npm - @microsoft/teams-js - Versions diffs - 2.35.0 → 2.36.0 - Mend

@microsoft/teams-js 2.35.0 → 2.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/umd/MicrosoftTeams.js CHANGED Viewed

@@ -1011,7 +1011,9 @@ __webpack_require__.d(__webpack_exports__, {
   UUID: () => (/* reexport */ UUID),
   UserSettingTypes: () => (/* reexport */ UserSettingTypes),
   UserTeamRole: () => (/* reexport */ UserTeamRole),
+  ValidatedSafeString: () => (/* reexport */ validatedSafeString_ValidatedSafeString),
   ViewerActionTypes: () => (/* reexport */ ViewerActionTypes),
+  activateChildProxyingCommunication: () => (/* reexport */ activateChildProxyingCommunication),
   app: () => (/* reexport */ app_namespaceObject),
   appEntity: () => (/* reexport */ appEntity_namespaceObject),
   appInitialization: () => (/* reexport */ appInitialization_namespaceObject),
@@ -1031,11 +1033,13 @@ __webpack_require__.d(__webpack_exports__, {
   externalAppAuthenticationForCEA: () => (/* reexport */ externalAppAuthenticationForCEA_namespaceObject),
   externalAppCardActions: () => (/* reexport */ externalAppCardActions_namespaceObject),
   externalAppCardActionsForCEA: () => (/* reexport */ externalAppCardActionsForCEA_namespaceObject),
+  externalAppCardActionsForDA: () => (/* reexport */ externalAppCardActionsForDA_namespaceObject),
   externalAppCommands: () => (/* reexport */ externalAppCommands_namespaceObject),
   files: () => (/* reexport */ files_namespaceObject),
   geoLocation: () => (/* reexport */ geoLocation_namespaceObject),
   getAdaptiveCardSchemaVersion: () => (/* reexport */ getAdaptiveCardSchemaVersion),
   getContext: () => (/* reexport */ publicAPIs_getContext),
+  getCurrentFeatureFlagsState: () => (/* reexport */ getCurrentFeatureFlagsState),
   getMruTabInstances: () => (/* reexport */ publicAPIs_getMruTabInstances),
   getTabInstances: () => (/* reexport */ publicAPIs_getTabInstances),
   hostEntity: () => (/* reexport */ hostEntity_namespaceObject),
@@ -1056,9 +1060,11 @@ __webpack_require__.d(__webpack_exports__, {
   navigateCrossDomain: () => (/* reexport */ navigation_navigateCrossDomain),
   navigateToTab: () => (/* reexport */ navigation_navigateToTab),
   nestedAppAuth: () => (/* reexport */ nestedAppAuth_namespaceObject),
+  nestedAppAuthBridge: () => (/* reexport */ nestedAppAuthBridge_namespaceObject),
   notifications: () => (/* reexport */ notifications_namespaceObject),
   openFilePreview: () => (/* reexport */ openFilePreview),
   otherAppStateChange: () => (/* reexport */ otherAppStateChange_namespaceObject),
+  overwriteFeatureFlagsState: () => (/* reexport */ overwriteFeatureFlagsState),
   pages: () => (/* reexport */ pages_namespaceObject),
   people: () => (/* reexport */ people_namespaceObject),
   print: () => (/* reexport */ publicAPIs_print),
@@ -1081,6 +1087,7 @@ __webpack_require__.d(__webpack_exports__, {
   secondaryBrowser: () => (/* reexport */ secondaryBrowser_namespaceObject),
   sendCustomEvent: () => (/* reexport */ sendCustomEvent),
   sendCustomMessage: () => (/* reexport */ sendCustomMessage),
+  setFeatureFlagsState: () => (/* reexport */ setFeatureFlagsState),
   setFrameContext: () => (/* reexport */ setFrameContext),
   settings: () => (/* reexport */ settings_namespaceObject),
   shareDeepLink: () => (/* reexport */ publicAPIs_shareDeepLink),
@@ -1412,6 +1419,15 @@ __webpack_require__.d(externalAppCardActionsForCEA_namespaceObject, {
   processActionSubmit: () => (externalAppCardActionsForCEA_processActionSubmit)
 });
+// NAMESPACE OBJECT: ./src/private/externalAppCardActionsForDA.ts
+var externalAppCardActionsForDA_namespaceObject = {};
+__webpack_require__.r(externalAppCardActionsForDA_namespaceObject);
+__webpack_require__.d(externalAppCardActionsForDA_namespaceObject, {
+  SerializableActionOpenUrlDialogInfo: () => (SerializableActionOpenUrlDialogInfo),
+  isSupported: () => (externalAppCardActionsForDA_isSupported),
+  processActionOpenUrlDialog: () => (processActionOpenUrlDialog)
+});
 // NAMESPACE OBJECT: ./src/private/externalAppCommands.ts
 var externalAppCommands_namespaceObject = {};
 __webpack_require__.r(externalAppCommands_namespaceObject);
@@ -1470,6 +1486,14 @@ __webpack_require__.d(messageChannels_namespaceObject, {
   telemetry: () => (messageChannels_telemetry_namespaceObject)
 });
+// NAMESPACE OBJECT: ./src/private/nestedAppAuth/nestedAppAuthBridge.ts
+var nestedAppAuthBridge_namespaceObject = {};
+__webpack_require__.r(nestedAppAuthBridge_namespaceObject);
+__webpack_require__.d(nestedAppAuthBridge_namespaceObject, {
+  initialize: () => (nestedAppAuthBridge_initialize),
+  version: () => (nestedAppAuthBridge_version)
+});
 // NAMESPACE OBJECT: ./src/private/notifications.ts
 var notifications_namespaceObject = {};
 __webpack_require__.r(notifications_namespaceObject);
@@ -1676,6 +1700,11 @@ __webpack_require__.d(clipboard_namespaceObject, {
 var nestedAppAuth_namespaceObject = {};
 __webpack_require__.r(nestedAppAuth_namespaceObject);
 __webpack_require__.d(nestedAppAuth_namespaceObject, {
+  addNAATrustedOrigins: () => (addNAATrustedOrigins),
+  canParentManageNAATrustedOrigins: () => (canParentManageNAATrustedOrigins),
+  deleteNAATrustedOrigins: () => (deleteNAATrustedOrigins),
+  getParentOrigin: () => (getParentOrigin),
+  isDeeplyNestedAuthSupported: () => (isDeeplyNestedAuthSupported),
   isNAAChannelRecommended: () => (isNAAChannelRecommended)
 });
@@ -2343,20 +2372,6 @@ const errorRuntimeNotSupported = 'The runtime version is not supported';
 /** @hidden */
 const errorCallNotStarted = 'The call was not properly started';
-;// ./src/internal/globalVars.ts
-class GlobalVars {
-}
-GlobalVars.initializeCalled = false;
-GlobalVars.initializeCompleted = false;
-GlobalVars.additionalValidOrigins = [];
-GlobalVars.initializePromise = undefined;
-GlobalVars.isFramelessWindow = false;
-GlobalVars.frameContext = undefined;
-GlobalVars.hostClientType = undefined;
-GlobalVars.printCapabilityEnabled = false;
-// EXTERNAL MODULE: ../../node_modules/.pnpm/debug@4.3.5/node_modules/debug/src/browser.js
-var browser = __webpack_require__(815);
 // EXTERNAL MODULE: ../../node_modules/.pnpm/base64-js@1.5.1/node_modules/base64-js/index.js
 var base64_js = __webpack_require__(933);
 ;// ../../node_modules/.pnpm/skeleton-buffer@file+skeleton-buffer/node_modules/skeleton-buffer/index.js
@@ -4026,8 +4041,43 @@ class UUID {
     toString() {
         return this.uuid;
     }
+    /**
+     * @returns A serializable representation of an uuid, used for passing uuids to the host.
+     */
+    serialize() {
+        return this.toString();
+    }
 }
+/**
+ * @hidden
+ * Checks if the incoming id is an instance of ValidatedSafeString
+ * @param id An object to check if it's an instance of ValidatedSafeString
+ * @throws Error with a message describing the violation
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function validateUuidInstance(id) {
+    if (!(id instanceof UUID)) {
+        throw new Error(`Potential id (${JSON.stringify(id)}) is invalid; it is not an instance of UUID class.`);
+    }
+}
+;// ./src/internal/globalVars.ts
+class GlobalVars {
+}
+GlobalVars.initializeCalled = false;
+GlobalVars.initializeCompleted = false;
+GlobalVars.additionalValidOrigins = [];
+GlobalVars.initializePromise = undefined;
+GlobalVars.isFramelessWindow = false;
+GlobalVars.frameContext = undefined;
+GlobalVars.hostClientType = undefined;
+GlobalVars.printCapabilityEnabled = false;
+GlobalVars.teamsJsInstanceId = new UUID().toString();
+// EXTERNAL MODULE: ../../node_modules/.pnpm/debug@4.3.5/node_modules/debug/src/browser.js
+var browser = __webpack_require__(815);
 ;// ./src/internal/telemetry.ts
 // We are directly referencing the browser implementation of `debug` to resolve an issue with polyfilling. For a full write-up on the bug please see ADO Bug #9619161
@@ -4148,6 +4198,7 @@ let runtime = _uninitializedRuntime;
 const versionAndPlatformAgnosticTeamsRuntimeConfig = {
     apiVersion: 4,
     isNAAChannelRecommended: false,
+    isDeeplyNestedAuthSupported: false,
     hostVersionsInfo: teamsMinAdaptiveCardVersion,
     isLegacyTeams: true,
     supports: {
@@ -4484,7 +4535,65 @@ function isSerializable(arg) {
  * @hidden
  *  Package version.
  */
-const version = "2.35.0";
+const version = "2.36.0";
+;// ./src/public/featureFlags.ts
+// All build feature flags are defined inside this object. Any build feature flag must have its own unique getter and setter function. This pattern allows for client apps to treeshake unused code and avoid including code guarded by this feature flags in the final bundle. If this property isn't desired, use the below runtime feature flags object.
+const buildFeatureFlags = {
+    childProxyingCommunication: false,
+};
+/**
+ * This function enables child proxying communication for apps that still needs it.
+ *
+ * @deprecated Child proxying is considered an insecure feature and will be removed in future releases.
+ */
+function activateChildProxyingCommunication() {
+    buildFeatureFlags.childProxyingCommunication = true;
+}
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ */
+function isChildProxyingEnabled() {
+    return buildFeatureFlags.childProxyingCommunication;
+}
+/**
+ * @hidden
+ * @internal
+ * Limited to Microsoft-internal use.
+ */
+function resetBuildFeatureFlags() {
+    buildFeatureFlags.childProxyingCommunication = false;
+}
+// Default runtime feature flags
+const defaultFeatureFlags = {
+    disableEnforceOriginMatchForChildResponses: false,
+};
+// Object that stores the current runtime feature flag state
+let runtimeFeatureFlags = defaultFeatureFlags;
+/**
+ * @returns The current state of the runtime feature flags.
+ */
+function getCurrentFeatureFlagsState() {
+    return runtimeFeatureFlags;
+}
+/**
+ * It sets the runtime feature flags to the new feature flags provided.
+ * @param featureFlags The new feature flags to set.
+ */
+function setFeatureFlagsState(featureFlags) {
+    runtimeFeatureFlags = featureFlags;
+}
+/**
+ * It overwrites all the feature flags in the runtime feature flags object with the new feature flags provided.
+ * @param newFeatureFlags The new feature flags to set.
+ * @returns The current state of the runtime feature flags.
+ */
+function overwriteFeatureFlagsState(newFeatureFlags) {
+    setFeatureFlagsState(Object.assign(Object.assign({}, runtimeFeatureFlags), newFeatureFlags));
+    return getCurrentFeatureFlagsState();
+}
 ;// ./src/internal/messageObjects.ts
 var messageObjects_rest = (undefined && undefined.__rest) || function (s, e) {
@@ -4689,7 +4798,8 @@ function processAdditionalValidOrigins(validMessageOrigins) {
     GlobalVars.additionalValidOrigins = combinedOriginUrls;
 }
-;// ./src/internal/appIdValidation.ts
+;// ./src/internal/idValidation.ts
 /**
@@ -4703,13 +4813,15 @@ function processAdditionalValidOrigins(validMessageOrigins) {
  * @param potentialAppId A string to check if it's a "valid" app id
  * @throws Error with a message describing the exact validation violation
  */
-function validateStringAsAppId(potentialAppId) {
-    if (hasScriptTags(potentialAppId)) {
-        throw new Error(`Potential app id (${potentialAppId}) is invalid; it contains script tags.`);
-    }
+function validateStringLength(potentialAppId) {
     if (!isStringWithinAppIdLengthLimits(potentialAppId)) {
         throw new Error(`Potential app id (${potentialAppId}) is invalid; its length ${potentialAppId.length} is not within the length limits (${minimumValidAppIdLength}-${maximumValidAppIdLength}).`);
     }
+}
+function validateSafeContent(potentialAppId) {
+    if (hasScriptTags(potentialAppId)) {
+        throw new Error(`Potential app id (${potentialAppId}) is invalid; it contains script tags.`);
+    }
     if (doesStringContainNonPrintableCharacters(potentialAppId)) {
         throw new Error(`Potential app id (${potentialAppId}) is invalid; it contains non-printable characters.`);
     }
@@ -4738,9 +4850,56 @@ function validateAppIdInstance(potentialAppId) {
         throw new Error(`Potential app id (${potentialAppId}) is invalid; it is not an instance of AppId class.`);
     }
 }
+/**
+ * @hidden
+ * Checks if the incoming string is an instance of ValidatedSafeString
+ * @param incomingString An object to check if it's an instance of ValidatedSafeString
+ * @throws Error with a message describing the violation
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function validateSafeStringInstance(incomingString) {
+    if (!(incomingString instanceof ValidatedSafeString)) {
+        throw new Error(`The string (${incomingString}) is invalid; it is not an instance of ValidatedSafeString class.`);
+    }
+}
+;// ./src/public/validatedSafeString.ts
+/**
+ * A strongly typed class used to represent a "valid" string id.
+ */
+class validatedSafeString_ValidatedSafeString {
+    /**
+     * Creates a strongly-typed Id from a string
+     *
+     * @param idAsString An id represented as a string
+     * @throws Error with a message describing the exact validation violation
+     */
+    constructor(idAsString) {
+        this.idAsString = idAsString;
+        validateSafeContent(idAsString);
+    }
+    /**
+     * @hidden
+     * @internal
+     *
+     * @returns A serializable representation of an AppId, used for passing AppIds to the host.
+     */
+    serialize() {
+        return this.toString();
+    }
+    /**
+     * Returns the app id as a string
+     */
+    toString() {
+        return this.idAsString;
+    }
+}
 ;// ./src/public/appId.ts
 /**
  * A strongly-typed class used to represent a "valid" app id.
  *
@@ -4752,7 +4911,7 @@ function validateAppIdInstance(potentialAppId) {
  * for script tags, length, and non-printable characters. Validation will be updated in the future to ensure
  * the app id is a valid UUID as legacy apps update.
  */
-class AppId {
+class AppId extends validatedSafeString_ValidatedSafeString {
     /**
      * Creates a strongly-typed AppId from a string
      *
@@ -4760,23 +4919,17 @@ class AppId {
      * @throws Error with a message describing the exact validation violation
      */
     constructor(appIdAsString) {
-        this.appIdAsString = appIdAsString;
-        validateStringAsAppId(appIdAsString);
+        super(appIdAsString);
+        validateStringLength(appIdAsString);
     }
     /**
-     * @hidden
-     * @internal
+     * Returns a JSON representation of the AppId object
+     * @returns A JSON representation of the AppId object
      *
-     * @returns A serializable representation of an AppId, used for passing AppIds to the host.
+     * note: this method maintains backward compatibility for JSON serialization
      */
-    serialize() {
-        return this.toString();
-    }
-    /**
-     * Returns the app id as a string
-     */
-    toString() {
-        return this.appIdAsString;
+    toJSON() {
+        return { appIdAsString: this.toString() };
     }
 }
@@ -7522,6 +7675,7 @@ var childCommunication_awaiter = (undefined && undefined.__awaiter) || function
 const communicationLogger = getLogger('childProxyingCommunication');
 /**
  * @internal
@@ -7545,6 +7699,9 @@ function uninitializeChildCommunication() {
  * Limited to Microsoft-internal use
  */
 function shouldEventBeRelayedToChild() {
+    if (!isChildProxyingEnabled()) {
+        return false;
+    }
     return !!ChildCommunication.window;
 }
 /**
@@ -7553,6 +7710,9 @@ function shouldEventBeRelayedToChild() {
  * Limited to Microsoft-internal use
  */
 function shouldProcessChildMessage(messageSource, messageOrigin) {
+    if (!isChildProxyingEnabled()) {
+        return false;
+    }
     if (!ChildCommunication.window || ChildCommunication.window.closed || messageSource === ChildCommunication.window) {
         ChildCommunication.window = messageSource;
         ChildCommunication.origin = messageOrigin;
@@ -7609,15 +7769,24 @@ function handleIncomingMessage(evt, sendMessageToParentHelper, setCallbackForReq
  * Limited to Microsoft-internal use
  */
 function sendChildMessageToParent(message, sendMessageToParentHelper, setCallbackForRequest) {
-    const request = sendMessageToParentHelper(getApiVersionTag("v2" /* ApiVersionNumber.V_2 */, "tasks.startTask" /* ApiName.Tasks_StartTask */), message.func, message.args, true);
+    const request = sendMessageToParentHelper(getApiVersionTag("v2" /* ApiVersionNumber.V_2 */, "tasks.startTask" /* ApiName.Tasks_StartTask */), message.func, message.args, true, // Tags message as proxied from child
+    message.teamsJsInstanceId);
+    // Copy variable to new pointer
+    const requestChildWindowOrigin = ChildCommunication.origin;
     setCallbackForRequest(request.uuid, (...args) => {
-        if (ChildCommunication.window) {
-            const isPartialResponse = args.pop();
-            handleIncomingMessageFromChildLogger('Message from parent being relayed to child, id: %s', getMessageIdsAsLogString(message));
-            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-            // @ts-ignore
-            sendMessageResponseToChild(message.id, message.uuid, args, isPartialResponse);
+        if (!ChildCommunication.window) {
+            return;
+        }
+        if (!getCurrentFeatureFlagsState().disableEnforceOriginMatchForChildResponses &&
+            requestChildWindowOrigin !== ChildCommunication.origin) {
+            handleIncomingMessageFromChildLogger('Origin of child window has changed, not sending response back to child window');
+            return;
         }
+        const isPartialResponse = args.pop();
+        handleIncomingMessageFromChildLogger('Message from parent being relayed to child, id: %s', getMessageIdsAsLogString(message));
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        sendMessageResponseToChild(message.id, message.uuid, args, isPartialResponse);
     });
 }
 /**
@@ -7769,6 +7938,7 @@ HostToAppMessageDelayTelemetry.callbackInformation = new Map();
 const nestedAppAuthLogger = getLogger('nestedAppAuthUtils');
 const tryPolyfillWithNestedAppAuthBridgeLogger = nestedAppAuthLogger.extend('tryPolyfillWithNestedAppAuthBridge');
+const nestedAppAuthTelemetryVersionNumber = "v2" /* ApiVersionNumber.V_2 */;
 /**
  * @hidden
  * Attempt to polyfill the nestedAppAuthBridge object on the given window
@@ -7787,6 +7957,11 @@ function tryPolyfillWithNestedAppAuthBridge(clientSupportedSDKVersion, window, h
         logger('Cannot polyfill nestedAppAuthBridge as current window does not exist');
         return;
     }
+    // Skip injection if this is a nested iframe (i.e., not the top-most app)
+    if (window.parent !== window.top) {
+        logger('Default NAA bridge injection not supported in nested iframe. Use standalone NAA bridge instead.');
+        return;
+    }
     const parsedClientSupportedSDKVersion = (() => {
         try {
             return JSON.parse(clientSupportedSDKVersion);
@@ -7857,8 +8032,9 @@ function createNestedAppAuthBridge(window, bridgeHandlers) {
                 logger('Unrecognized data format received by app, message being ignored. Message: %o', message);
                 return;
             }
+            const apiVersionTag = getApiVersionTag(nestedAppAuthTelemetryVersionNumber, "nestedAppAuth.execute" /* ApiName.NestedAppAuth_Execute */);
             // Post the message to the top window
-            sendPostMessage(message);
+            sendPostMessage(message, apiVersionTag);
         },
         removeEventListener: (eventName, callback) => {
             window.removeEventListener(eventName, nestedAppAuthBridgeHandler(callback));
@@ -8199,10 +8375,10 @@ const sendNestedAuthRequestToTopWindowLogger = communication_communicationLogger
  * @internal
  * Limited to Microsoft-internal use
  */
-function sendNestedAuthRequestToTopWindow(message) {
+function sendNestedAuthRequestToTopWindow(message, apiVersionTag) {
     const logger = sendNestedAuthRequestToTopWindowLogger;
     const targetWindow = Communication.topWindow;
-    const request = createNestedAppAuthRequest(message);
+    const request = createNestedAppAuthRequest(message, apiVersionTag);
     logger('Message %s information: %o', getMessageIdsAsLogString(request), {
         actionName: request.func,
     });
@@ -8243,10 +8419,10 @@ const sendMessageToParentHelperLogger = communication_communicationLogger.extend
  * @internal
  * Limited to Microsoft-internal use
  */
-function sendMessageToParentHelper(apiVersionTag, actionName, args, isProxiedFromChild) {
+function sendMessageToParentHelper(apiVersionTag, actionName, args, isProxiedFromChild, teamsJsInstanceId) {
     const logger = sendMessageToParentHelperLogger;
     const targetWindow = Communication.parentWindow;
-    const request = createMessageRequest(apiVersionTag, actionName, args, isProxiedFromChild);
+    const request = createMessageRequest(apiVersionTag, actionName, args, isProxiedFromChild, teamsJsInstanceId);
     HostToAppMessageDelayTelemetry.storeCallbackInformation(request.uuid, {
         name: actionName,
         calledAt: request.timestamp,
@@ -8621,10 +8797,16 @@ function waitForMessageQueue(targetWindow, callback) {
  * @internal
  * Limited to Microsoft-internal use
  */
-function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
+function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild, teamsJsInstanceId) {
     const messageId = CommunicationPrivate.nextMessageId++;
     const messageUuid = new UUID();
     CommunicationPrivate.legacyMessageIdsToUuidMap[messageId] = messageUuid;
+    /**
+     * Only when `isProxiedFromChild` is explicitly set to be true, the message request is created and relayed for child app
+     * Parent app needs to create and relay message request with whatever child app sent to it,
+     * and parent app's TeamsJS instance ID can NOT be used in this case.
+     */
+    const tjsInstanceIdToAttach = isProxiedFromChild === true ? teamsJsInstanceId : GlobalVars.teamsJsInstanceId;
     return {
         id: messageId,
         uuid: messageUuid,
@@ -8634,6 +8816,7 @@ function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
         args: args || [],
         apiVersionTag: apiVersionTag,
         isProxiedFromChild: isProxiedFromChild !== null && isProxiedFromChild !== void 0 ? isProxiedFromChild : false,
+        teamsJsInstanceId: tjsInstanceIdToAttach,
     };
 }
 /**
@@ -8647,7 +8830,7 @@ function createMessageRequest(apiVersionTag, func, args, isProxiedFromChild) {
  *
  * @returns {NestedAppAuthRequest} Returns a NestedAppAuthRequest object with a unique id, the function name set to 'nestedAppAuthRequest', the current timestamp, an empty args array, and the provided message as data.
  */
-function createNestedAppAuthRequest(message) {
+function createNestedAppAuthRequest(message, apiVersionTag) {
     const messageId = CommunicationPrivate.nextMessageId++;
     const messageUuid = new UUID();
     CommunicationPrivate.legacyMessageIdsToUuidMap[messageId] = messageUuid;
@@ -8657,6 +8840,7 @@ function createNestedAppAuthRequest(message) {
         func: 'nestedAppAuth.execute',
         timestamp: Date.now(),
         monotonicTimestamp: getCurrentTimestamp(),
+        apiVersionTag: apiVersionTag,
         // Since this is a nested app auth request, we don't need to send any args.
         // We avoid overloading the args array with the message to avoid potential issues processing of these messages on the hubSDK.
         args: [],
@@ -9896,6 +10080,138 @@ function externalAppCardActionsForCEA_isSupported() {
     return ensureInitialized(runtime) && runtime.supports.externalAppCardActionsForCEA ? true : false;
 }
+;// ./src/private/constants.ts
+/**
+ * @hidden
+ * Error codes that can be thrown from externalAppCommands and externalAppCardCommands Action Submit specifically
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+var ExternalAppErrorCode;
+(function (ExternalAppErrorCode) {
+    ExternalAppErrorCode["INTERNAL_ERROR"] = "INTERNAL_ERROR";
+})(ExternalAppErrorCode || (ExternalAppErrorCode = {}));
+;// ./src/private/externalAppErrorHandling.ts
+/**
+ * @hidden
+ * Determines if the provided error object is an instance of ExternalAppError
+ * @internal
+ * Limited to Microsoft-internal use
+ * @param err The error object to check whether it is of ExternalAppError type
+ */
+function isExternalAppError(err) {
+    if (typeof err !== 'object' || err === null) {
+        return false;
+    }
+    const error = err;
+    return (Object.values(ExternalAppErrorCode).includes(error.errorCode) &&
+        (error.message === undefined || typeof error.message === 'string'));
+}
+;// ./src/private/externalAppCardActionsForDA.ts
+/**
+ * @beta
+ * @hidden
+ * Module to delegate adaptive card action for Declarative Agents execution to the host
+ * @internal
+ * Limited to Microsoft-internal use
+ * @module
+ */
+var externalAppCardActionsForDA_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+/**
+ * All of APIs in this capability file should send out API version v2 ONLY
+ */
+const externalAppCardActionsForDATelemetryVersionNumber = "v2" /* ApiVersionNumber.V_2 */;
+/**
+ * @beta
+ * @hidden
+ * Delegates an Adaptive Card Action.OpenUrlDialog request to the host for the application with the provided app ID
+ * @internal
+ * Limited to Microsoft-internal use
+ * @param appId ID of the application the request is intended for. This must be a UUID
+ * @param actionOpenUrlDialogInfo Information required to open the URL dialog
+ * @param traceId The trace identifier used for monitoring and live site investigations
+ * @returns Promise that resolves when the request is completed and rejects with ExternalAppError if the request fails
+ */
+function processActionOpenUrlDialog(appId, actionOpenUrlDialogInfo, traceId) {
+    return externalAppCardActionsForDA_awaiter(this, void 0, void 0, function* () {
+        ensureInitialized(runtime, FrameContexts.content);
+        if (!externalAppCardActionsForDA_isSupported()) {
+            throw errorNotSupportedOnPlatform;
+        }
+        externalAppCardActionsForDA_validateInput(appId, traceId);
+        return callFunctionInHost("externalAppCardActionsForDA.processActionOpenUrlDialog" /* ApiName.ExternalAppCardActionsForDA_ProcessActionOpenUrlDialog */, [appId, new SerializableActionOpenUrlDialogInfo(actionOpenUrlDialogInfo), traceId], getApiVersionTag(externalAppCardActionsForDATelemetryVersionNumber, "externalAppCardActionsForDA.processActionOpenUrlDialog" /* ApiName.ExternalAppCardActionsForDA_ProcessActionOpenUrlDialog */), isExternalAppError);
+    });
+}
+/**
+ * @beta
+ * @hidden
+ * Checks if the externalAppCardActions capability is supported by the host
+ * @returns boolean to represent whether externalAppCardActions capability is supported
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function externalAppCardActionsForDA_isSupported() {
+    return ensureInitialized(runtime) && runtime.supports.externalAppCardActionsForDA ? true : false;
+}
+/**
+ * @beta
+ * @hidden
+ * Checks if the externalAppCardActions capability is supported by the host
+ * @returns boolean to represent whether externalAppCardActions capability is supported
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function externalAppCardActionsForDA_validateInput(appId, traceId) {
+    validateAppIdInstance(appId);
+    validateUuidInstance(traceId);
+}
+/**
+ * @beta
+ * @hidden
+ * Serializable class for ActionOpenUrlDialogInfo to send info to the host
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+class SerializableActionOpenUrlDialogInfo {
+    constructor(info) {
+        this.info = info;
+    }
+    serialize() {
+        const { url, title, size } = this.info;
+        return {
+            url: url.href,
+            title,
+            size,
+        };
+    }
+}
 ;// ./src/private/externalAppCommands.ts
 /**
  * @hidden
@@ -10658,6 +10974,240 @@ function messageChannels_isSupported() {
 }
+;// ./src/private/nestedAppAuth/nestedAppAuthBridge.ts
+/**
+ * @beta
+ * @hidden
+ * Local version of the Nested App Auth Bridge module.
+ *
+ * This version is specific to this standalone module and is not tied to the overall TeamsJS SDK version.
+ * It allows developers to track changes within this module and handle version-based compatibility if needed.
+ *
+ * While not strictly required today, having a version provides flexibility for future updates,
+ * especially if breaking changes are introduced later.
+ *
+ * Example:
+ *   if (nestedAppAuthBridge.version.startsWith('1.')) {
+ *     // Safe to use with current logic
+ *   }
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+const nestedAppAuthBridge_version = '1.0.0';
+/**
+ * Bridge handlers used for processing messages.
+ */
+const bridgeHandlers = {
+    onMessage: nestedAppAuthBridge_processAuthBridgeMessage,
+};
+let topOriginForNAA = null;
+let isNAALoggerEnabled = false;
+/**
+ * @beta
+ * @hidden
+ * Initializes the Nested App Auth Bridge.
+ * @param window The window object where the bridge will be attached.
+ * @param topOrigin The origin of the top-level frame.
+ * @param enableLogging - Optional flag to enable internal debug and error logging. Defaults to false.
+ *
+ * @internal
+ * Limited to Microsoft-internal use
+ */
+function nestedAppAuthBridge_initialize(window, topOrigin, enableLogging = false) {
+    isNAALoggerEnabled = enableLogging;
+    if (!window) {
+        throw new Error('Cannot polyfill nestedAppAuthBridge as the current window does not exist');
+    }
+    if (!topOrigin) {
+        throw new Error('Top origin is required to initialize the Nested App Auth Bridge');
+    }
+    try {
+        const parsedOrigin = new URL(topOrigin);
+        if (parsedOrigin.protocol !== 'https:') {
+            throw new Error(`Invalid top origin: ${topOrigin}. Only HTTPS origins are allowed.`);
+        }
+        topOriginForNAA = parsedOrigin.origin;
+    }
+    catch (error) {
+        throw new Error(`Failed to initialize bridge: invalid top origin: ${topOrigin}`);
+    }
+    const extendedWindow = window;
+    // If the bridge is already present, return.
+    if (extendedWindow.nestedAppAuthBridge) {
+        log('Nested App Auth Bridge is already present');
+        return;
+    }
+    // Create and assign the bridge to the window.
+    const nestedAppAuthBridge = nestedAppAuthBridge_createNestedAppAuthBridge(extendedWindow);
+    if (nestedAppAuthBridge) {
+        extendedWindow.nestedAppAuthBridge = nestedAppAuthBridge;
+    }
+}
+/**
+ * Creates the Nested App Auth Bridge.
+ * @param window The window object where the bridge is being injected.
+ * @returns A NestedAppAuthBridge instance.
+ */
+function nestedAppAuthBridge_createNestedAppAuthBridge(window) {
+    const messageHandlers = new WeakMap();
+    const { onMessage } = bridgeHandlers;
+    const nestedAppAuthBridgeHandler = (callback) => (evt) => onMessage(evt, callback);
+    return {
+        /**
+         * Adds an event listener for message events.
+         */
+        addEventListener: (eventName, callback) => {
+            if (eventName === 'message') {
+                const handler = nestedAppAuthBridgeHandler(callback);
+                messageHandlers.set(callback, handler);
+                window.addEventListener(eventName, handler);
+            }
+            else {
+                log(`Event ${eventName} is not supported by nestedAppAuthBridge`);
+            }
+        },
+        /**
+         * Sends a message using postMessage.
+         */
+        postMessage: (message) => {
+            if (window.top) {
+                try {
+                    const parsedMessage = JSON.parse(message);
+                    if (typeof parsedMessage === 'object' &&
+                        parsedMessage.messageType === "NestedAppAuthRequest" /* NestedAppAuthMessageEventNames.Request */) {
+                        const request = nestedAppAuthBridge_createNestedAppAuthRequest(message);
+                        if (window !== window.top && topOriginForNAA) {
+                            window.top.postMessage(request, topOriginForNAA);
+                        }
+                        else {
+                            logError('Not in an embedded iframe; skipping postMessage.');
+                            return;
+                        }
+                    }
+                }
+                catch (error) {
+                    logError('Failed to parse message:', error, 'Original message:', message);
+                    return;
+                }
+            }
+            else {
+                throw new Error('window.top is not available for posting messages');
+            }
+        },
+        /**
+         * Removes a previously attached event listener.
+         */
+        removeEventListener: (eventName, callback) => {
+            const handler = messageHandlers.get(callback);
+            if (handler) {
+                window.removeEventListener(eventName, handler);
+                messageHandlers.delete(callback);
+            }
+        },
+    };
+}
+/**
+ * Processes messages received through the auth bridge.
+ * @param evt The message event containing the response.
+ * @param onMessageReceived Callback function to handle the received message.
+ */
+function nestedAppAuthBridge_processAuthBridgeMessage(evt, onMessageReceived) {
+    if (!evt || !evt.data || typeof evt.data !== 'object' || evt.data === null) {
+        log('Invalid message format, ignoring. Message: %o', evt);
+        return;
+    }
+    // Validate message source before processing
+    if (!nestedAppAuthBridge_shouldProcessIncomingMessage(evt.source, evt.origin)) {
+        log('Message source/origin not allowed, ignoring.');
+        return;
+    }
+    const { args } = evt.data;
+    const [, message] = args !== null && args !== void 0 ? args : [];
+    const parsedData = (() => {
+        try {
+            return JSON.parse(message);
+        }
+        catch (error) {
+            logError('Failed to parse response message:', error);
+            return null;
+        }
+    })();
+    if (!parsedData || parsedData.messageType !== "NestedAppAuthResponse" /* NestedAppAuthMessageEventNames.Response */) {
+        log('Invalid response format, ignoring. Message: %o', evt);
+        return;
+    }
+    onMessageReceived(message);
+}
+function nestedAppAuthBridge_shouldProcessIncomingMessage(messageSource, messageOrigin) {
+    // Reject messages if they are not from the top window
+    if (messageSource && messageSource !== window.top) {
+        log('Should not process message because it is not coming from the top window');
+        return false;
+    }
+    // Check if messageOrigin matches topOriginForNAA
+    if (messageOrigin === topOriginForNAA) {
+        try {
+            return new URL(messageOrigin).protocol === 'https:';
+        }
+        catch (error) {
+            logError('Invalid message origin URL:', error);
+            return false;
+        }
+    }
+    return false;
+}
+/**
+ * Creates a NAA request with a unique ID and timestamp.
+ * @param data The data to be included in the request.
+ * @returns A stringified JSON request object.
+ */
+function nestedAppAuthBridge_createNestedAppAuthRequest(data) {
+    const timestamp = Date.now();
+    return {
+        id: generateUniqueId(),
+        uuid: esm_browser_v4(),
+        func: 'nestedAppAuth.execute',
+        timestamp: timestamp,
+        apiVersionTag: 'v2_nestedAppAuth.execute',
+        monotonicTimestamp: timestamp,
+        args: [],
+        data,
+    };
+}
+/**
+ * Generates a unique ID for NAA auth requests.
+ * @returns A randomly generated unique string.
+ */
+function generateUniqueId() {
+    return typeof crypto !== 'undefined' && crypto.randomUUID
+        ? crypto.randomUUID()
+        : Math.random().toString(36).substring(2, 11);
+}
+/**
+ * Logs informational messages to the console if logging is enabled.
+ * Used internally for non-critical debug output.
+ *
+ * @param args - The data to be logged.
+ */
+function log(...args) {
+    if (isNAALoggerEnabled) {
+        console.log(...args);
+    }
+}
+/**
+ * Logs error messages to the console if logging is enabled.
+ * Used internally for debugging and error tracing.
+ *
+ * @param args - The error data to be logged.
+ */
+function logError(...args) {
+    if (isNAALoggerEnabled) {
+        console.error(...args);
+    }
+}
 ;// ./src/private/notifications.ts
 /**
  * @hidden
@@ -12947,6 +13497,10 @@ function serializeValidSize(size) {
@@ -14311,6 +14865,15 @@ function clipboard_isSupported() {
 }
 ;// ./src/public/nestedAppAuth.ts
+var nestedAppAuth_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 /**
  * @beta
  * Nested app auth capabilities
@@ -14320,6 +14883,24 @@ function clipboard_isSupported() {
+/**
+ * v2 APIs telemetry file: All of APIs in this capability file should send out API version v2 ONLY
+ */
+const nestedAppAuth_hostEntityTelemetryVersionNumber = "v2" /* ApiVersionNumber.V_2 */;
+/**
+ * Response handler for managing NAA Trusted Origins.
+ */
+const trustedOriginResponseHandler = {
+    validate: (response) => Array.isArray(response) || typeof response === 'object',
+    deserialize: (response) => response,
+};
+var TrustedOriginAction;
+(function (TrustedOriginAction) {
+    TrustedOriginAction["ADD"] = "ADD";
+    TrustedOriginAction["DELETE"] = "DELETE";
+})(TrustedOriginAction || (TrustedOriginAction = {}));
 /**
  * Checks if MSAL-NAA channel recommended by the host
  * @returns true if host is recommending NAA channel and false otherwise
@@ -14333,6 +14914,47 @@ function isNAAChannelRecommended() {
     return ((_a = (ensureInitialized(runtime) &&
         (runtime.isNAAChannelRecommended || isNAAChannelRecommendedForLegacyTeamsMobile()))) !== null && _a !== void 0 ? _a : false);
 }
+/**
+ * Gets the origin of the parent window if available.
+ * This will be the top-level origin in the case of a parent app.
+ * It is used to pass to the embedded child app to initialize the Nested App Auth bridge.
+ * @returns The origin string if available, otherwise null
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function getParentOrigin() {
+    ensureInitialized(runtime);
+    return Communication.parentOrigin;
+}
+/**
+ * Checks if the parent has the capability to manage its list of trusted child origins
+ * for Nested App Auth (NAA).
+ *
+ * @returns true if parent can manage NAA TrustedOrigins, false otherwise
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function canParentManageNAATrustedOrigins() {
+    var _a;
+    return (_a = (ensureInitialized(runtime) && runtime.canParentManageNAATrustedOrigins)) !== null && _a !== void 0 ? _a : false;
+}
+/**
+ * Checks if NAA deeply nested scenario supported by the host
+ * @returns true if host supports
+ *
+ * @throws Error if {@linkcode app.initialize} has not successfully completed
+ *
+ * @beta
+ */
+function isDeeplyNestedAuthSupported() {
+    var _a;
+    return (_a = (ensureInitialized(runtime) && runtime.isDeeplyNestedAuthSupported)) !== null && _a !== void 0 ? _a : false;
+}
 function isNAAChannelRecommendedForLegacyTeamsMobile() {
     return ensureInitialized(runtime) &&
         isHostAndroidOrIOSOrIPadOSOrVisionOS() &&
@@ -14347,6 +14969,103 @@ function isHostAndroidOrIOSOrIPadOSOrVisionOS() {
         GlobalVars.hostClientType === HostClientType.ipados ||
         GlobalVars.hostClientType === HostClientType.visionOS);
 }
+/**
+ * Registers the origins of child apps as trusted for Nested App Auth (NAA).
+ *
+ * This allows a top-level parent app to specify which child app origins are considered trusted
+ *
+ * @param appOrigins - An array of child app origins to trust (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ *
+ * @beta
+ */
+function addNAATrustedOrigins(appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (!canParentManageNAATrustedOrigins()) {
+            throw errorNotSupportedOnPlatform;
+        }
+        const normalizedOrigins = appOrigins.map(normalizeOrigin);
+        return manageNAATrustedOrigins(TrustedOriginAction.ADD, normalizedOrigins);
+    });
+}
+/**
+ * Removes previously trusted child app origins from Nested App Auth (NAA).
+ *
+ * The specified origins will no longer be considered trusted.
+ *
+ * @param appOrigins - An array of child app origins to remove from the trusted list (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ *
+ * @beta
+ */
+function deleteNAATrustedOrigins(appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (!canParentManageNAATrustedOrigins()) {
+            throw errorNotSupportedOnPlatform;
+        }
+        const normalizedOrigins = appOrigins.map(normalizeOrigin);
+        return manageNAATrustedOrigins(TrustedOriginAction.DELETE, normalizedOrigins);
+    });
+}
+/**
+ * Performs the specified action (add or delete) on the list of trusted child app origins for Nested App Auth (NAA).
+ *
+ * This function is intended to be called by a top-level parent app to manage which child app origins are considered trusted.
+ *
+ * @param action - The action to perform: 'ADD' or 'DELETE'.
+ * @param appOrigins - An array of origins to add or remove (must be a non-empty array).
+ * @returns A Promise resolving with the result of the action.
+ * @throws Error if called from a non-top-level parent or if parameters are invalid.
+ */
+function manageNAATrustedOrigins(action, appOrigins) {
+    return nestedAppAuth_awaiter(this, void 0, void 0, function* () {
+        if (window.parent !== window.top) {
+            throw new Error('This API is only available in the top-level parent.');
+        }
+        if (!Array.isArray(appOrigins) || appOrigins.length === 0) {
+            throw new Error(`The '${appOrigins}' parameter is required and must be a non-empty array.`);
+        }
+        const args = [new SerializableManageNAATrustedOriginArgs(action, appOrigins)];
+        return callFunctionInHostAndHandleResponse('nestedAppAuth.manageNAATrustedOrigins', args, trustedOriginResponseHandler, getApiVersionTag(nestedAppAuth_hostEntityTelemetryVersionNumber, "nestedAppAuth.manageNAATrustedOrigins" /* ApiName.NestedAppAuth_ManageNAATrustedOrigins */));
+    });
+}
+/**
+ * Normalizes a given origin string by converting it to lowercase and extracting only the origin part.
+ *
+ * @param origin - A string representing a full URL.
+ * @returns The normalized origin (scheme + host + port) in lowercase.
+ * @throws Error if the input is not a valid URL.
+ */
+function normalizeOrigin(origin) {
+    try {
+        const url = new URL(origin);
+        return url.origin.toLowerCase(); // Normalize and return only the origin part
+    }
+    catch (error) {
+        throw new Error(`Invalid origin provided: ${origin}`);
+    }
+}
+/**
+ * Serializable arguments for manageNAATrustedOrigins.
+ */
+class SerializableManageNAATrustedOriginArgs {
+    constructor(action, appOrigins) {
+        this.action = action;
+        this.appOrigins = appOrigins;
+    }
+    /**
+     * Serializes the object to a JSON-compliant format.
+     * @returns JSON representation of the arguments.
+     */
+    serialize() {
+        return {
+            action: this.action,
+            appOrigins: this.appOrigins, // No need for conditional check, always included
+        };
+    }
+}
 ;// ./src/public/geoLocation/map.ts
 /**
@@ -18349,6 +19068,8 @@ function marketplace_isSupported() {