) !== null && _b !== void 0 ? _b : '');
+            }
+            const token = await connection.getAgenticUserToken((_c = context.activity.getAgenticInstanceId()) !== null && _c !== void 0 ? _c : '', (_d = context.activity.getAgenticUser()) !== null && _d !== void 0 ? _d : '', (options === null || options === void 0 ? void 0 : options.scopes) || this._options.scopes);
+            this.setContext(context, { token });
+            (_e = this._onSuccess) === null || _e === void 0 ? void 0 : _e.call(this, context);
+            return { token };
+        }
+        catch (error) {
+            const reason = 'Error retrieving Agentic user token';
+            logger.error(this.prefix(reason), error);
+            (_f = this._onFailure) === null || _f === void 0 ? void 0 : _f.call(this, context, `${reason}: ${error.message}`);
+            return { token: undefined };
+        }
+    }
+    /**
+     * @inheritdoc
+     */
+    onSuccess(callback) {
+        this._onSuccess = callback;
+    }
+    /**
+     * @inheritdoc
+     */
+    onFailure(callback) {
+        this._onFailure = callback;
+    }
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    prefix(message) {
+        return `[handler:${this.id}] ${message}`;
+    }
+    /**
+     * Sets the authorization context in the turn state.
+     */
+    setContext(context, data) {
+        return context.turnState.set(this._key, () => data);
+    }
+    /**
+     * Gets the authorization context from the turn state.
+     */
+    getContext(context) {
+        var _a;
+        const result = context.turnState.get(this._key);
+        return (_a = result === null || result === void 0 ? void 0 : result()) !== null && _a !== void 0 ? _a : { token: undefined };
+    }
+    /**
+     * Loads the OAuth scopes from the environment variables.
+     */
+    loadScopes(value) {
+        var _a;
+        return (_a = value === null || value === void 0 ? void 0 : value.split(',').reduce((acc, scope) => {
+            const trimmed = scope.trim();
+            if (trimmed) {
+                acc.push(trimmed);
+            }
+            return acc;
+        }, [])) !== null && _a !== void 0 ? _a : [];
+    }
+}
+exports.AgenticAuthorization = AgenticAuthorization;
+//# sourceMappingURL=agenticAuthorization.js.map

package/dist/src/app/auth/handlers/agenticAuthorization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agenticAuthorization.js","sourceRoot":"","sources":["../../../../../src/app/auth/handlers/agenticAuthorization.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,gEAAkD;AAElD,oCAA2I;AAI3I,MAAM,MAAM,GAAG,IAAA,uBAAK,EAAC,8BAA8B,CAAC,CAAA;AA+BpD;;GAEG;AACH,MAAa,oBAAoB;IAK/B;;;;;OAKG;IACH,YAA6B,EAAU,EAAE,OAAoC,EAAU,QAAsC;QAAhG,OAAE,GAAF,EAAE,CAAQ;QAAgD,aAAQ,GAAR,QAAQ,CAA8B;QAgGrH,SAAI,GAAG,GAAG,oBAAoB,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,EAAE,CAAA;QA/FtD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,6GAA6G,CAAC,CAAC,CAAA;QAC7I,CAAC;QAED,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED;;OAEG;IACK,WAAW,CAAE,QAAqC;;QACxD,MAAM,MAAM,GAAgC;YAC1C,IAAI,EAAE,SAAS;YACf,0BAA0B,EAAE,MAAA,QAAQ,CAAC,0BAA0B,mCAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,6BAA6B,CAAC,CAAC;YACzH,MAAM,EAAE,MAAA,QAAQ,CAAC,MAAM,mCAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,SAAS,CAAC,CAAC;SAC7E,CAAA;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,6EAA6E,CAAC,CAAC,CAAA;QAC7G,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,OAAO,CAAC,OAAO,CAAC,kCAA0B,CAAC,OAAO,CAAC,CAAA;IAC5D,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAC/B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,KAAK,CAAE,OAAoB,EAAE,OAA0C;;QAC3E,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YAC9C,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;gBACxB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,iCAAiC,CAAC,CAAC,CAAA;gBAC5D,OAAO,aAAa,CAAA;YACtB,CAAC;YAED,IAAI,UAAwB,CAAA;YAE5B,IAAI,MAAA,IAAI,CAAC,QAAQ,CAAC,0BAA0B,0CAAE,IAAI,EAAE,EAAE,CAAC;gBACrD,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC,CAAA;YAChG,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAA,OAAO,CAAC,QAAQ,CAAC,UAAU,mCAAI,EAAE,CAAC,CAAA;YAC9G,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,mBAAmB,CAChD,MAAA,OAAO,CAAC,QAAQ,CAAC,oBAAoB,EAAE,mCAAI,EAAE,EAC7C,MAAA,OAAO,CAAC,QAAQ,CAAC,cAAc,EAAE,mCAAI,EAAE,EACvC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,KAAI,IAAI,CAAC,QAAQ,CAAC,MAAO,CACzC,CAAA;YAED,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;YACnC,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,CAAC,CAAA;YAC1B,OAAO,EAAE,KAAK,EAAE,CAAA;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,qCAAqC,CAAA;YACpD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAA;YACxC,MAAA,IAAI,CAAC,UAAU,qDAAG,OAAO,EAAE,GAAG,MAAM,KAAM,KAAe,CAAC,OAAO,EAAE,CAAC,CAAA;YACpE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;QAC7B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,SAAS,CAAE,QAAwC;QACjD,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAA;IAC5B,CAAC;IAED;;OAEG;IACH,SAAS,CAAE,QAAyD;QAClE,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAA;IAC5B,CAAC;IAED;;OAEG;IACK,MAAM,CAAE,OAAe;QAC7B,OAAO,YAAY,IAAI,CAAC,EAAE,KAAK,OAAO,EAAE,CAAA;IAC1C,CAAC;IAID;;OAEG;IACK,UAAU,CAAE,OAAoB,EAAE,IAAmB;QAC3D,OAAO,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACrD,CAAC;IAED;;OAEG;IACK,UAAU,CAAE,OAAoB;;QACtC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/C,OAAO,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,EAAI,mCAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAA;IAC3C,CAAC;IAED;;OAEG;IACK,UAAU,CAAE,KAAwB;;QAC1C,OAAO,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CAAC,GAAG,EAAE,MAAM,CAAW,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;YACvD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;YAC5B,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YACnB,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAAE,CAAC,mCAAI,EAAE,CAAA;IACd,CAAC;CACF;AAxID,oDAwIC"}

package/dist/src/app/auth/handlers/azureBotAuthorization.d.ts

@@ -0,0 +1,222 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { AuthorizationHandlerStatus, AuthorizationHandler, ActiveAuthorizationHandler, AuthorizationHandlerSettings, AuthorizationHandlerTokenOptions } from '../types';
+import { TurnContext } from '../../../turnContext';
+import { TokenResponse } from '../../../oauth';
+declare enum Category {
+    SIGNIN = "signin",
+    UNKNOWN = "unknown"
+}
+/**
+ * Active handler manager information.
+ */
+export interface AzureBotActiveHandler extends ActiveAuthorizationHandler {
+    /**
+     * The number of attempts left for the handler to process in case of failure.
+     */
+    attemptsLeft: number;
+    /**
+     * The current category of the handler.
+     */
+    category?: Category;
+}
+/**
+ * Messages configuration for the AzureBotAuthorization handler.
+ */
+export interface AzureBotAuthorizationOptionsMessages {
+    /**
+     * Message displayed when an invalid code is entered.
+     * Use `{code}` as a placeholder for the entered code.
+     * Defaults to: 'The code entered is invalid. Please sign-in again to continue.'
+     */
+    invalidCode?: string;
+    /**
+     * Message displayed when the entered code format is invalid.
+     * Use `{attemptsLeft}` as a placeholder for the number of attempts left.
+     * Defaults to: 'Please enter a valid **6-digit** code format (_e.g. 123456_).\r\n**{attemptsLeft} attempt(s) left...**'
+     */
+    invalidCodeFormat?: string;
+    /**
+     * Message displayed when the maximum number of attempts is exceeded.
+     * Use `{maxAttempts}` as a placeholder for the maximum number of attempts.
+     * Defaults to: 'You have exceeded the maximum number of sign-in attempts ({maxAttempts}).'
+     */
+    maxAttemptsExceeded?: string;
+}
+/**
+ * Settings for on-behalf-of token acquisition.
+ */
+export interface AzureBotAuthorizationOptionsOBO {
+    /**
+     * Connection name to use for on-behalf-of token acquisition.
+     */
+    connection?: string;
+    /**
+     * Scopes to request for on-behalf-of token acquisition.
+     */
+    scopes?: string[];
+}
+/**
+ * Interface defining an authorization handler configuration.
+ */
+export interface AzureBotAuthorizationOptions {
+    /**
+     * The type of authorization handler.
+     * This property is optional and should not be set when configuring this handler.
+     * It is included here for completeness and type safety.
+     */
+    type?: undefined;
+    /**
+     * Connection name for the auth provider.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_connectionName` variable.
+     */
+    name?: string;
+    /**
+     * Title to display on auth cards/UI.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_connectionTitle` variable.
+     */
+    title?: string;
+    /**
+     * Text to display on auth cards/UI.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_connectionText` variable.
+     */
+    text?: string;
+    /**
+     * Maximum number of attempts for entering the magic code. Defaults to 2.
+     * @remarks
+     * When using environment variables, this can be set using the `${authHandlerId}_maxAttempts` variable.
+     */
+    maxAttempts?: number;
+    /**
+     * Messages to display for various authentication scenarios.
+     * @remarks
+     * When using environment variables, these can be set using the following variables:
+     * - `${authHandlerId}_messages_invalidCode`
+     * - `${authHandlerId}_messages_invalidCodeFormat`
+     * - `${authHandlerId}_messages_maxAttemptsExceeded`
+     */
+    messages?: AzureBotAuthorizationOptionsMessages;
+    /**
+     * Settings for on-behalf-of token acquisition.
+     * @remarks
+     * When using environment variables, these can be set using the following variables:
+     * - `${authHandlerId}_obo_connection`
+     * - `${authHandlerId}_obo_scopes` (comma-separated values, e.g. `scope1,scope2`)
+     */
+    obo?: AzureBotAuthorizationOptionsOBO;
+}
+/**
+ * Settings for configuring the AzureBot authorization handler.
+ */
+export interface AzureBotAuthorizationSettings extends AuthorizationHandlerSettings {
+}
+/**
+ * Default implementation of an authorization handler using Azure Bot Service.
+ */
+export declare class AzureBotAuthorization implements AuthorizationHandler {
+    readonly id: string;
+    private settings;
+    private _options;
+    private _onSuccess?;
+    private _onFailure?;
+    /**
+     * Creates an instance of the AzureBotAuthorization.
+     * @param id The unique identifier for the handler.
+     * @param options The settings for the handler.
+     * @param app The agent application instance.
+     */
+    constructor(id: string, options: AzureBotAuthorizationOptions, settings: AzureBotAuthorizationSettings);
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    private loadOptions;
+    /**
+     * Maximum number of attempts for magic code entry.
+     */
+    private get maxAttempts();
+    /**
+     * Sets a handler to be called when a user successfully signs in.
+     * @param callback The callback function to be invoked on successful sign-in.
+     */
+    onSuccess(callback: (context: TurnContext) => Promise<void> | void): void;
+    /**
+     * Sets a handler to be called when a user fails to sign in.
+     * @param callback The callback function to be invoked on sign-in failure.
+     */
+    onFailure(callback: (context: TurnContext, reason?: string) => Promise<void> | void): void;
+    /**
+     * Retrieves the token for the user, optionally using on-behalf-of flow for specified scopes.
+     * @param context The turn context.
+     * @param options Optional options for token acquisition, including connection and scopes for on-behalf-of flow.
+     * @returns The token response containing the token or undefined if not available.
+     */
+    token(context: TurnContext, options?: AuthorizationHandlerTokenOptions): Promise<TokenResponse>;
+    /**
+     * Signs out the user from the service.
+     * @param context The turn context.
+     * @returns True if the signout was successful, false otherwise.
+     */
+    signout(context: TurnContext): Promise<boolean>;
+    /**
+     * Initiates the sign-in process for the handler.
+     * @param context The turn context.
+     * @param active Optional active handler data.
+     * @returns The status of the sign-in attempt.
+     */
+    signin(context: TurnContext, active?: AzureBotActiveHandler): Promise<AuthorizationHandlerStatus>;
+    /**
+     * Handles on-behalf-of token acquisition.
+     */
+    private handleOBO;
+    /**
+     * Checks if a token is exchangeable for an on-behalf-of flow.
+     */
+    private isExchangeable;
+    /**
+     * Sets the token from the token response or initiates the sign-in flow.
+     */
+    private setToken;
+    /**
+     * Handles sign-in related activities.
+     */
+    private handleSignInActivities;
+    /**
+     * Verifies the magic code provided by the user.
+     */
+    private codeVerification;
+    private _key;
+    /**
+     * Sets the authorization context in the turn state.
+     */
+    private setContext;
+    /**
+     * Gets the authorization context from the turn state.
+     */
+    private getContext;
+    /**
+     * Gets the user token client from the turn context.
+     */
+    private getUserTokenClient;
+    /**
+     * Sends an InvokeResponse activity if the channel is Microsoft Teams.
+     */
+    private sendInvokeResponse;
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    private prefix;
+    /**
+     * Predefined messages with dynamic placeholders.
+     */
+    private messages;
+    /**
+     * Loads the OAuth scopes from the environment variables.
+     */
+    private loadScopes;
+}
+export {};