@microsoft/teamsfx-core 3.0.5-alpha.eb1380cea.0 → 3.0.5-alpha.fa365893d.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/teamsfx-core",
-  "version": "3.0.5-alpha.eb1380cea.0",
+  "version": "3.0.5-alpha.fa365893d.0",
   "main": "build/index.js",
   "types": "build/index.d.ts",
   "license": "MIT",
@@ -107,8 +107,8 @@
     "@microsoft/dev-tunnels-contracts": "1.1.9",
     "@microsoft/dev-tunnels-management": "1.1.9",
     "@microsoft/kiota": "1.26.1",
-    "@microsoft/m365-spec-parser": "^0.2.9-alpha.eb1380cea.0",
-    "@microsoft/teamsfx-api": "0.23.9-alpha.eb1380cea.0",
+    "@microsoft/m365-spec-parser": "^0.2.9-alpha.fa365893d.0",
+    "@microsoft/teamsfx-api": "0.23.9-alpha.fa365893d.0",
     "adm-zip": "^0.5.10",
     "ajv": "^8.5.0",
     "axios": "^1.8.3",
@@ -231,7 +231,7 @@
     "resource/**/*",
     "templates/**/*"
   ],
-  "gitHead": "530a8cef87c57a58e8871c6007852d259a4ce140",
+  "gitHead": "4cfbfd82137232f56f82a385309e1a1541b2510a",
   "publishConfig": {
     "access": "public"
   },

package/resource/package.nls.json

@@ -245,13 +245,13 @@
   "error.apime.noExtraAPICanBeAdded": "Unable to add API because only GET and POST methods are supported, with a maximum of 5 required parameters and no authentication. Also, methods defined in the manifest are not listed.",
   "error.copilot.noExtraAPICanBeAdded": "Unable to add API because no authentication is supported. Also, methods defined in the current OpenAPI description document are not listed.",
   "error.m365.NotExtendedToM365Error": "Unable to extend the app to Microsoft 365. Use 'teamsApp/extendToM365' action to extend the app to Microsoft 365.",
-  "error.share.yamlConfigNotFound": "Unable to find the \"share\" config in the m365agents.yml",
+  "error.share.yamlConfigNotFound": "Unable to find the \"deploy\" config in the m365agents.yml",
   "error.share.shareActionConfigNotFound": "Unable to find the \"%s\" action config in the m365agents.yml",
   "error.share.appPackageConfigNotFound": "Unable to find the appPackagePath config in the m365agents.yml",
   "error.share.manifestFileNotFound": "Unable to find the manifest file in the app package",
   "error.share.manifestIdNotFound": "Unable to find the manifest ID in the app package",
   "error.share.sharedConfigNotFound": "Unable to find the \"titleId\" or \"appId\" config in the m365agents.yml",
-  "error.share.sharedIdNotFound": "Unable to get shared title id or shared app id in the .env file. Shared title id: %s, shared app id: %s. You need to share the app first.",
+  "error.share.sharedIdNotFound": "Unable to get title id or app id in the .env file. Shared title id: %s, shared app id: %s. You need to deploy the agent before sharing.",
   "error.share.appPackageNotFound": "Unable to find the zip package in path: %s. You need to zip the package first.",
   "core.QuestionAppName.validation.pattern": "App name needs to begin with letters, include minimum two letters or digits, and exclude certain special characters.",
   "core.QuestionAppName.validation.maxlength": "App name is longer than the 30 characters.",
@@ -522,7 +522,6 @@
   "core.addKnowledge.success.vsc": "Capability source added to the project successfully.",
   "core.addKnowledge.success": "Capability source added to the project successfully. View agent manifest in \"%s\".",
   "core.addKnowledge.success.viewAgentManifest": "View agent manifest",
-  "core.addUserQuestion.validation": "Invalid email address",
   "core.scaffold.warning.summary": "We have detected following issues:\n%s",
   "core.addPlugin.warning.manifestVariables": "Environment variables \"%s\" found in manifest of the added plugin. Ensure the values are set in .env file or system environment variables.",
   "core.addPlugin.warning.apiSpecVariables": "Environment variables \"%s\" found in API specification of the added plugin. Ensure the values are set in .env file or system environment variables.",
@@ -545,6 +544,7 @@
   "core.getUserEmailQuestion.title": "Add owner to Teams/Microsoft Entra app for the account under the same Microsoft 365 tenant (email)",
   "core.getUserEmailQuestion.validation1": "Enter email address",
   "core.getUserEmailQuestion.validation2": "Change [UserName] to the real user name",
+  "core.getUserEmailQuestion.validation3": "Email address is invalid",
   "core.collaboration.error.failedToLoadDotEnvFile": "Unable to load your .env File. Reason: %s",
   "core.selectAadAppManifestQuestion.title": "Select Microsoft Entra manifest.json file",
   "core.selectTeamsAppManifestQuestion.title": "Select Teams manifest.json File",
@@ -639,8 +639,11 @@
   "core.common.ErrorFetchApiSpec": "Your OpenAPI description document should be accessible without authentication, otherwise download and start from a local copy.",
   "core.common.SendingApiRequest": "Sending API request: %s. Request body: %s",
   "core.common.ReceiveApiResponse": "Received API response: %s.",
-  "core.common.shareToUser.success": "Successfully shared the app with users: %s.",
-  "core.common.removeShareAccess.success": "Shared app access removed from the users: %s.",
+  "core.common.shareWithTenant.success": "Agent successfully shared with tenant.",
+  "core.common.shareWithUser.success": "Agent successfully shared with users: %s.",
+  "core.common.shareWithOwner.success": "Agent successfully shared with owners: %s.",
+  "core.common.removeOwnership.success": "Shared agent ownership removed from the users: %s.",
+  "core.common.removeShareAccess.success": "Shared access successfully removed from users: %s.",
   "core.envFunc.unsupportedFile.errorLog": "\"%s\" is an invalid file. Supported format: %s.",
   "core.envFunc.unsupportedFile.errorMessage": "Invalid file. %s",
   "core.envFunc.unsupportedFunction.errorLog": "\"%s\" is an invalid function. Supported function: \"%s\".",
@@ -664,7 +667,7 @@
   "core.summary.lifecycleFailed": "%s Lifecycle stage %s failed.",
   "core.summary.actionNotExecuted": "%s was not executed.",
   "core.summary.actionFailed": "%s failed.",
-  "core.summary.actionSucceeded": "%s was executed successfully.",
+  "core.summary.actionSucceeded": "%s executed successfully.",
   "core.summary.createdEnvFile": "Environment file was created at",
   "core.copilot.addAPI.success": "%s have(has) been successfully added to %s",
   "core.copilot.addAPI.InjectAPIKeyActionFailed": "Inject API key action to teamsapp.yaml file unsuccessful, make sure the file contains teamsApp/create action in provision section.",
@@ -696,11 +699,18 @@
   "core.uninstallQuestion.tdpOption": "App registration",
   "core.uninstallQuestion.botOption": "Bot framework registration",
   "core.uninstallQuestion.projectPath": "Project path",
-  "core.shareOptionQuestion.share": "Share the app",
-  "core.shareOptionQuestion.shareToUser": "Share with user(s)",
-  "core.shareOptionQuestion.placeholder": "Select an option",
-  "core.shareToUser.title": "Enter user emails (separated by commas)",
   "core.share.removeAccess.operator": "Cannot remove permission of the operator. Email: %s.",
+  "core.shareOperationQuestion.option.removeShareAccessFromUsers": "Remove access for selected user(s)",
+  "core.shareOperationQuestion.option.shareWithUsers": "Share access with selected user(s)",
+  "core.shareOptionQuestion.option.shareWithOwners": "Share agent ownership with selected user(s)",
+  "core.shareOptionQuestion.placeholder": "Select how to share the agent",
+  "core.shareOptionQuestion.title": "Share the agent",
+  "core.shareOptionQuestion.unshare.emails.title": "Email addresses of users for agent access removal",
+  "core.shareScopeQuestion.emails.title": "Email addresses of users for agent sharing",
+  "core.shareScopeQuestion.option.shareWithTenant": "Share the agent with all tenant users",
+  "core.shareScopeQuestion.option.shareWithUsers": "Share the agent with selected user(s)",
+  "core.shareScopeQuestion.placeholder": "Select a sharing scope",
+  "core.shareScopeQuestion.title": "Share the agent with users",
   "core.syncManifest.projectPath": "Project path",
   "core.syncManifest.env": "Target Microsoft 365 Agents Toolkit Environment",
   "core.syncManifest.teamsAppId": "App ID (optional)",
@@ -737,7 +747,6 @@
   "error.aad.manifest.UnknownResourceAccessId": "Unknown resourceAccess id: %s, try to use permission id instead of resourceAccess id.",
   "core.addSsoFiles.emptyProjectPath": "Project path is empty",
   "core.addSsoFiles.FailedToCreateAuthFiles": "Unable to create files for add sso. Detail error: %s.",
-  "core.getUserEmailQuestion.validation3": "Email address is invalid",
   "plugins.bot.ErrorSuggestions": "Suggestions: %s",
   "plugins.bot.InvalidValue": "%s is invalid with value: %s",
   "plugins.bot.SomethingIsMissing": "%s is not available.",
@@ -933,9 +942,9 @@
   "driver.botFramework.summary.update": "The bot registration has been updated successfully (%s).",
   "driver.botFramework.progressBar.createOrUpdateBot": "Creating or updating bot registration.",
   "driver.botFramework.error.InvalidBotId": "Bot ID %s is invalid. It must be a GUID.",
-  "driver.devChannel.description": "Create a sandboxed Team and channel for development and testing",
+  "driver.devChannel.description": "Create a sandbox in Teams with a channel for development and testing",
   "driver.devChannel.progress.message": "Creating Team and channel...",
-  "driver.devChannel.success": "Team %s with default channel %s created. Channel ID: %s, Team ID: %s",
+  "driver.devChannel.success": "Team %s with default channel %s created. Channel ID: %s Team ID: %s",
   "driver.devChannel.summary": "Team %s with default channel %s created.",
   "driver.devChannel.status": "Team and channel creation status: %s",
   "driver.devChannel.summary.exists": "Environment variable %s and %s already exist, skipping new sandboxed Team creation step.",

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/BotAuthenticationOptions.cs

@@ -0,0 +1,44 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+using System.ComponentModel.DataAnnotations;
+
+namespace {{YOUR_NAMESPACE}}.Configuration;
+
+/// <summary>
+/// Bot related authentication configuration.
+/// </summary>
+public class BotAuthenticationOptions
+{
+  /// <summary>
+  /// The client (application) ID of an App Registration in the tenant.
+  /// </summary>
+  [Required(ErrorMessage = "Client id is required")]
+  [RegularExpression(@"^[0-9A-Fa-f\-]{36}$")]
+  public string ClientId { get; set; }
+
+  /// <summary>
+  /// The client (application) Secret of an App Registration in the tenant.
+  /// </summary>
+  [Required(ErrorMessage = "Client secret is required")]
+  public string ClientSecret { get; set; }
+
+  /// <summary>
+  /// Authority URL that is used in OAuth On-behalf-of flow.
+  /// </summary>
+  [Required(ErrorMessage = "OAuth authority is required")]
+  [RegularExpression(@"^http(s)?://[-a-zA-Z0-9@:%._\+~#=/]{1,100}$")]
+  public string OAuthAuthority { get; set; }
+
+  /// <summary>
+  /// Application ID URI.
+  /// </summary>
+  [Required(ErrorMessage = "Application id uri is required")]
+  public string ApplicationIdUri { get; set; }
+
+  /// <summary>
+  /// Login authentication start page endpoint.
+  /// </summary>
+  [Required(ErrorMessage = "Login authentication start page endpoint is required")]
+  public string InitiateLoginEndpoint { get; set; }
+}

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/IIdentityClientAdapter.cs

@@ -0,0 +1,21 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+using Microsoft.Identity.Client;
+
+namespace {{YOUR_NAMESPACE}}.SSO
+{
+  /// <summary>
+  /// Adapter of IConfidentialClientApplication On-behalf-of flow.
+  /// </summary>
+  public interface IIdentityClientAdapter
+  {
+    /// <summary>
+    /// Use On-behalf-of flow to exchange access token.
+    /// </summary>
+    /// <param name="ssoToken">token from Teams client</param>
+    /// <param name="scopes">required scopes</param>
+    /// <returns></returns>
+    Task<AuthenticationResult> GetAccessToken(string ssoToken, IEnumerable<string> scopes);
+  }
+}

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/ITeamsInfo.cs

@@ -0,0 +1,24 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+using Microsoft.Agents.Builder;
+using Microsoft.Agents.Extensions.Teams.Models;
+
+namespace {{YOUR_NAMESPACE}}.SSO
+{
+  /// <summary>
+  /// provides utility methods for interactions that occur within Microsoft Teams.
+  /// </summary>
+  public interface ITeamsInfo
+  {
+    /// <summary>
+    /// Gets the account of a single conversation member. 
+    /// This works in one-on-one, group, and teams scoped conversations.
+    /// </summary>
+    /// <param name="context"> Turn context. </param>
+    /// <param name="userId"> ID of the user in question. </param>
+    /// <param name="cancellationToken"> cancellation token. </param>
+    /// <returns>Team Account Details.</returns>
+    Task<TeamsChannelAccount> GetTeamsMemberAsync(ITurnContext context, string userId, CancellationToken cancellationToken = default);
+  }
+}

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/IdentityClientAdapter.cs

@@ -0,0 +1,30 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+using Microsoft.Identity.Client;
+
+namespace {{YOUR_NAMESPACE}}.SSO
+{
+  /// <summary>
+  /// Helper class used to simplify unit test.
+  /// https://stackoverflow.com/questions/65334284/how-to-mock-moq-iconfidentialclientapplication-which-has-sealed-setup-abstract
+  /// </summary>
+  internal class IdentityClientAdapter : IIdentityClientAdapter
+  {
+    private readonly IConfidentialClientApplication _confidentialClientApplication;
+
+    public IdentityClientAdapter(IConfidentialClientApplication confidentialClientApplication)
+    {
+      _confidentialClientApplication = confidentialClientApplication;
+    }
+
+    public async Task<AuthenticationResult> GetAccessToken(string ssoToken, IEnumerable<string> scopes)
+    {
+      var userAssertion = new UserAssertion(ssoToken);
+      return await _confidentialClientApplication
+          .AcquireTokenOnBehalfOf(scopes, userAssertion)
+          .ExecuteAsync()
+          .ConfigureAwait(false);
+    }
+  }
+}

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/SsoDialog.cs

@@ -1,9 +1,11 @@
-using Microsoft.Bot.Builder;
-using Microsoft.Bot.Builder.Dialogs;
-using Microsoft.Bot.Schema;
+using bowsong080401botsso.Configuration;
+using Json.More;
+using Microsoft.Agents.Builder;
+using Microsoft.Agents.Builder.Dialogs;
+using Microsoft.Agents.Builder.State;
+using Microsoft.Agents.Core.Models;
+using Microsoft.Agents.Storage;
 using Microsoft.Extensions.Options;
-using Microsoft.TeamsFx.Bot;
-using Microsoft.TeamsFx.Configuration;
 
 namespace {{YOUR_NAMESPACE}}.SSO;
 
@@ -173,9 +175,10 @@ public class SsoDialog : ComponentDialog
 
     private async Task<bool> ShouldDedup(ITurnContext context)
     {
+        var tokenResponseObject = context.Activity.Value.ToJsonDocument();
         var storeItem = new StoreItem()
         {
-            eTag = (context.Activity.Value as dynamic).id,
+            eTag = tokenResponseObject.RootElement.GetProperty("id").ToString(),
         };
         var key = GetStorageKey(context);
         var storeItems = new Dictionary<string, object>()
@@ -209,13 +212,13 @@ public class SsoDialog : ComponentDialog
             throw new Exception("TokenExchangeState can only be used with Invokes of signin/tokenExchange.");
         }
 
-        var value = activity.Value;
-        if (value == null || (value as dynamic).id == null)
+        var value = activity.Value.ToJsonDocument();
+        if (value == null || value.RootElement.GetProperty("id").ToString() == null)
         {
             throw new Exception("Invalid signin/tokenExchange. Missing activity.value.id.");
         }
 
-        return $"{channelId}/{conversationId}/{(value as dynamic).id}";
+        return $"{channelId}/{conversationId}/{value.RootElement.GetProperty("id").ToString()}";
     }
 
     private string MatchCommands(string text)

package/templates/plugins/resource/aad/auth/V3/Bot/SSO/SsoOperations.cs

@@ -1,7 +1,7 @@
-using Microsoft.Bot.Builder;
+using bowsong080401botsso.Configuration;
+using Microsoft.Agents.Builder;
 using Microsoft.Graph;
 using Microsoft.Kiota.Abstractions.Authentication;
-using Microsoft.TeamsFx.Configuration;
 
 namespace {{YOUR_NAMESPACE}}.SSO;