@microsoft/agents-hosting 1.1.0-alpha.58 → 1.1.0-alpha.78

package/src/auth/authConfiguration.ts

@@ -213,39 +213,27 @@ export const loadPrevAuthConfigFromEnv: () => AuthConfiguration = () => {
 
 function loadConnectionsMapFromEnv () {
   const envVars = process.env
-  const connections = new Map<string, AuthConfiguration>()
+  const connectionsObj: Record<string, any> = {}
   const connectionsMap: ConnectionMapItem[] = []
+  const CONNECTIONS_PREFIX = 'connections__'
+  const CONNECTIONS_MAP_PREFIX = 'connectionsMap__'
 
   for (const [key, value] of Object.entries(envVars)) {
-    if (key.startsWith('connections__')) {
-      const parts = key.split('__')
-      if (parts.length >= 4 && parts[2] === 'settings') {
-        const connectionName = parts[1]
-        const propertyPath = parts.slice(3).join('.') // e.g., 'issuers.0' or 'clientId'
-
-        let config = connections.get(connectionName)
-        if (!config) {
-          config = {}
-          connections.set(connectionName, config)
-        }
-
-        objectPath.set(config, propertyPath, value)
-      }
-    } else if (key.startsWith('connectionsMap__')) {
-      const parts = key.split('__')
-      if (parts.length === 3) {
-        const index = parseInt(parts[1], 10)
-        const property = parts[2]
-
-        if (!connectionsMap[index]) {
-          connectionsMap[index] = { serviceUrl: '', connection: '' }
-        }
-
-        (connectionsMap[index] as any)[property] = value
-      }
+    if (key.startsWith(CONNECTIONS_PREFIX)) {
+      // Convert to dot notation
+      let path = key.substring(CONNECTIONS_PREFIX.length).replace(/__/g, '.')
+      // Remove ".settings." from the path
+      path = path.replace('.settings.', '.')
+      objectPath.set(connectionsObj, path, value)
+    } else if (key.startsWith(CONNECTIONS_MAP_PREFIX)) {
+      const path = key.substring(CONNECTIONS_MAP_PREFIX.length).replace(/__/g, '.')
+      objectPath.set(connectionsMap, path, value)
     }
   }
 
+  // Convert connectionsObj to Map<string, AuthConfiguration>
+  const connections: Map<string, AuthConfiguration> = new Map(Object.entries(connectionsObj))
+
   if (connections.size === 0) {
     logger.warn('No connections found in configuration.')
   }
@@ -265,7 +253,6 @@ function loadConnectionsMapFromEnv () {
       }
     }
   }
-
   return {
     connections,
     connectionsMap,

package/src/auth/connections.ts

@@ -6,6 +6,7 @@
 import { Activity } from '@microsoft/agents-activity'
 import { AuthConfiguration } from './authConfiguration'
 import { AuthProvider } from './authProvider'
+import { JwtPayload } from 'jsonwebtoken'
 
 export interface Connections {
   /**
@@ -24,19 +25,19 @@ export interface Connections {
 
   /**
    * Get the OAuth token provider for the agent.
-   * @param audience - The audience.
+   * @param identity - The identity. Usually TurnContext.identity.
    * @param serviceUrl - The service url.
    * @returns An AuthProvider instance.
    */
-  getTokenProvider: (audience: string, serviceUrl: string) => AuthProvider
+  getTokenProvider: (identity: JwtPayload, serviceUrl: string) => AuthProvider
 
   /**
    * Get the OAuth token provider for the agent.
-   * @param audience - The audience.
+   * @param identity - The identity.  Usually TurnContext.identity.
    * @param activity - The activity.
    * @returns An AuthProvider instance.
    */
-  getTokenProviderFromActivity: (audience: string, activity: Activity) => AuthProvider
+  getTokenProviderFromActivity: (identity: JwtPayload, activity: Activity) => AuthProvider
 
   /**
    * Get the default connection configuration for the agent.

package/src/auth/msalConnectionManager.ts

@@ -5,9 +5,9 @@
 
 import { Activity, RoleTypes } from '@microsoft/agents-activity'
 import { AuthConfiguration } from './authConfiguration'
-import { AuthProvider } from './authProvider'
 import { Connections } from './connections'
 import { MsalTokenProvider } from './msalTokenProvider'
+import { JwtPayload } from 'jsonwebtoken'
 
 export interface ConnectionMapItem {
   audience?: string
@@ -50,7 +50,7 @@ export class MsalConnectionManager implements Connections {
     if (!conn) {
       throw new Error(`Connection not found: ${connectionName}`)
     }
-    return conn
+    return this.applyConnectionDefaults(conn)
   }
 
   /**
@@ -69,13 +69,15 @@ export class MsalConnectionManager implements Connections {
       }
     }
 
-    return this._connections.values().next().value as MsalTokenProvider
+    const conn = this._connections.values().next().value as MsalTokenProvider
+
+    return this.applyConnectionDefaults(conn)
   }
 
   /**
    * Finds a connection based on a map.
    *
-   * @param audience The audience.
+   * @param identity - The identity.  Usually TurnContext.identity.
    * @param serviceUrl The service URL.
    * @returns The TokenProvider for the connection.
    *
@@ -90,7 +92,18 @@ export class MsalConnectionManager implements Connections {
    * ServiceUrl is:  A regex to match with, or "*" for any serviceUrl value.
    * Connection is: A name in the 'Connections' list.
    */
-  getTokenProvider (audience: string, serviceUrl: string): MsalTokenProvider {
+  getTokenProvider (identity: JwtPayload, serviceUrl: string): MsalTokenProvider {
+    if (!identity) {
+      throw new Error('Identity is required to get the token provider.')
+    }
+
+    let audience
+    if (Array.isArray(identity?.aud)) {
+      audience = identity.aud[0]
+    } else {
+      audience = identity.aud
+    }
+
     if (!audience || !serviceUrl) throw new Error('Audience and Service URL are required to get the token provider.')
 
     if (this._connectionsMap.length === 0) {
@@ -121,12 +134,12 @@ export class MsalConnectionManager implements Connections {
 
   /**
    * Finds a connection based on an activity's blueprint.
-   * @param audience The audience.
+   * @param identity - The identity.  Usually TurnContext.identity.
    * @param activity The activity.
    * @returns The TokenProvider for the connection.
    */
-  getTokenProviderFromActivity (audience: string, activity: Activity): AuthProvider {
-    let connection = this.getTokenProvider(audience, activity.serviceUrl || '')
+  getTokenProviderFromActivity (identity: JwtPayload, activity: Activity): MsalTokenProvider {
+    let connection = this.getTokenProvider(identity, activity.serviceUrl || '')
 
     // This is for the case where the Agentic BlueprintId is not the same as the AppId
     if (connection &&
@@ -147,4 +160,16 @@ export class MsalConnectionManager implements Connections {
   getDefaultConnectionConfiguration (): AuthConfiguration {
     return this._serviceConnectionConfiguration
   }
+
+  private applyConnectionDefaults (conn: MsalTokenProvider): MsalTokenProvider {
+    if (conn.connectionSettings) {
+      conn.connectionSettings.authority ??= 'https://login.microsoftonline.com'
+      conn.connectionSettings.issuers ??= [
+        'https://api.botframework.com',
+        `https://sts.windows.net/${conn.connectionSettings.tenantId}/`,
+        `${conn.connectionSettings.authority}/${conn.connectionSettings.tenantId}/v2.0`
+      ]
+    }
+    return conn
+  }
 }

package/src/cloudAdapter.ts

@@ -25,7 +25,7 @@ import { normalizeIncomingActivity } from './activityWireCompat'
 import { UserTokenClient } from './oauth'
 import { HeaderPropagation, HeaderPropagationCollection, HeaderPropagationDefinition } from './headerPropagation'
 import { JwtPayload } from 'jsonwebtoken'
-
+import { getTokenServiceEndpoint } from './oauth/customUserTokenAPI'
 const logger = debug('agents:cloud-adapter')
 
 /**
@@ -93,11 +93,11 @@ export class CloudAdapter extends BaseAdapter {
   protected async createConnectorClient (
     serviceUrl: string,
     scope: string,
-    audience: string,
+    identity: JwtPayload,
     headers?: HeaderPropagationCollection
   ): Promise<ConnectorClient> {
     // get the correct token provider
-    const tokenProvider = this.connectionManager.getTokenProvider(audience, serviceUrl)
+    const tokenProvider = this.connectionManager.getTokenProvider(identity, serviceUrl)
 
     const token = await tokenProvider.getAccessToken(scope)
     return ConnectorClient.createClientWithToken(
@@ -110,16 +110,8 @@ export class CloudAdapter extends BaseAdapter {
   protected async createConnectorClientWithIdentity (
     identity: JwtPayload,
     activity: Activity,
-    scope: string,
     headers?: HeaderPropagationCollection) {
-    let audience
-    if (Array.isArray(identity.aud)) {
-      audience = identity.aud[0]
-    } else {
-      audience = identity.aud
-    }
-
-    if (!audience) {
+    if (!identity?.aud) {
       // anonymous
       return ConnectorClient.createClientWithToken(
         activity.serviceUrl!,
@@ -129,7 +121,7 @@ export class CloudAdapter extends BaseAdapter {
     }
 
     let connectorClient
-    const tokenProvider = this.connectionManager.getTokenProvider(audience!, activity.serviceUrl ?? '')
+    const tokenProvider = this.connectionManager.getTokenProviderFromActivity(identity, activity)
     if (activity.isAgenticRequest()) {
       logger.debug('Activity is from an agentic source, using special scope', activity.recipient)
 
@@ -154,6 +146,9 @@ export class CloudAdapter extends BaseAdapter {
         throw new Error('Could not create connector client for agentic user')
       }
     } else {
+      // ABS tokens will not have an azp/appid so use the botframework scope.
+      // Otherwise use the appId.  This will happen when communicating back to another agent.
+      const scope = identity.azp ?? identity.appid ?? 'https://api.botframework.com'
       const token = await tokenProvider.getAccessToken(scope)
       connectorClient = ConnectorClient.createClientWithToken(
         activity.serviceUrl!,
@@ -194,13 +189,14 @@ export class CloudAdapter extends BaseAdapter {
    * @protected
    */
   protected async createUserTokenClient (
-    tokenServiceEndpoint: string = 'https://api.botframework.com',
+    identity: JwtPayload,
+    tokenServiceEndpoint: string = getTokenServiceEndpoint(),
     scope: string = 'https://api.botframework.com',
     audience: string = 'https://api.botframework.com',
     headers?: HeaderPropagationCollection
   ): Promise<UserTokenClient> {
     // get the correct token provider
-    const tokenProvider = this.connectionManager.getTokenProvider(audience, tokenServiceEndpoint)
+    const tokenProvider = this.connectionManager.getTokenProvider(identity, tokenServiceEndpoint)
 
     return UserTokenClient.createClientWithScope(
       tokenServiceEndpoint,
@@ -258,9 +254,7 @@ export class CloudAdapter extends BaseAdapter {
       delete activity.id
       let response: ResourceResponse = { id: '' }
 
-      if (activity.type === ActivityTypes.Delay) {
-        await setTimeout(() => { }, typeof activity.value === 'number' ? activity.value : 1000)
-      } else if (activity.type === ActivityTypes.InvokeResponse) {
+      if (activity.type === ActivityTypes.InvokeResponse) {
         context.turnState.set(INVOKE_RESPONSE_KEY, activity)
       } else if (activity.type === ActivityTypes.Trace && activity.channelId !== Channels.Emulator) {
         // no-op
@@ -328,15 +322,14 @@ export class CloudAdapter extends BaseAdapter {
     logger.debug('Received activity: ', activity)
 
     const context = new TurnContext(this, activity, request.user!)
-    const scope = request.user?.azp ?? request.user?.appid ?? 'https://api.botframework.com'
     // if Delivery Mode == ExpectReplies, we don't need a connector client.
     if (this.resolveIfConnectorClientIsNeeded(activity)) {
-      const connectorClient = await this.createConnectorClientWithIdentity(request.user!, activity, scope, headers)
+      const connectorClient = await this.createConnectorClientWithIdentity(request.user!, activity, headers)
       this.setConnectorClient(context, connectorClient)
     }
 
     if (!activity.isAgenticRequest()) {
-      const userTokenClient = await this.createUserTokenClient()
+      const userTokenClient = await this.createUserTokenClient(request.user!)
       this.setUserTokenClient(context, userTokenClient)
     }
 
@@ -433,24 +426,29 @@ export class CloudAdapter extends BaseAdapter {
     logic: (revocableContext: TurnContext) => Promise<void>,
     isResponse: Boolean = false): Promise<void> {
     if (!reference || !reference.serviceUrl || (reference.conversation == null) || !reference.conversation.id) {
-      throw new Error('Invalid conversation reference object')
+      throw new Error('continueConversation: Invalid conversation reference object')
     }
 
+    if (!botAppIdOrIdentity) {
+      throw new TypeError('continueConversation: botAppIdOrIdentity is required')
+    }
     const botAppId = typeof botAppIdOrIdentity === 'string' ? botAppIdOrIdentity : botAppIdOrIdentity.aud as string
 
+    // Only having the botId will only work against ABS or Agentic.  Proactive to other agents will
+    // not work with just botId.  Use a JwtPayload with property aud (which is botId) and appid populated.
     const identity =
         typeof botAppIdOrIdentity !== 'string'
           ? botAppIdOrIdentity
           : CloudAdapter.createIdentity(botAppId)
 
-    const continuationActivity = Activity.getContinuationActivity(reference)
     const context = new TurnContext(this, Activity.getContinuationActivity(reference), identity)
-    const scope = identity.azp ?? identity.appid ?? 'https://api.botframework.com'
-    const connectorClient = await this.createConnectorClientWithIdentity(identity, continuationActivity, scope)
+    const connectorClient = await this.createConnectorClientWithIdentity(identity, context.activity)
     this.setConnectorClient(context, connectorClient)
 
-    const userTokenClient = await this.createUserTokenClient()
-    this.setUserTokenClient(context, userTokenClient)
+    if (!context.activity.isAgenticRequest()) {
+      const userTokenClient = await this.createUserTokenClient(identity)
+      this.setUserTokenClient(context, userTokenClient)
+    }
 
     await this.runMiddleware(context, logic)
   }
@@ -544,8 +542,9 @@ export class CloudAdapter extends BaseAdapter {
     if (!conversationParameters) throw new TypeError('`conversationParameters` must be defined')
     if (!logic) throw new TypeError('`logic` must be defined')
 
-    const restClient = await this.createConnectorClient(serviceUrl, audience, audience)
-    const userTokenClient = await this.createUserTokenClient()
+    const identity = CloudAdapter.createIdentity(audience)
+    const restClient = await this.createConnectorClient(serviceUrl, audience, identity)
+    const userTokenClient = await this.createUserTokenClient(identity)
     const createConversationResult = await restClient.createConversation(conversationParameters)
     const createActivity = this.createCreateActivity(
       createConversationResult.id,

package/src/connector-client/connectorClient.ts

@@ -117,10 +117,6 @@ export class ConnectorClient {
     const axiosInstance = axios.create({
       baseURL,
       headers: headerPropagation.outgoing,
-      transformRequest: [
-        (data, headers) => {
-          return JSON.stringify(normalizeOutgoingActivity(data))
-        }]
     })
 
     if (token && token.length > 1) {
@@ -166,7 +162,10 @@ export class ConnectorClient {
    * @returns The conversation resource response.
    */
   public async createConversation (body: ConversationParameters): Promise<ConversationResourceResponse> {
-    const payload = normalizeOutgoingActivity(body)
+    const payload = {
+      ...body,
+      activity: normalizeOutgoingActivity(body.activity)
+    }
     const config: AxiosRequestConfig = {
       method: 'post',
       url: '/v3/conversations',
@@ -211,6 +210,12 @@ export class ConnectorClient {
     return response.data
   }
 
+  /**
+   * Trim the conversationId to a fixed length when creating the URL. This is applied only in specific API calls for agentic calls.
+   * @param conversationId The ID of the conversation to potentially truncate.
+   * @param activity The activity object used to determine if truncation is necessary.
+   * @returns The original or truncated conversationId, depending on the channel and activity role.
+   */
   private conditionallyTruncateConversationId (conversationId: string, activity: Activity): string {
     if (
       (activity.channelIdChannel === Channels.Msteams || activity.channelIdChannel === Channels.Agents) &&
@@ -275,7 +280,7 @@ export class ConnectorClient {
       headers: {
         'Content-Type': 'application/json'
       },
-      data: body
+      data: normalizeOutgoingActivity(body)
     }
     const response = await this._axiosInstance(config)
     return response.data

package/src/oauth/customUserTokenAPI.ts

@@ -0,0 +1,5 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+export const getTokenServiceEndpoint = (): string => {
+  return process.env.TOKEN_SERVICE_ENDPOINT ?? 'https://api.botframework.com'
+}

package/src/oauth/userTokenClient.ts

@@ -4,11 +4,12 @@
 import axios, { AxiosInstance } from 'axios'
 import { Activity, ConversationReference } from '@microsoft/agents-activity'
 import { debug } from '@microsoft/agents-activity/logger'
-import { normalizeOutgoingActivity, normalizeTokenExchangeState } from '../activityWireCompat'
+import { normalizeTokenExchangeState } from '../activityWireCompat'
 import { AadResourceUrls, SignInResource, TokenExchangeRequest, TokenOrSinginResourceResponse, TokenResponse, TokenStatus } from './userTokenClient.types'
 import { getProductInfo } from '../getProductInfo'
 import { AuthProvider, MsalTokenProvider } from '../auth'
 import { HeaderPropagationCollection } from '../headerPropagation'
+import { getTokenServiceEndpoint } from './customUserTokenAPI'
 
 const logger = debug('agents:user-token-client')
 
@@ -31,7 +32,7 @@ export class UserTokenClient {
 
   constructor (param: string | AxiosInstance) {
     if (typeof param === 'string') {
-      const baseURL = 'https://api.botframework.com'
+      const baseURL = getTokenServiceEndpoint()
       this.client = axios.create({
         baseURL,
         headers: {
@@ -116,11 +117,6 @@ export class UserTokenClient {
         'Content-Type': 'application/json', // Required by transformRequest
         'User-Agent': getProductInfo(),
       },
-      transformRequest: [
-        (data, headers) => {
-          return JSON.stringify(normalizeOutgoingActivity(data))
-        },
-      ],
     })
     const token = await (authProvider as MsalTokenProvider).getAccessToken(scope)
     if (token.length > 1) {