@microsoft/teamsfx 0.3.0-alpha.def66483.0 → 0.3.0-rc.0

package/types/teamsfx.d.ts

@@ -1,871 +1,900 @@
-import { AccessToken } from '@azure/identity';
-import { AuthenticationProvider } from '@microsoft/microsoft-graph-client';
-import { Client } from '@microsoft/microsoft-graph-client';
-import { ConnectionConfig } from 'tedious';
-import { Dialog } from 'botbuilder-dialogs';
-import { DialogContext } from 'botbuilder-dialogs';
-import { DialogTurnResult } from 'botbuilder-dialogs';
-import { GetTokenOptions } from '@azure/identity';
-import { TokenCredential } from '@azure/identity';
-import { TokenResponse } from 'botframework-schema';
-
-/**
- * Authentication related configuration.
- * @beta
- */
-export declare interface AuthenticationConfiguration {
-    /**
-     * Hostname of AAD authority. Default value comes from M365_AUTHORITY_HOST environment variable.
-     *
-     * @readonly
-     */
-    readonly authorityHost?: string;
-    /**
-     * AAD tenant id, default value comes from M365_TENANT_ID environment variable.
-     *
-     * @readonly
-     */
-    readonly tenantId?: string;
-    /**
-     * The client (application) ID of an App Registration in the tenant, default value comes from M365_CLIENT_ID environment variable
-     *
-     * @readonly
-     */
-    readonly clientId?: string;
-    /**
-     * Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal. Default value comes from M365_CLIENT_SECRET environment variable
-     *
-     * @readonly
-     */
-    readonly clientSecret?: string;
-    /**
-     * Endpoint of auth service provisioned by Teams Framework. Default value comes from SIMPLE_AUTH_ENDPOINT environment variable.
-     *
-     * @readonly
-     */
-    readonly simpleAuthEndpoint?: string;
-    /**
-     * Login page for Teams to redirect to.  Default value comes from INITIATE_LOGIN_ENDPOINT environment variable.
-     *
-     * @readonly
-     */
-    readonly initiateLoginEndpoint?: string;
-    /**
-     * Application ID URI. Default value comes from M365_APPLICATION_ID_URI environment variable.
-     */
-    readonly applicationIdUri?: string;
-}
-
-/**
- * Configuration for current environment.
- * @beta
- */
-export declare interface Configuration {
-    /**
-     * Authentication related configuration.
-     *
-     * @readonly
-     */
-    readonly authentication?: AuthenticationConfiguration;
-    /**
-     * Configuration for resources.
-     *
-     * @readonly
-     */
-    readonly resources?: ResourceConfiguration[];
-}
-
-/**
- * Get Microsoft graph client.
- *
- * @example
- * Get Microsoft graph client by TokenCredential
- * ```typescript
- * // Sso token example (Azure Function)
- * const ssoToken = "YOUR_TOKEN_STRING";
- * const options = {"AAD_APP_ID", "AAD_APP_SECRET"};
- * const credential = new OnBehalfOfAADUserCredential(ssoToken, options);
- * const graphClient = await createMicrosoftGraphClient(credential);
- * const profile = await graphClient.api("/me").get();
- *
- * // TeamsBotSsoPrompt example (Bot Application)
- * const requiredScopes = ["User.Read"];
- * const config: Configuration = {
- *    loginUrl: loginUrl,
- *    clientId: clientId,
- *    clientSecret: clientSecret,
- *    tenantId: tenantId
- * };
- * const prompt = new TeamsBotSsoPrompt(dialogId, {
- *    config: config
- *    scopes: '["User.Read"],
- * });
- * this.addDialog(prompt);
- *
- * const oboCredential = new OnBehalfOfAADUserCredential(
- *  getUserId(dialogContext),
- *  {
- *    clientId: "AAD_APP_ID",
- *    clientSecret: "AAD_APP_SECRET"
- *  });
- * try {
- *    const graphClient = await createMicrosoftGraphClient(credential);
- *    const profile = await graphClient.api("/me").get();
- * } catch (e) {
- *    dialogContext.beginDialog(dialogId);
- *    return Dialog.endOfTurn();
- * }
- * ```
- *
- * @param {TokenCredential} credential - token credential instance.
- * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
- *
- * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
- *
- * @returns Graph client with specified scopes.
- *
- * @beta
- */
-export declare function createMicrosoftGraphClient(credential: TokenCredential, scopes?: string | string[]): Client;
-
-/**
- * SQL connection configuration instance.
- * @remarks
- * Only works in in server side.
- *
- * @beta
- *
- */
-export declare class DefaultTediousConnectionConfiguration {
-    /**
-     * MSSQL default scope
-     * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
-     */
-    private readonly defaultSQLScope;
-    /**
-     * Generate connection configuration consumed by tedious.
-     *
-     * @returns Connection configuration of tedious for the SQL.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
-     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    getConfig(): Promise<ConnectionConfig>;
-    /**
-     * Check SQL use MSI identity or username and password.
-     *
-     * @returns false - login with SQL MSI identity, true - login with username and password.
-     * @internal
-     */
-    private isMsiAuthentication;
-    /**
-     * check configuration is an available configurations.
-     * @param { SqlConfiguration } sqlConfig
-     *
-     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
-     *          false - configuration is not valid.
-     * @internal
-     */
-    private isSQLConfigurationValid;
-    /**
-     * Generate tedious connection configuration with default authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with username and password.
-     *
-     * @returns Tedious connection configuration with username and password.
-     * @internal
-     */
-    private generateDefaultConfig;
-    /**
-     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with AAD access token.
-     *
-     * @returns Tedious connection configuration with access token.
-     * @internal
-     */
-    private generateTokenConfig;
-}
-
-/**
- * Error code to trace the error types.
- * @beta
- */
-export declare enum ErrorCode {
-    /**
-     * Invalid parameter error.
-     */
-    InvalidParameter = "InvalidParameter",
-    /**
-     * Invalid configuration error.
-     */
-    InvalidConfiguration = "InvalidConfiguration",
-    /**
-     * Internal error.
-     */
-    InternalError = "InternalError",
-    /**
-     * Channel is not supported error.
-     */
-    ChannelNotSupported = "ChannelNotSupported",
-    /**
-     * Runtime is not supported error.
-     */
-    RuntimeNotSupported = "RuntimeNotSupported",
-    /**
-     * User failed to finish the AAD consent flow failed.
-     */
-    ConsentFailed = "ConsentFailed",
-    /**
-     * The user or administrator has not consented to use the application error.
-     */
-    UiRequiredError = "UiRequiredError",
-    /**
-     * Token is not within its valid time range error.
-     */
-    TokenExpiredError = "TokenExpiredError",
-    /**
-     * Call service (AAD or simple authentication server) failed.
-     */
-    ServiceError = "ServiceError",
-    /**
-     * Operation failed.
-     */
-    FailedOperation = "FailedOperation"
-}
-
-/**
- * Error class with code and message thrown by the SDK.
- *
- * @beta
- */
-export declare class ErrorWithCode extends Error {
-    /**
-     * Error code
-     *
-     * @readonly
-     */
-    code: string | undefined;
-    /**
-     * Constructor of ErrorWithCode.
-     *
-     * @param {string} message - error message.
-     * @param {ErrorCode} code - error code.
-     *
-     * @beta
-     */
-    constructor(message?: string, code?: ErrorCode);
-}
-
-/**
- * Get configuration for authentication.
- *
- * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
- *
- * @beta
- */
-export declare function getAuthenticationConfiguration(): AuthenticationConfiguration | undefined;
-
-/**
- * Get log level.
- *
- * @returns Log level
- *
- * @beta
- */
-export declare function getLogLevel(): LogLevel;
-
-/**
- * Get configuration for a specific resource.
- * @param {ResourceType} resourceType - The type of resource
- * @param {string} resourceName - The name of resource, default value is "default".
- *
- * @returns Resource configuration for target resource from global configuration instance.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
- *
- * @beta
- */
-export declare function getResourceConfiguration(resourceType: ResourceType, resourceName?: string): {
-    [index: string]: any;
-};
-export { GetTokenOptions }
-
-/**
- * Initialize configuration from environment variables or configuration object and set the global instance
- *
- * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
- *
- * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
- *
- * @beta
- */
-export declare function loadConfiguration(configuration?: Configuration): void;
-
-/**
- * Log function for customized logging.
- *
- * @beta
- */
-export declare type LogFunction = (level: LogLevel, message: string) => void;
-
-/**
- * Interface for customized logger.
- * @beta
- */
-export declare interface Logger {
-    /**
-     * Writes to error level logging or lower.
-     */
-    error(message: string): void;
-    /**
-     * Writes to warning level logging or lower.
-     */
-    warn(message: string): void;
-    /**
-     * Writes to info level logging or lower.
-     */
-    info(message: string): void;
-    /**
-     * Writes to verbose level logging.
-     */
-    verbose(message: string): void;
-}
-
-/**
- * Log level.
- *
- * @beta
- */
-export declare enum LogLevel {
-    /**
-     * Show verbose, information, warning and error message.
-     */
-    Verbose = 0,
-    /**
-     * Show information, warning and error message.
-     */
-    Info = 1,
-    /**
-     * Show warning and error message.
-     */
-    Warn = 2,
-    /**
-     * Show error message.
-     */
-    Error = 3
-}
-
-/**
- * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved like time-triggered automation job.
- *
- * @example
- * ```typescript
- * loadConfiguration(); // load configuration from environment variables
- * const credential = new M365TenantCredential();
- * ```
- *
- * @remarks
- * Only works in in server side.
- *
- * @beta
- */
-export declare class M365TenantCredential implements TokenCredential {
-    private readonly clientSecretCredential;
-    /**
-     * Constructor of M365TenantCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
-     */
-    constructor();
-    /**
-     * Get access token for credential.
-     *
-     * @example
-     * ```typescript
-     * await credential.getToken(["User.Read.All"]) // Get Graph access token for single scope using string array
-     * await credential.getToken("User.Read.All") // Get Graph access token for single scope using string
-     * await credential.getToken(["User.Read.All", "Calendars.Read"]) // Get Graph access token for multiple scopes using string array
-     * await credential.getToken("User.Read.All Calendars.Read") // Get Graph access token for multiple scopes using space-separated string
-     * await credential.getToken("https://graph.microsoft.com/User.Read.All") // Get Graph access token with full resource URI
-     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
-     * ```
-     *
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
-     *
-     * @throws {@link ErrorCode|ServiceError} when get access token with authentication error.
-     * @throws {@link ErrorCode|InternalError} when get access token with unknown error.
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @returns Access token with expected scopes.
-     * Throw error if get access token failed.
-     *
-     * @beta
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
-    /**
-     * Load and validate authentication configuration
-     * @returns Authentication configuration
-     */
-    private loadAndValidateConfig;
-}
-
-/**
- * Microsoft Graph auth provider for Teams Framework
- *
- * @beta
- */
-export declare class MsGraphAuthProvider implements AuthenticationProvider {
-    private credential;
-    private scopes;
-    /**
-     * Constructor of MsGraphAuthProvider.
-     *
-     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns An instance of MsGraphAuthProvider.
-     *
-     * @beta
-     */
-    constructor(credential: TokenCredential, scopes?: string | string[]);
-    /**
-     * Get access token for Microsoft Graph API requests.
-     *
-     * @throws {@link ErrorCode|InternalError} when get access token failed due to empty token or unknown other problems.
-     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
-     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
-     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth or AAD server.
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns Access token from the credential.
-     *
-     */
-    getAccessToken(): Promise<string>;
-}
-
-/**
- * Represent on-behalf-of flow to get user identity, and it is designed to be used in server side.
- *
- * @example
- * ```typescript
- * loadConfiguration(); // load configuration from environment variables
- * const credential = new OnBehalfOfUserCredential(ssoToken);
- * ```
- *
- * @remarks
- * Can only be used in server side.
- *
- * @beta
- */
-export declare class OnBehalfOfUserCredential implements TokenCredential {
-    private msalClient;
-    private ssoToken;
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    constructor(ssoToken: string);
-    /**
-     * Get access token from credential.
-     *
-     * @example
-     * ```typescript
-     * await credential.getToken([]) // Get SSO token using empty string array
-     * await credential.getToken("") // Get SSO token using empty string
-     * await credential.getToken([".default"]) // Get Graph access token with default scope using string array
-     * await credential.getToken(".default") // Get Graph access token with default scope using string
-     * await credential.getToken(["User.Read"]) // Get Graph access token for single scope using string array
-     * await credential.getToken("User.Read") // Get Graph access token for single scope using string
-     * await credential.getToken(["User.Read", "Application.Read.All"]) // Get Graph access token for multiple scopes using string array
-     * await credential.getToken("User.Read Application.Read.All") // Get Graph access token for multiple scopes using space-separated string
-     * await credential.getToken("https://graph.microsoft.com/User.Read") // Get Graph access token with full resource URI
-     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
-     * ```
-     *
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
-     *
-     * @throws {@link ErrorCode|InternalError} when failed to acquire access token on behalf of user with unknown error.
-     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
-     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
-     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @returns Access token with expected scopes.
-     *
-     * @remarks
-     * If scopes is empty string or array, it returns SSO token.
-     * If scopes is non-empty, it returns access token for target scope.
-     *
-     * @beta
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
-    /**
-     * Get basic user info from SSO token.
-     *
-     * @example
-     * ```typescript
-     * const currentUser = getUserInfo();
-     * ```
-     *
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @returns Basic user info with user displayName, objectId and preferredUserName.
-     *
-     * @beta
-     */
-    getUserInfo(): UserInfo;
-    private generateAuthServerError;
-}
-
-/**
- * Configuration for resources.
- * @beta
- */
-export declare interface ResourceConfiguration {
-    /**
-     * Resource type.
-     *
-     * @readonly
-     */
-    readonly type: ResourceType;
-    /**
-     * Resource name.
-     *
-     * @readonly
-     */
-    readonly name: string;
-    /**
-     * Config for the resource.
-     *
-     * @readonly
-     */
-    readonly properties: {
-        [index: string]: any;
-    };
-}
-
-/**
- * Available resource type.
- * @beta
- */
-export declare enum ResourceType {
-    /**
-     * SQL database.
-     *
-     */
-    SQL = 0,
-    /**
-     * Rest API.
-     *
-     */
-    API = 1
-}
-
-/**
- * Set custom log function. Use the function if it's set. Priority is lower than setLogger.
- *
- * @param {LogFunction} logFunction - custom log function. If it's undefined, custom log function will be cleared.
- *
- * @beta
- */
-export declare function setLogFunction(logFunction?: LogFunction): void;
-
-/**
- * Set custom logger. Use the output function if it's set. Priority is higher than setLogFunction.
- *
- * @param {Logger} logger - custom logger. If it's undefined, custom logger will be cleared.
- *
- * @beta
- */
-export declare function setLogger(logger?: Logger): void;
-
-/**
- * Update log level helper.
- *
- * @param { LogLevel } level - log level in configuration
- *
- * @beta
- */
-export declare function setLogLevel(level: LogLevel): void;
-
-/**
- * Creates a new prompt that leverage Teams Single Sign On (SSO) support for bot to automatically sign in user and
- * help receive oauth token, asks the user to consent if needed.
- *
- * @remarks
- * The prompt will attempt to retrieve the users current token of the desired scopes and store it in
- * the token store.
- *
- * User will be automatically signed in leveraging Teams support of Bot Single Sign On(SSO):
- * https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots
- *
- * @example
- * When used with your bots `DialogSet` you can simply add a new instance of the prompt as a named
- * dialog using `DialogSet.add()`. You can then start the prompt from a waterfall step using either
- * `DialogContext.beginDialog()` or `DialogContext.prompt()`. The user will be prompted to sign in as
- * needed and their access token will be passed as an argument to the callers next waterfall step:
- *
- * ```JavaScript
- * const { ConversationState, MemoryStorage } = require('botbuilder');
- * const { DialogSet, WaterfallDialog } = require('botbuilder-dialogs');
- * const { TeamsBotSsoPrompt } = require('@microsoft/teamsfx');
- *
- * const convoState = new ConversationState(new MemoryStorage());
- * const dialogState = convoState.createProperty('dialogState');
- * const dialogs = new DialogSet(dialogState);
- *
- * loadConfiguration();
- * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
- *    scopes: ["User.Read"],
- * }));
- *
- * dialogs.add(new WaterfallDialog('taskNeedingLogin', [
- *      async (step) => {
- *          return await step.beginDialog('TeamsBotSsoPrompt');
- *      },
- *      async (step) => {
- *          const token = step.result;
- *          if (token) {
- *
- *              // ... continue with task needing access token ...
- *
- *          } else {
- *              await step.context.sendActivity(`Sorry... We couldn't log you in. Try again later.`);
- *              return await step.endDialog();
- *          }
- *      }
- * ]));
- * ```
- *
- * @beta
- */
-export declare class TeamsBotSsoPrompt extends Dialog {
-    private settings;
-    /**
-     * Constructor of TeamsBotSsoPrompt.
-     *
-     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
-     * @param settings Settings used to configure the prompt.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    constructor(dialogId: string, settings: TeamsBotSsoPromptSettings);
-    /**
-     * Called when a prompt dialog is pushed onto the dialog stack and is being activated.
-     * @remarks
-     * If the task is successful, the result indicates whether the prompt is still
-     * active after the turn has been processed by the prompt.
-     *
-     * @param dc The DialogContext for the current turn of the conversation.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when timeout property in teams bot sso prompt settings is not number or is not positive.
-     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
-     */
-    beginDialog(dc: DialogContext): Promise<DialogTurnResult>;
-    /**
-     * Called when a prompt dialog is the active dialog and the user replied with a new activity.
-     *
-     * @remarks
-     * If the task is successful, the result indicates whether the dialog is still
-     * active after the turn has been processed by the dialog.
-     * The prompt generally continues to receive the user's replies until it accepts the
-     * user's reply as valid input for the prompt.
-     *
-     * @param dc The DialogContext for the current turn of the conversation.
-     *
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    continueDialog(dc: DialogContext): Promise<DialogTurnResult>;
-    /**
-     * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
-     * @param dc dialog context
-     * @throws {@link ErrorCode|ChannelNotSupported} if bot channel is not MS Teams
-     * @internal
-     */
-    private ensureMsTeamsChannel;
-    /**
-     * Send OAuthCard that tells Teams to obtain an authentication token for the bot application.
-     * For details see https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots.
-     *
-     * @internal
-     */
-    private sendOAuthCardAsync;
-    /**
-     * Get sign in resource.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} if client id, tenant id or initiate login endpoint is not found in config.
-     *
-     * @internal
-     */
-    private getSignInResource;
-    /**
-     * @internal
-     */
-    private recognizeToken;
-    /**
-     * @internal
-     */
-    private getTokenExchangeInvokeResponse;
-    /**
-     * @internal
-     */
-    private isTeamsVerificationInvoke;
-    /**
-     * @internal
-     */
-    private isTokenExchangeRequestInvoke;
-    /**
-     * @internal
-     */
-    private isTokenExchangeRequest;
-}
-
-/**
- * Settings used to configure an TeamsBotSsoPrompt instance.
- *
- * @beta
- */
-export declare interface TeamsBotSsoPromptSettings {
-    /**
-     * The array of strings that declare the desired permissions and the resources requested.
-     */
-    scopes: string[];
-    /**
-     * (Optional) number of milliseconds the prompt will wait for the user to authenticate.
-     * Defaults to a value `900,000` (15 minutes.)
-     */
-    timeout?: number;
-    /**
-     * (Optional) value indicating whether the TeamsBotSsoPrompt should end upon receiving an
-     * invalid message.  Generally the TeamsBotSsoPrompt will end the auth flow when receives user
-     * message not related to the auth flow. Setting the flag to false ignores the user's message instead.
-     * Defaults to value `true`
-     */
-    endOnInvalidMessage?: boolean;
-}
-
-/**
- * Token response provided by Teams Bot SSO prompt
- *
- * @beta
- */
-export declare interface TeamsBotSsoPromptTokenResponse extends TokenResponse {
-    /**
-     * SSO token for user
-     */
-    ssoToken: string;
-    /**
-     * Expire time of SSO token
-     */
-    ssoTokenExpiration: string;
-}
-
-/**
- * Represent Teams current user's identity, and it is used within Teams client applications.
- *
- * @remarks
- * Can only be used within Teams.
- *
- * @beta
- */
-export declare class TeamsUserCredential implements TokenCredential {
-    /**
-     * Constructor of TeamsUserCredential.
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
-    constructor();
-    /**
-     * Popup login page to get user's access token with specific scopes.
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
-    login(scopes: string | string[]): Promise<void>;
-    /**
-     * Get access token from credential.
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
-    /**
-     * Get basic user info from SSO token
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
-    getUserInfo(): Promise<UserInfo>;
-}
-export { TokenCredential }
-
-/**
- * UserInfo with user displayName, objectId and preferredUserName.
- *
- * @beta
- */
-export declare interface UserInfo {
-    /**
-     * User Display Name.
-     *
-     * @readonly
-     */
-    displayName: string;
-    /**
-     * User unique reference within the Azure Active Directory domain.
-     *
-     * @readonly
-     */
-    objectId: string;
-    /**
-     * Usually be the email address.
-     *
-     * @readonly
-     */
-    preferredUserName: string;
-}
-
-export { }
+import { AccessToken } from '@azure/identity';
+import { AuthenticationProvider } from '@microsoft/microsoft-graph-client';
+import { Client } from '@microsoft/microsoft-graph-client';
+import { ConnectionConfig } from 'tedious';
+import { Dialog } from 'botbuilder-dialogs';
+import { DialogContext } from 'botbuilder-dialogs';
+import { DialogTurnResult } from 'botbuilder-dialogs';
+import { GetTokenOptions } from '@azure/identity';
+import { TokenCredential } from '@azure/identity';
+import { TokenResponse } from 'botframework-schema';
+
+/**
+ * Authentication related configuration.
+ * @beta
+ */
+export declare interface AuthenticationConfiguration {
+    /**
+     * Hostname of AAD authority. Default value comes from M365_AUTHORITY_HOST environment variable.
+     *
+     * @readonly
+     */
+    readonly authorityHost?: string;
+    /**
+     * AAD tenant id, default value comes from M365_TENANT_ID environment variable.
+     *
+     * @readonly
+     */
+    readonly tenantId?: string;
+    /**
+     * The client (application) ID of an App Registration in the tenant, default value comes from M365_CLIENT_ID environment variable
+     *
+     * @readonly
+     */
+    readonly clientId?: string;
+    /**
+     * Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal. Default value comes from M365_CLIENT_SECRET environment variable
+     *
+     * @readonly
+     */
+    readonly clientSecret?: string;
+    /**
+     * The content of a PEM-encoded public/private key certificate.
+     *
+     * @readonly
+     */
+    readonly certificateContent?: string;
+    /**
+     * Endpoint of auth service provisioned by Teams Framework. Default value comes from SIMPLE_AUTH_ENDPOINT environment variable.
+     *
+     * @readonly
+     */
+    readonly simpleAuthEndpoint?: string;
+    /**
+     * Login page for Teams to redirect to.  Default value comes from INITIATE_LOGIN_ENDPOINT environment variable.
+     *
+     * @readonly
+     */
+    readonly initiateLoginEndpoint?: string;
+    /**
+     * Application ID URI. Default value comes from M365_APPLICATION_ID_URI environment variable.
+     */
+    readonly applicationIdUri?: string;
+}
+
+/**
+ * Configuration for current environment.
+ * @beta
+ */
+export declare interface Configuration {
+    /**
+     * Authentication related configuration.
+     *
+     * @readonly
+     */
+    readonly authentication?: AuthenticationConfiguration;
+    /**
+     * Configuration for resources.
+     *
+     * @readonly
+     */
+    readonly resources?: ResourceConfiguration[];
+}
+
+/**
+ * Get Microsoft graph client.
+ *
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // Sso token example (Azure Function)
+ * const ssoToken = "YOUR_TOKEN_STRING";
+ * const options = {"AAD_APP_ID", "AAD_APP_SECRET"};
+ * const credential = new OnBehalfOfAADUserCredential(ssoToken, options);
+ * const graphClient = await createMicrosoftGraphClient(credential);
+ * const profile = await graphClient.api("/me").get();
+ *
+ * // TeamsBotSsoPrompt example (Bot Application)
+ * const requiredScopes = ["User.Read"];
+ * const config: Configuration = {
+ *    loginUrl: loginUrl,
+ *    clientId: clientId,
+ *    clientSecret: clientSecret,
+ *    tenantId: tenantId
+ * };
+ * const prompt = new TeamsBotSsoPrompt(dialogId, {
+ *    config: config
+ *    scopes: '["User.Read"],
+ * });
+ * this.addDialog(prompt);
+ *
+ * const oboCredential = new OnBehalfOfAADUserCredential(
+ *  getUserId(dialogContext),
+ *  {
+ *    clientId: "AAD_APP_ID",
+ *    clientSecret: "AAD_APP_SECRET"
+ *  });
+ * try {
+ *    const graphClient = await createMicrosoftGraphClient(credential);
+ *    const profile = await graphClient.api("/me").get();
+ * } catch (e) {
+ *    dialogContext.beginDialog(dialogId);
+ *    return Dialog.endOfTurn();
+ * }
+ * ```
+ *
+ * @param {TokenCredential} credential - token credential instance.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ *
+ * @beta
+ */
+export declare function createMicrosoftGraphClient(credential: TokenCredential, scopes?: string | string[]): Client;
+
+/**
+ * SQL connection configuration instance.
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ *
+ */
+export declare class DefaultTediousConnectionConfiguration {
+    /**
+     * MSSQL default scope
+     * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
+     */
+    private readonly defaultSQLScope;
+    /**
+     * Generate connection configuration consumed by tedious.
+     *
+     * @returns Connection configuration of tedious for the SQL.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
+     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    getConfig(): Promise<ConnectionConfig>;
+    /**
+     * Check SQL use MSI identity or username and password.
+     *
+     * @returns false - login with SQL MSI identity, true - login with username and password.
+     * @internal
+     */
+    private isMsiAuthentication;
+    /**
+     * check configuration is an available configurations.
+     * @param { SqlConfiguration } sqlConfig
+     *
+     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
+     *          false - configuration is not valid.
+     * @internal
+     */
+    private isSQLConfigurationValid;
+    /**
+     * Generate tedious connection configuration with default authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with username and password.
+     *
+     * @returns Tedious connection configuration with username and password.
+     * @internal
+     */
+    private generateDefaultConfig;
+    /**
+     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with AAD access token.
+     *
+     * @returns Tedious connection configuration with access token.
+     * @internal
+     */
+    private generateTokenConfig;
+}
+
+/**
+ * Error code to trace the error types.
+ * @beta
+ */
+export declare enum ErrorCode {
+    /**
+     * Invalid parameter error.
+     */
+    InvalidParameter = "InvalidParameter",
+    /**
+     * Invalid configuration error.
+     */
+    InvalidConfiguration = "InvalidConfiguration",
+    /**
+     * Invalid certificate error.
+     */
+    InvalidCertificate = "InvalidCertificate",
+    /**
+     * Internal error.
+     */
+    InternalError = "InternalError",
+    /**
+     * Channel is not supported error.
+     */
+    ChannelNotSupported = "ChannelNotSupported",
+    /**
+     * Runtime is not supported error.
+     */
+    RuntimeNotSupported = "RuntimeNotSupported",
+    /**
+     * User failed to finish the AAD consent flow failed.
+     */
+    ConsentFailed = "ConsentFailed",
+    /**
+     * The user or administrator has not consented to use the application error.
+     */
+    UiRequiredError = "UiRequiredError",
+    /**
+     * Token is not within its valid time range error.
+     */
+    TokenExpiredError = "TokenExpiredError",
+    /**
+     * Call service (AAD or simple authentication server) failed.
+     */
+    ServiceError = "ServiceError",
+    /**
+     * Operation failed.
+     */
+    FailedOperation = "FailedOperation"
+}
+
+/**
+ * Error class with code and message thrown by the SDK.
+ *
+ * @beta
+ */
+export declare class ErrorWithCode extends Error {
+    /**
+     * Error code
+     *
+     * @readonly
+     */
+    code: string | undefined;
+    /**
+     * Constructor of ErrorWithCode.
+     *
+     * @param {string} message - error message.
+     * @param {ErrorCode} code - error code.
+     *
+     * @beta
+     */
+    constructor(message?: string, code?: ErrorCode);
+}
+
+/**
+ * Get configuration for authentication.
+ *
+ * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
+ *
+ * @beta
+ */
+export declare function getAuthenticationConfiguration(): AuthenticationConfiguration | undefined;
+
+/**
+ * Get log level.
+ *
+ * @returns Log level
+ *
+ * @beta
+ */
+export declare function getLogLevel(): LogLevel | undefined;
+
+/**
+ * Get configuration for a specific resource.
+ * @param {ResourceType} resourceType - The type of resource
+ * @param {string} resourceName - The name of resource, default value is "default".
+ *
+ * @returns Resource configuration for target resource from global configuration instance.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
+ *
+ * @beta
+ */
+export declare function getResourceConfiguration(resourceType: ResourceType, resourceName?: string): {
+    [index: string]: any;
+};
+export { GetTokenOptions }
+
+/**
+ * Initialize configuration from environment variables or configuration object and set the global instance
+ *
+ * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
+ *
+ * @beta
+ */
+export declare function loadConfiguration(configuration?: Configuration): void;
+
+/**
+ * Log function for customized logging.
+ *
+ * @beta
+ */
+export declare type LogFunction = (level: LogLevel, message: string) => void;
+
+/**
+ * Interface for customized logger.
+ * @beta
+ */
+export declare interface Logger {
+    /**
+     * Writes to error level logging or lower.
+     */
+    error(message: string): void;
+    /**
+     * Writes to warning level logging or lower.
+     */
+    warn(message: string): void;
+    /**
+     * Writes to info level logging or lower.
+     */
+    info(message: string): void;
+    /**
+     * Writes to verbose level logging.
+     */
+    verbose(message: string): void;
+}
+
+/**
+ * Log level.
+ *
+ * @beta
+ */
+export declare enum LogLevel {
+    /**
+     * Show verbose, information, warning and error message.
+     */
+    Verbose = 0,
+    /**
+     * Show information, warning and error message.
+     */
+    Info = 1,
+    /**
+     * Show warning and error message.
+     */
+    Warn = 2,
+    /**
+     * Show error message.
+     */
+    Error = 3
+}
+
+/**
+ * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved like time-triggered automation job.
+ *
+ * @example
+ * ```typescript
+ * loadConfiguration(); // load configuration from environment variables
+ * const credential = new M365TenantCredential();
+ * ```
+ *
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ */
+export declare class M365TenantCredential implements TokenCredential {
+    private readonly msalClient;
+    /**
+     * Constructor of M365TenantCredential.
+     *
+     * @remarks
+     * Only works in in server side.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    constructor();
+    /**
+     * Get access token for credential.
+     *
+     * @example
+     * ```typescript
+     * await credential.getToken(["User.Read.All"]) // Get Graph access token for single scope using string array
+     * await credential.getToken("User.Read.All") // Get Graph access token for single scope using string
+     * await credential.getToken(["User.Read.All", "Calendars.Read"]) // Get Graph access token for multiple scopes using string array
+     * await credential.getToken("User.Read.All Calendars.Read") // Get Graph access token for multiple scopes using space-separated string
+     * await credential.getToken("https://graph.microsoft.com/User.Read.All") // Get Graph access token with full resource URI
+     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
+     * ```
+     *
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
+     *
+     * @throws {@link ErrorCode|ServiceError} when get access token with authentication error.
+     * @throws {@link ErrorCode|InternalError} when get access token with unknown error.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @returns Access token with expected scopes.
+     * Throw error if get access token failed.
+     *
+     * @beta
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    /**
+     * Load and validate authentication configuration
+     * @returns Authentication configuration
+     */
+    private loadAndValidateConfig;
+}
+
+/**
+ * Microsoft Graph auth provider for Teams Framework
+ *
+ * @beta
+ */
+export declare class MsGraphAuthProvider implements AuthenticationProvider {
+    private credential;
+    private scopes;
+    /**
+     * Constructor of MsGraphAuthProvider.
+     *
+     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns An instance of MsGraphAuthProvider.
+     *
+     * @beta
+     */
+    constructor(credential: TokenCredential, scopes?: string | string[]);
+    /**
+     * Get access token for Microsoft Graph API requests.
+     *
+     * @throws {@link ErrorCode|InternalError} when get access token failed due to empty token or unknown other problems.
+     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth or AAD server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns Access token from the credential.
+     *
+     */
+    getAccessToken(): Promise<string>;
+}
+
+/**
+ * Represent on-behalf-of flow to get user identity, and it is designed to be used in server side.
+ *
+ * @example
+ * ```typescript
+ * loadConfiguration(); // load configuration from environment variables
+ * const credential = new OnBehalfOfUserCredential(ssoToken);
+ * ```
+ *
+ * @remarks
+ * Can only be used in server side.
+ *
+ * @beta
+ */
+export declare class OnBehalfOfUserCredential implements TokenCredential {
+    private msalClient;
+    private ssoToken;
+    /**
+     * Constructor of OnBehalfOfUserCredential
+     *
+     * @remarks
+     * Only works in in server side.
+     *
+     * @param {string} ssoToken - User token provided by Teams SSO feature.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
+     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    constructor(ssoToken: string);
+    /**
+     * Get access token from credential.
+     *
+     * @example
+     * ```typescript
+     * await credential.getToken([]) // Get SSO token using empty string array
+     * await credential.getToken("") // Get SSO token using empty string
+     * await credential.getToken([".default"]) // Get Graph access token with default scope using string array
+     * await credential.getToken(".default") // Get Graph access token with default scope using string
+     * await credential.getToken(["User.Read"]) // Get Graph access token for single scope using string array
+     * await credential.getToken("User.Read") // Get Graph access token for single scope using string
+     * await credential.getToken(["User.Read", "Application.Read.All"]) // Get Graph access token for multiple scopes using string array
+     * await credential.getToken("User.Read Application.Read.All") // Get Graph access token for multiple scopes using space-separated string
+     * await credential.getToken("https://graph.microsoft.com/User.Read") // Get Graph access token with full resource URI
+     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
+     * ```
+     *
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to acquire access token on behalf of user with unknown error.
+     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @returns Access token with expected scopes.
+     *
+     * @remarks
+     * If scopes is empty string or array, it returns SSO token.
+     * If scopes is non-empty, it returns access token for target scope.
+     *
+     * @beta
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    /**
+     * Get basic user info from SSO token.
+     *
+     * @example
+     * ```typescript
+     * const currentUser = getUserInfo();
+     * ```
+     *
+     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @returns Basic user info with user displayName, objectId and preferredUserName.
+     *
+     * @beta
+     */
+    getUserInfo(): UserInfo;
+    private generateAuthServerError;
+}
+
+/**
+ * Configuration for resources.
+ * @beta
+ */
+export declare interface ResourceConfiguration {
+    /**
+     * Resource type.
+     *
+     * @readonly
+     */
+    readonly type: ResourceType;
+    /**
+     * Resource name.
+     *
+     * @readonly
+     */
+    readonly name: string;
+    /**
+     * Config for the resource.
+     *
+     * @readonly
+     */
+    readonly properties: {
+        [index: string]: any;
+    };
+}
+
+/**
+ * Available resource type.
+ * @beta
+ */
+export declare enum ResourceType {
+    /**
+     * SQL database.
+     *
+     */
+    SQL = 0,
+    /**
+     * Rest API.
+     *
+     */
+    API = 1
+}
+
+/**
+ * Set custom log function. Use the function if it's set. Priority is lower than setLogger.
+ *
+ * @param {LogFunction} logFunction - custom log function. If it's undefined, custom log function will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogFunction((level: LogLevel, message: string) => {
+ *   if (level === LogLevel.Error) {
+ *     console.log(message);
+ *   }
+ * });
+ * ```
+ *
+ * @beta
+ */
+export declare function setLogFunction(logFunction?: LogFunction): void;
+
+/**
+ * Set custom logger. Use the output functions if it's set. Priority is higher than setLogFunction.
+ *
+ * @param {Logger} logger - custom logger. If it's undefined, custom logger will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogger({
+ *   verbose: console.debug,
+ *   info: console.info,
+ *   warn: console.warn,
+ *   error: console.error,
+ * });
+ * ```
+ *
+ * @beta
+ */
+export declare function setLogger(logger?: Logger): void;
+
+/**
+ * Update log level helper.
+ *
+ * @param { LogLevel } level - log level in configuration
+ *
+ * @beta
+ */
+export declare function setLogLevel(level: LogLevel): void;
+
+/**
+ * Creates a new prompt that leverage Teams Single Sign On (SSO) support for bot to automatically sign in user and
+ * help receive oauth token, asks the user to consent if needed.
+ *
+ * @remarks
+ * The prompt will attempt to retrieve the users current token of the desired scopes and store it in
+ * the token store.
+ *
+ * User will be automatically signed in leveraging Teams support of Bot Single Sign On(SSO):
+ * https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots
+ *
+ * @example
+ * When used with your bots `DialogSet` you can simply add a new instance of the prompt as a named
+ * dialog using `DialogSet.add()`. You can then start the prompt from a waterfall step using either
+ * `DialogContext.beginDialog()` or `DialogContext.prompt()`. The user will be prompted to sign in as
+ * needed and their access token will be passed as an argument to the callers next waterfall step:
+ *
+ * ```JavaScript
+ * const { ConversationState, MemoryStorage } = require('botbuilder');
+ * const { DialogSet, WaterfallDialog } = require('botbuilder-dialogs');
+ * const { TeamsBotSsoPrompt } = require('@microsoft/teamsfx');
+ *
+ * const convoState = new ConversationState(new MemoryStorage());
+ * const dialogState = convoState.createProperty('dialogState');
+ * const dialogs = new DialogSet(dialogState);
+ *
+ * loadConfiguration();
+ * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
+ *    scopes: ["User.Read"],
+ * }));
+ *
+ * dialogs.add(new WaterfallDialog('taskNeedingLogin', [
+ *      async (step) => {
+ *          return await step.beginDialog('TeamsBotSsoPrompt');
+ *      },
+ *      async (step) => {
+ *          const token = step.result;
+ *          if (token) {
+ *
+ *              // ... continue with task needing access token ...
+ *
+ *          } else {
+ *              await step.context.sendActivity(`Sorry... We couldn't log you in. Try again later.`);
+ *              return await step.endDialog();
+ *          }
+ *      }
+ * ]));
+ * ```
+ *
+ * @beta
+ */
+export declare class TeamsBotSsoPrompt extends Dialog {
+    private settings;
+    /**
+     * Constructor of TeamsBotSsoPrompt.
+     *
+     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
+     * @param settings Settings used to configure the prompt.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    constructor(dialogId: string, settings: TeamsBotSsoPromptSettings);
+    /**
+     * Called when a prompt dialog is pushed onto the dialog stack and is being activated.
+     * @remarks
+     * If the task is successful, the result indicates whether the prompt is still
+     * active after the turn has been processed by the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when timeout property in teams bot sso prompt settings is not number or is not positive.
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @beta
+     */
+    beginDialog(dc: DialogContext): Promise<DialogTurnResult>;
+    /**
+     * Called when a prompt dialog is the active dialog and the user replied with a new activity.
+     *
+     * @remarks
+     * If the task is successful, the result indicates whether the dialog is still
+     * active after the turn has been processed by the dialog.
+     * The prompt generally continues to receive the user's replies until it accepts the
+     * user's reply as valid input for the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    continueDialog(dc: DialogContext): Promise<DialogTurnResult>;
+    /**
+     * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
+     * @param dc dialog context
+     * @throws {@link ErrorCode|ChannelNotSupported} if bot channel is not MS Teams
+     * @internal
+     */
+    private ensureMsTeamsChannel;
+    /**
+     * Send OAuthCard that tells Teams to obtain an authentication token for the bot application.
+     * For details see https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots.
+     *
+     * @internal
+     */
+    private sendOAuthCardAsync;
+    /**
+     * Get sign in resource.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} if client id, tenant id or initiate login endpoint is not found in config.
+     *
+     * @internal
+     */
+    private getSignInResource;
+    /**
+     * @internal
+     */
+    private recognizeToken;
+    /**
+     * @internal
+     */
+    private getTokenExchangeInvokeResponse;
+    /**
+     * @internal
+     */
+    private isTeamsVerificationInvoke;
+    /**
+     * @internal
+     */
+    private isTokenExchangeRequestInvoke;
+    /**
+     * @internal
+     */
+    private isTokenExchangeRequest;
+}
+
+/**
+ * Settings used to configure an TeamsBotSsoPrompt instance.
+ *
+ * @beta
+ */
+export declare interface TeamsBotSsoPromptSettings {
+    /**
+     * The array of strings that declare the desired permissions and the resources requested.
+     */
+    scopes: string[];
+    /**
+     * (Optional) number of milliseconds the prompt will wait for the user to authenticate.
+     * Defaults to a value `900,000` (15 minutes.)
+     */
+    timeout?: number;
+    /**
+     * (Optional) value indicating whether the TeamsBotSsoPrompt should end upon receiving an
+     * invalid message.  Generally the TeamsBotSsoPrompt will end the auth flow when receives user
+     * message not related to the auth flow. Setting the flag to false ignores the user's message instead.
+     * Defaults to value `true`
+     */
+    endOnInvalidMessage?: boolean;
+}
+
+/**
+ * Token response provided by Teams Bot SSO prompt
+ *
+ * @beta
+ */
+export declare interface TeamsBotSsoPromptTokenResponse extends TokenResponse {
+    /**
+     * SSO token for user
+     */
+    ssoToken: string;
+    /**
+     * Expire time of SSO token
+     */
+    ssoTokenExpiration: string;
+}
+
+/**
+ * Represent Teams current user's identity, and it is used within Teams client applications.
+ *
+ * @remarks
+ * Can only be used within Teams.
+ *
+ * @beta
+ */
+export declare class TeamsUserCredential implements TokenCredential {
+    /**
+     * Constructor of TeamsUserCredential.
+     * @remarks
+     * Can only be used within Teams.
+     * @beta
+     */
+    constructor();
+    /**
+     * Popup login page to get user's access token with specific scopes.
+     * @remarks
+     * Can only be used within Teams.
+     * @beta
+     */
+    login(scopes: string | string[]): Promise<void>;
+    /**
+     * Get access token from credential.
+     * @remarks
+     * Can only be used within Teams.
+     * @beta
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    /**
+     * Get basic user info from SSO token
+     * @remarks
+     * Can only be used within Teams.
+     * @beta
+     */
+    getUserInfo(): Promise<UserInfo>;
+}
+export { TokenCredential }
+
+/**
+ * UserInfo with user displayName, objectId and preferredUserName.
+ *
+ * @beta
+ */
+export declare interface UserInfo {
+    /**
+     * User Display Name.
+     *
+     * @readonly
+     */
+    displayName: string;
+    /**
+     * User unique reference within the Azure Active Directory domain.
+     *
+     * @readonly
+     */
+    objectId: string;
+    /**
+     * Usually be the email address.
+     *
+     * @readonly
+     */
+    preferredUserName: string;
+}
+
+export { }