@microsoft/agents-hosting 1.6.0-beta.9.gce9d8facd2 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (94) hide show
  1. package/dist/package.json +4 -9
  2. package/dist/src/agent-client/agentClient.js +2 -2
  3. package/dist/src/agent-client/agentClient.js.map +1 -1
  4. package/dist/src/agent-client/agentResponseHandler.js +2 -2
  5. package/dist/src/agent-client/agentResponseHandler.js.map +1 -1
  6. package/dist/src/app/agentApplication.js +28 -2
  7. package/dist/src/app/agentApplication.js.map +1 -1
  8. package/dist/src/app/agentApplicationOptions.d.ts +10 -0
  9. package/dist/src/app/attachmentDownloader.js +5 -10
  10. package/dist/src/app/attachmentDownloader.js.map +1 -1
  11. package/dist/src/app/auth/authorizationManager.d.ts +4 -0
  12. package/dist/src/app/auth/authorizationManager.js +94 -67
  13. package/dist/src/app/auth/authorizationManager.js.map +1 -1
  14. package/dist/src/app/auth/handlers/azureBotAuthorization.js +2 -2
  15. package/dist/src/app/auth/handlers/azureBotAuthorization.js.map +1 -1
  16. package/dist/src/app/proactive/createConversationOptionsBuilder.js +10 -6
  17. package/dist/src/app/proactive/createConversationOptionsBuilder.js.map +1 -1
  18. package/dist/src/app/proactive/proactive.d.ts +1 -0
  19. package/dist/src/app/proactive/proactive.js +30 -15
  20. package/dist/src/app/proactive/proactive.js.map +1 -1
  21. package/dist/src/app/teamsAttachmentDownloader.js +6 -14
  22. package/dist/src/app/teamsAttachmentDownloader.js.map +1 -1
  23. package/dist/src/auth/authConfiguration.d.ts +2 -143
  24. package/dist/src/auth/authConfiguration.js +301 -257
  25. package/dist/src/auth/authConfiguration.js.map +1 -1
  26. package/dist/src/auth/jwt-middleware.js +2 -1
  27. package/dist/src/auth/jwt-middleware.js.map +1 -1
  28. package/dist/src/auth/msalConnectionManager.js +27 -14
  29. package/dist/src/auth/msalConnectionManager.js.map +1 -1
  30. package/dist/src/auth/msalTokenProvider.d.ts +7 -0
  31. package/dist/src/auth/msalTokenProvider.js +188 -44
  32. package/dist/src/auth/msalTokenProvider.js.map +1 -1
  33. package/dist/src/auth/settings.d.ts +327 -0
  34. package/dist/src/auth/settings.js +158 -0
  35. package/dist/src/auth/settings.js.map +1 -0
  36. package/dist/src/cloudAdapter.d.ts +58 -1
  37. package/dist/src/cloudAdapter.js +232 -52
  38. package/dist/src/cloudAdapter.js.map +1 -1
  39. package/dist/src/connector-client/connectorClient.d.ts +12 -8
  40. package/dist/src/connector-client/connectorClient.js +99 -82
  41. package/dist/src/connector-client/connectorClient.js.map +1 -1
  42. package/dist/src/errorHelper.js +85 -7
  43. package/dist/src/errorHelper.js.map +1 -1
  44. package/dist/src/getProductInfo.d.ts +23 -0
  45. package/dist/src/getProductInfo.js +71 -1
  46. package/dist/src/getProductInfo.js.map +1 -1
  47. package/dist/src/headerPropagation.d.ts +17 -2
  48. package/dist/src/headerPropagation.js +46 -24
  49. package/dist/src/headerPropagation.js.map +1 -1
  50. package/dist/src/httpClient.d.ts +60 -0
  51. package/dist/src/httpClient.js +173 -0
  52. package/dist/src/httpClient.js.map +1 -0
  53. package/dist/src/index.d.ts +2 -1
  54. package/dist/src/index.js +7 -2
  55. package/dist/src/index.js.map +1 -1
  56. package/dist/src/oauth/userTokenClient.d.ts +5 -4
  57. package/dist/src/oauth/userTokenClient.js +97 -78
  58. package/dist/src/oauth/userTokenClient.js.map +1 -1
  59. package/dist/src/observability/traces.d.ts +11 -4
  60. package/dist/src/observability/traces.js +39 -7
  61. package/dist/src/observability/traces.js.map +1 -1
  62. package/dist/src/utils/env.d.ts +50 -0
  63. package/dist/src/utils/env.js +113 -0
  64. package/dist/src/utils/env.js.map +1 -0
  65. package/dist/src/utils.d.ts +10 -0
  66. package/dist/src/utils.js +18 -0
  67. package/dist/src/utils.js.map +1 -0
  68. package/package.json +4 -9
  69. package/src/agent-client/agentClient.ts +2 -2
  70. package/src/agent-client/agentResponseHandler.ts +2 -2
  71. package/src/app/agentApplication.ts +30 -3
  72. package/src/app/agentApplicationOptions.ts +11 -0
  73. package/src/app/attachmentDownloader.ts +6 -8
  74. package/src/app/auth/authorizationManager.ts +84 -41
  75. package/src/app/auth/handlers/azureBotAuthorization.ts +2 -2
  76. package/src/app/proactive/createConversationOptionsBuilder.ts +8 -4
  77. package/src/app/proactive/proactive.ts +39 -23
  78. package/src/app/teamsAttachmentDownloader.ts +7 -11
  79. package/src/auth/authConfiguration.ts +317 -356
  80. package/src/auth/jwt-middleware.ts +1 -1
  81. package/src/auth/msalConnectionManager.ts +27 -10
  82. package/src/auth/msalTokenProvider.ts +180 -42
  83. package/src/auth/settings.ts +323 -0
  84. package/src/cloudAdapter.ts +291 -12
  85. package/src/connector-client/connectorClient.ts +116 -94
  86. package/src/errorHelper.ts +96 -7
  87. package/src/getProductInfo.ts +79 -1
  88. package/src/headerPropagation.ts +55 -23
  89. package/src/httpClient.ts +223 -0
  90. package/src/index.ts +5 -1
  91. package/src/oauth/userTokenClient.ts +103 -84
  92. package/src/observability/traces.ts +39 -8
  93. package/src/utils/env.ts +105 -0
  94. package/src/utils.ts +14 -0
@@ -0,0 +1,323 @@
1
+ /**
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import { debug } from '@microsoft/agents-telemetry'
7
+ import type { ConnectionMapItem } from './msalConnectionManager'
8
+
9
+ const logger = debug('agents:authConfiguration')
10
+
11
+ const DEFAULT_CONNECTION = 'serviceConnection'
12
+ const AUTHORITY_DEFAULT = 'https://login.microsoftonline.com'
13
+
14
+ export const DEFAULT_CONNECTION_MAP: ConnectionMapItem = { serviceUrl: '*', connection: DEFAULT_CONNECTION }
15
+
16
+ export type ConnectionKeys = keyof Omit<AuthConfiguration, 'connections' | 'connectionsMap'>
17
+ export type ConnectionMapKeys = keyof ConnectionMapItem
18
+
19
+ export interface LoadEnv {
20
+ [upperKey: string]: { key: string, value: any }
21
+ }
22
+
23
+ export function loadEnvSettings (callback: (key: string, value: string) => void) {
24
+ const env: LoadEnv = {}
25
+ for (const [envKey, envValue] of Object.entries(process.env)) {
26
+ if (!envValue?.trim()) {
27
+ continue
28
+ }
29
+
30
+ env[envKey.toUpperCase()] = { key: envKey, value: envValue }
31
+
32
+ callback(envKey, envValue)
33
+ }
34
+
35
+ return env
36
+ }
37
+
38
+ export function applyDefaultSettings (config: AuthConfiguration) {
39
+ const settings = { ...config }
40
+ settings.authorityEndpoint ??= settings.authority ?? AUTHORITY_DEFAULT
41
+ settings.issuers ??= getDefaultIssuers(settings.tenantId ?? '', settings.authorityEndpoint)
42
+
43
+ // For backward compatibility
44
+ if (settings.federatedClientId) {
45
+ settings.FICClientId = settings.federatedClientId
46
+ }
47
+
48
+ if (settings.scopes?.length) {
49
+ settings.scope = settings.scopes?.[0]
50
+ }
51
+
52
+ if (settings.authorityEndpoint) {
53
+ settings.authority = settings.authorityEndpoint
54
+ }
55
+
56
+ if (!settings.clientId && process.env.NODE_ENV?.toLowerCase() === 'production') {
57
+ throw new Error('ClientId required in production')
58
+ }
59
+
60
+ const defaultConnections = settings.connections?.size
61
+ ? settings.connections
62
+ : new Map([[DEFAULT_CONNECTION, { ...settings }]])
63
+ const defaultConnectionsMap = settings.connectionsMap?.length
64
+ ? settings.connectionsMap
65
+ : [DEFAULT_CONNECTION_MAP]
66
+
67
+ settings.connections = defaultConnections
68
+ settings.connectionsMap = defaultConnectionsMap
69
+ return settings
70
+ }
71
+
72
+ /**
73
+ * A type representing a parser settings object.
74
+ */
75
+ type ParserSettings<K extends string> = {
76
+ [key in K]: (value: string) => { key?: string, value?: any } | undefined
77
+ }
78
+
79
+ /**
80
+ * Creates an environment variable parser that maps the variable keys to parsing functions.
81
+ * @param settings An object where each key is an environment variable name and the value is a function
82
+ * that takes the variable value as input and returns an object with optional `key` and `value` properties.
83
+ * @remarks
84
+ * The `key` property in the returned object can be used to rename the environment variable key,
85
+ * while the `value` property contains the parsed value.
86
+ * @returns An object with a `parse` method that takes an environment variable key and value,
87
+ * and returns the parsed result.
88
+ */
89
+ export function envParser<K extends string> (settings: ParserSettings<K> & ThisType<ParserSettings<K>>) {
90
+ const keys = Object.keys(settings) as K[]
91
+ const upperKeys = keys.reduce((acc, key) => {
92
+ acc[key.toUpperCase()] = key
93
+ return acc
94
+ }, {} as Record<string, K>)
95
+ return {
96
+ keys,
97
+ /**
98
+ * Parses the given environment variable key and value using the provided settings.
99
+ * @param key The environment variable key.
100
+ * @param value The environment variable value.
101
+ * @returns The parsed result with optional renamed key and parsed value.
102
+ */
103
+ parse (key: K, value: string) {
104
+ const match = upperKeys[key.toUpperCase()]
105
+ if (!match) {
106
+ return {}
107
+ }
108
+
109
+ const result = settings[match](value)
110
+ return { key: result?.key ?? match, value: result?.value }
111
+ }
112
+ }
113
+ }
114
+
115
+ /**
116
+ * Utility functions for environment variable parsers.
117
+ */
118
+ export const envParserUtils = {
119
+ /**
120
+ * Bypass parser that returns the value as is.
121
+ * @param value The environment variable value.
122
+ * @returns An object with the original value.
123
+ */
124
+ bypass: (value: string) => ({ value }),
125
+ /**
126
+ * Redirects the parsing to another parser for a specific key.
127
+ * @param parser The target parser to redirect to.
128
+ * @param key The key to use in the target parser.
129
+ * @returns A function that takes the environment variable value and returns the parsed result from the target parser.
130
+ */
131
+ redirect: <Parser extends ReturnType<typeof envParser>>(parser: Parser, key: Parameters<Parser['parse']>[0]) => (value: string) => parser.parse(key, value)
132
+ }
133
+
134
+ /**
135
+ * Resolves the full authority URL including the tenant ID.
136
+ * Supports both patterns:
137
+ * - Tenant embedded in authority: https://login.microsoftonline.com/my-tenant
138
+ * - Authority + separate tenantId: https://login.microsoftonline.com + tenantId
139
+ * Also handles trailing slashes on authority.
140
+ */
141
+ export function resolveAuthority (authority?: string, tenantId?: string): string {
142
+ const base = trimTrailingSlashes(authority ?? AUTHORITY_DEFAULT)
143
+ const url = new URL(base)
144
+ const hasPathSegment = url.pathname !== '/'
145
+ if (hasPathSegment) {
146
+ return base
147
+ }
148
+ return `${base}/${tenantId ?? 'botframework.com'}`
149
+ }
150
+
151
+ function trimTrailingSlashes (value: string): string {
152
+ let end = value.length
153
+ while (end > 0 && value.charCodeAt(end - 1) === 47) {
154
+ end--
155
+ }
156
+
157
+ return end === value.length ? value : value.slice(0, end)
158
+ }
159
+
160
+ function getDefaultIssuers (tenantId: string, authority: string) : string[] {
161
+ // Convert empty string to undefined so resolveAuthority applies its 'botframework.com' default
162
+ const t = tenantId || undefined
163
+ if (!t) {
164
+ logger.warn('tenantId is not configured, defaulting to botframework.com')
165
+ }
166
+ return [
167
+ 'https://api.botframework.com',
168
+ `${resolveAuthority('https://sts.windows.net', t)}/`,
169
+ `${resolveAuthority(authority, t)}/v2.0`
170
+ ]
171
+ }
172
+
173
+ /**
174
+ * Represents the authentication configuration.
175
+ */
176
+ export interface AuthConfiguration {
177
+ /**
178
+ * The tenant ID for the authentication configuration.
179
+ */
180
+ tenantId?: string
181
+
182
+ /**
183
+ * The client ID for the authentication configuration. Required in production.
184
+ */
185
+ clientId?: string
186
+
187
+ /**
188
+ * The client secret for the authentication configuration.
189
+ */
190
+ clientSecret?: string
191
+
192
+ /**
193
+ * The path to the certificate PEM file.
194
+ */
195
+ certPemFile?: string
196
+
197
+ /**
198
+ * The path to the certificate key file.
199
+ */
200
+ certKeyFile?: string
201
+
202
+ /**
203
+ * Indicates whether to send the X5C param or not (for SNI authentication).
204
+ */
205
+ sendX5C?: boolean
206
+
207
+ /**
208
+ * A list of valid issuers for the authentication configuration.
209
+ */
210
+ issuers?: string[]
211
+
212
+ /**
213
+ * The connection name for the authentication configuration.
214
+ */
215
+ connectionName?: string
216
+
217
+ /**
218
+ * @deprecated Use federatedClientId instead.
219
+ *
220
+ * The FIC (First-Party Integration Channel) client ID.
221
+ */
222
+ FICClientId?: string,
223
+
224
+ /**
225
+ * @deprecated Use authorityEndpoint instead.
226
+ *
227
+ * Entra Authentication Endpoint to use.
228
+ *
229
+ * @remarks
230
+ * If not populated the Entra Public Cloud endpoint is assumed.
231
+ * This example of Public Cloud Endpoint is https://login.microsoftonline.com
232
+ * see also https://learn.microsoft.com/entra/identity-platform/authentication-national-cloud
233
+ */
234
+ authority?: string
235
+
236
+ /**
237
+ * @deprecated Use scopes instead.
238
+ */
239
+ scope?: string
240
+
241
+ /**
242
+ * A map of connection names to their respective authentication configurations.
243
+ */
244
+ connections?: Map<string, AuthConfiguration>
245
+
246
+ /**
247
+ * A list of connection map items to map service URLs to connection names.
248
+ */
249
+ connectionsMap?: ConnectionMapItem[],
250
+
251
+ /**
252
+ * An optional alternative blueprint Connection name used when constructing a connector client.
253
+ */
254
+ altBlueprintConnectionName?: string
255
+
256
+ /**
257
+ * @deprecated Use `authType` set to `'WorkloadIdentity'` and `federatedTokenFile` instead.
258
+ *
259
+ * The path to K8s provided token.
260
+ */
261
+ WIDAssertionFile?: string
262
+
263
+ /**
264
+ * The Azure region for ESTS-R regional token acquisition (e.g. 'westus', 'eastus').
265
+ * When set, MSAL routes token requests to the specified regional endpoint.
266
+ * See https://learn.microsoft.com/en-us/entra/msal/javascript/node/regional-authorities for details.
267
+ */
268
+ azureRegion?: string
269
+
270
+ /**
271
+ * The authentication type for the connection.
272
+ */
273
+ authType?: AuthType | string
274
+
275
+ /**
276
+ * The path to the federated token file used for Workload Identity authentication.
277
+ */
278
+ federatedTokenFile?: string
279
+
280
+ /**
281
+ * Sets the resource URL for Identity Proxy Manager (IDPM).
282
+ *
283
+ * @remarks
284
+ * Set this to the appropriate resource identifier when the application is running in an environment,
285
+ * such as a Foundry container, that exposes Managed Identity through a container-specific IMDS endpoint.
286
+ * This setting is only meaningful when using Identity Proxy Manager (AuthType.IdentityProxyManager) for authentication.
287
+ */
288
+ idpmResource?: string
289
+
290
+ /**
291
+ * Entra Authentication Endpoint to use.
292
+ *
293
+ * @remarks
294
+ * If not populated the Entra Public Cloud endpoint is assumed.
295
+ * This example of Public Cloud Endpoint is https://login.microsoftonline.com
296
+ * see also https://learn.microsoft.com/entra/identity-platform/authentication-national-cloud
297
+ */
298
+ authorityEndpoint?: string
299
+
300
+ /**
301
+ * The federated client ID for the authentication configuration, used for workload identity federation scenarios.
302
+ */
303
+ federatedClientId?: string
304
+
305
+ /**
306
+ * The scopes for the authentication configuration.
307
+ */
308
+ scopes?: string[]
309
+ }
310
+
311
+ /**
312
+ * Supported authentication types for agent connections.
313
+ */
314
+ export enum AuthType {
315
+ Certificate = 'Certificate',
316
+ CertificateSubjectName = 'CertificateSubjectName',
317
+ ClientSecret = 'ClientSecret',
318
+ UserManagedIdentity = 'UserManagedIdentity',
319
+ SystemManagedIdentity = 'SystemManagedIdentity',
320
+ FederatedCredentials = 'FederatedCredentials',
321
+ WorkloadIdentity = 'WorkloadIdentity',
322
+ IdentityProxyManager = 'IdentityProxyManager'
323
+ }