@microsoft/agents-hosting 1.1.0-alpha.58 → 1.1.0-alpha.75

package/src/auth/msalConnectionManager.ts

@@ -5,9 +5,9 @@
 
 import { Activity, RoleTypes } from '@microsoft/agents-activity'
 import { AuthConfiguration } from './authConfiguration'
-import { AuthProvider } from './authProvider'
 import { Connections } from './connections'
 import { MsalTokenProvider } from './msalTokenProvider'
+import { JwtPayload } from 'jsonwebtoken'
 
 export interface ConnectionMapItem {
   audience?: string
@@ -50,7 +50,7 @@ export class MsalConnectionManager implements Connections {
     if (!conn) {
       throw new Error(`Connection not found: ${connectionName}`)
     }
-    return conn
+    return this.applyConnectionDefaults(conn)
   }
 
   /**
@@ -69,13 +69,15 @@ export class MsalConnectionManager implements Connections {
       }
     }
 
-    return this._connections.values().next().value as MsalTokenProvider
+    const conn = this._connections.values().next().value as MsalTokenProvider
+
+    return this.applyConnectionDefaults(conn)
   }
 
   /**
    * Finds a connection based on a map.
    *
-   * @param audience The audience.
+   * @param identity - The identity.  Usually TurnContext.identity.
    * @param serviceUrl The service URL.
    * @returns The TokenProvider for the connection.
    *
@@ -90,7 +92,18 @@ export class MsalConnectionManager implements Connections {
    * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
    * Connection is: A name in the 'Connections' list.
    */
-  getTokenProvider (audience: string, serviceUrl: string): MsalTokenProvider {
+  getTokenProvider (identity: JwtPayload, serviceUrl: string): MsalTokenProvider {
+    if (!identity) {
+      throw new Error('Identity is required to get the token provider.')
+    }
+
+    let audience
+    if (Array.isArray(identity?.aud)) {
+      audience = identity.aud[0]
+    } else {
+      audience = identity.aud
+    }
+
     if (!audience || !serviceUrl) throw new Error('Audience and Service URL are required to get the token provider.')
 
     if (this._connectionsMap.length === 0) {
@@ -121,12 +134,12 @@ export class MsalConnectionManager implements Connections {
 
   /**
    * Finds a connection based on an activity's blueprint.
-   * @param audience The audience.
+   * @param identity - The identity.  Usually TurnContext.identity.
    * @param activity The activity.
    * @returns The TokenProvider for the connection.
    */
-  getTokenProviderFromActivity (audience: string, activity: Activity): AuthProvider {
-    let connection = this.getTokenProvider(audience, activity.serviceUrl || '')
+  getTokenProviderFromActivity (identity: JwtPayload, activity: Activity): MsalTokenProvider {
+    let connection = this.getTokenProvider(identity, activity.serviceUrl || '')
 
     // This is for the case where the Agentic BlueprintId is not the same as the AppId
     if (connection &&
@@ -147,4 +160,16 @@ export class MsalConnectionManager implements Connections {
   getDefaultConnectionConfiguration (): AuthConfiguration {
     return this._serviceConnectionConfiguration
   }
+
+  private applyConnectionDefaults (conn: MsalTokenProvider): MsalTokenProvider {
+    if (conn.connectionSettings) {
+      conn.connectionSettings.authority ??= 'https://login.microsoftonline.com'
+      conn.connectionSettings.issuers ??= [
+        'https://api.botframework.com',
+        `https://sts.windows.net/${conn.connectionSettings.tenantId}/`,
+        `${conn.connectionSettings.authority}/${conn.connectionSettings.tenantId}/v2.0`
+      ]
+    }
+    return conn
+  }
 }

package/src/cloudAdapter.ts

@@ -25,7 +25,7 @@ import { normalizeIncomingActivity } from './activityWireCompat'
 import { UserTokenClient } from './oauth'
 import { HeaderPropagation, HeaderPropagationCollection, HeaderPropagationDefinition } from './headerPropagation'
 import { JwtPayload } from 'jsonwebtoken'
-
+import { getTokenServiceEndpoint } from './oauth/customUserTokenAPI'
 const logger = debug('agents:cloud-adapter')
 
 /**
@@ -93,11 +93,11 @@ export class CloudAdapter extends BaseAdapter {
   protected async createConnectorClient (
     serviceUrl: string,
     scope: string,
-    audience: string,
+    identity: JwtPayload,
     headers?: HeaderPropagationCollection
   ): Promise<ConnectorClient> {
     // get the correct token provider
-    const tokenProvider = this.connectionManager.getTokenProvider(audience, serviceUrl)
+    const tokenProvider = this.connectionManager.getTokenProvider(identity, serviceUrl)
 
     const token = await tokenProvider.getAccessToken(scope)
     return ConnectorClient.createClientWithToken(
@@ -112,14 +112,7 @@ export class CloudAdapter extends BaseAdapter {
     activity: Activity,
     scope: string,
     headers?: HeaderPropagationCollection) {
-    let audience
-    if (Array.isArray(identity.aud)) {
-      audience = identity.aud[0]
-    } else {
-      audience = identity.aud
-    }
-
-    if (!audience) {
+    if (!identity?.aud) {
       // anonymous
       return ConnectorClient.createClientWithToken(
         activity.serviceUrl!,
@@ -129,7 +122,7 @@ export class CloudAdapter extends BaseAdapter {
     }
 
     let connectorClient
-    const tokenProvider = this.connectionManager.getTokenProvider(audience!, activity.serviceUrl ?? '')
+    const tokenProvider = this.connectionManager.getTokenProviderFromActivity(identity, activity)
     if (activity.isAgenticRequest()) {
       logger.debug('Activity is from an agentic source, using special scope', activity.recipient)
 
@@ -194,13 +187,14 @@ export class CloudAdapter extends BaseAdapter {
    * @protected
    */
   protected async createUserTokenClient (
-    tokenServiceEndpoint: string = 'https://api.botframework.com',
+    identity: JwtPayload,
+    tokenServiceEndpoint: string = getTokenServiceEndpoint(),
     scope: string = 'https://api.botframework.com',
     audience: string = 'https://api.botframework.com',
     headers?: HeaderPropagationCollection
   ): Promise<UserTokenClient> {
     // get the correct token provider
-    const tokenProvider = this.connectionManager.getTokenProvider(audience, tokenServiceEndpoint)
+    const tokenProvider = this.connectionManager.getTokenProvider(identity, tokenServiceEndpoint)
 
     return UserTokenClient.createClientWithScope(
       tokenServiceEndpoint,
@@ -258,9 +252,7 @@ export class CloudAdapter extends BaseAdapter {
       delete activity.id
       let response: ResourceResponse = { id: '' }
 
-      if (activity.type === ActivityTypes.Delay) {
-        await setTimeout(() => { }, typeof activity.value === 'number' ? activity.value : 1000)
-      } else if (activity.type === ActivityTypes.InvokeResponse) {
+      if (activity.type === ActivityTypes.InvokeResponse) {
         context.turnState.set(INVOKE_RESPONSE_KEY, activity)
       } else if (activity.type === ActivityTypes.Trace && activity.channelId !== Channels.Emulator) {
         // no-op
@@ -336,7 +328,7 @@ export class CloudAdapter extends BaseAdapter {
     }
 
     if (!activity.isAgenticRequest()) {
-      const userTokenClient = await this.createUserTokenClient()
+      const userTokenClient = await this.createUserTokenClient(request.user!)
       this.setUserTokenClient(context, userTokenClient)
     }
 
@@ -449,7 +441,7 @@ export class CloudAdapter extends BaseAdapter {
     const connectorClient = await this.createConnectorClientWithIdentity(identity, continuationActivity, scope)
     this.setConnectorClient(context, connectorClient)
 
-    const userTokenClient = await this.createUserTokenClient()
+    const userTokenClient = await this.createUserTokenClient(identity)
     this.setUserTokenClient(context, userTokenClient)
 
     await this.runMiddleware(context, logic)
@@ -544,8 +536,9 @@ export class CloudAdapter extends BaseAdapter {
     if (!conversationParameters) throw new TypeError('`conversationParameters` must be defined')
     if (!logic) throw new TypeError('`logic` must be defined')
 
-    const restClient = await this.createConnectorClient(serviceUrl, audience, audience)
-    const userTokenClient = await this.createUserTokenClient()
+    const identity = CloudAdapter.createIdentity(audience)
+    const restClient = await this.createConnectorClient(serviceUrl, audience, identity)
+    const userTokenClient = await this.createUserTokenClient(identity)
     const createConversationResult = await restClient.createConversation(conversationParameters)
     const createActivity = this.createCreateActivity(
       createConversationResult.id,

package/src/connector-client/connectorClient.ts

@@ -117,10 +117,6 @@ export class ConnectorClient {
     const axiosInstance = axios.create({
       baseURL,
       headers: headerPropagation.outgoing,
-      transformRequest: [
-        (data, headers) => {
-          return JSON.stringify(normalizeOutgoingActivity(data))
-        }]
     })
 
     if (token && token.length > 1) {
@@ -166,7 +162,10 @@ export class ConnectorClient {
    * @returns The conversation resource response.
    */
   public async createConversation (body: ConversationParameters): Promise<ConversationResourceResponse> {
-    const payload = normalizeOutgoingActivity(body)
+    const payload = {
+      ...body,
+      activity: normalizeOutgoingActivity(body.activity)
+    }
     const config: AxiosRequestConfig = {
       method: 'post',
       url: '/v3/conversations',
@@ -211,6 +210,12 @@ export class ConnectorClient {
     return response.data
   }
 
+  /**
+   * Trim the conversationId to a fixed length when creating the URL. This is applied only in specific API calls for agentic calls.
+   * @param conversationId The ID of the conversation to potentially truncate.
+   * @param activity The activity object used to determine if truncation is necessary.
+   * @returns The original or truncated conversationId, depending on the channel and activity role.
+   */
   private conditionallyTruncateConversationId (conversationId: string, activity: Activity): string {
     if (
       (activity.channelIdChannel === Channels.Msteams || activity.channelIdChannel === Channels.Agents) &&
@@ -275,7 +280,7 @@ export class ConnectorClient {
       headers: {
         'Content-Type': 'application/json'
       },
-      data: body
+      data: normalizeOutgoingActivity(body)
     }
     const response = await this._axiosInstance(config)
     return response.data

package/src/oauth/customUserTokenAPI.ts

@@ -0,0 +1,5 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+export const getTokenServiceEndpoint = (): string => {
+  return process.env.TOKEN_SERVICE_ENDPOINT ?? 'https://api.botframework.com'
+}

package/src/oauth/userTokenClient.ts

@@ -4,11 +4,12 @@
 import axios, { AxiosInstance } from 'axios'
 import { Activity, ConversationReference } from '@microsoft/agents-activity'
 import { debug } from '@microsoft/agents-activity/logger'
-import { normalizeOutgoingActivity, normalizeTokenExchangeState } from '../activityWireCompat'
+import { normalizeTokenExchangeState } from '../activityWireCompat'
 import { AadResourceUrls, SignInResource, TokenExchangeRequest, TokenOrSinginResourceResponse, TokenResponse, TokenStatus } from './userTokenClient.types'
 import { getProductInfo } from '../getProductInfo'
 import { AuthProvider, MsalTokenProvider } from '../auth'
 import { HeaderPropagationCollection } from '../headerPropagation'
+import { getTokenServiceEndpoint } from './customUserTokenAPI'
 
 const logger = debug('agents:user-token-client')
 
@@ -31,7 +32,7 @@ export class UserTokenClient {
 
   constructor (param: string | AxiosInstance) {
     if (typeof param === 'string') {
-      const baseURL = 'https://api.botframework.com'
+      const baseURL = getTokenServiceEndpoint()
       this.client = axios.create({
         baseURL,
         headers: {
@@ -116,11 +117,6 @@ export class UserTokenClient {
         'Content-Type': 'application/json', // Required by transformRequest
         'User-Agent': getProductInfo(),
       },
-      transformRequest: [
-        (data, headers) => {
-          return JSON.stringify(normalizeOutgoingActivity(data))
-        },
-      ],
     })
     const token = await (authProvider as MsalTokenProvider).getAccessToken(scope)
     if (token.length > 1) {