@microsoft/teamsfx 0.3.2-rc.0 → 0.3.3-alpha.13914d2e.0

package/dist/index.esm5.js

@@ -0,0 +1,1575 @@
+import { __extends, __awaiter, __generator } from 'tslib';
+import jwt_decode from 'jwt-decode';
+import * as microsoftTeams from '@microsoft/teams-js';
+import axios from 'axios';
+import { Client } from '@microsoft/microsoft-graph-client';
+import { ManagedIdentityCredential } from '@azure/identity';
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Error code to trace the error types.
+ * @beta
+ */
+var ErrorCode;
+(function (ErrorCode) {
+    /**
+     * Invalid parameter error.
+     */
+    ErrorCode["InvalidParameter"] = "InvalidParameter";
+    /**
+     * Invalid configuration error.
+     */
+    ErrorCode["InvalidConfiguration"] = "InvalidConfiguration";
+    /**
+     * Invalid certificate error.
+     */
+    ErrorCode["InvalidCertificate"] = "InvalidCertificate";
+    /**
+     * Internal error.
+     */
+    ErrorCode["InternalError"] = "InternalError";
+    /**
+     * Channel is not supported error.
+     */
+    ErrorCode["ChannelNotSupported"] = "ChannelNotSupported";
+    /**
+     * Runtime is not supported error.
+     */
+    ErrorCode["RuntimeNotSupported"] = "RuntimeNotSupported";
+    /**
+     * User failed to finish the AAD consent flow failed.
+     */
+    ErrorCode["ConsentFailed"] = "ConsentFailed";
+    /**
+     * The user or administrator has not consented to use the application error.
+     */
+    ErrorCode["UiRequiredError"] = "UiRequiredError";
+    /**
+     * Token is not within its valid time range error.
+     */
+    ErrorCode["TokenExpiredError"] = "TokenExpiredError";
+    /**
+     * Call service (AAD or simple authentication server) failed.
+     */
+    ErrorCode["ServiceError"] = "ServiceError";
+    /**
+     * Operation failed.
+     */
+    ErrorCode["FailedOperation"] = "FailedOperation";
+})(ErrorCode || (ErrorCode = {}));
+/**
+ * @internal
+ */
+var ErrorMessage = /** @class */ (function () {
+    function ErrorMessage() {
+    }
+    // InvalidConfiguration Error
+    ErrorMessage.InvalidConfiguration = "{0} in configuration is invalid: {1}.";
+    ErrorMessage.ConfigurationNotExists = "Configuration does not exist. {0}";
+    ErrorMessage.ResourceConfigurationNotExists = "{0} resource configuration does not exist.";
+    ErrorMessage.MissingResourceConfiguration = "Missing resource configuration with type: {0}, name: {1}.";
+    ErrorMessage.AuthenticationConfigurationNotExists = "Authentication configuration does not exist.";
+    // RuntimeNotSupported Error
+    ErrorMessage.BrowserRuntimeNotSupported = "{0} is not supported in browser.";
+    ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
+    // Internal Error
+    ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
+    // ChannelNotSupported Error
+    ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+    return ErrorMessage;
+}());
+/**
+ * Error class with code and message thrown by the SDK.
+ *
+ * @beta
+ */
+var ErrorWithCode = /** @class */ (function (_super) {
+    __extends(ErrorWithCode, _super);
+    /**
+     * Constructor of ErrorWithCode.
+     *
+     * @param {string} message - error message.
+     * @param {ErrorCode} code - error code.
+     *
+     * @beta
+     */
+    function ErrorWithCode(message, code) {
+        var _newTarget = this.constructor;
+        var _this = this;
+        if (!code) {
+            _this = _super.call(this, message) || this;
+            return _this;
+        }
+        _this = _super.call(this, message) || this;
+        Object.setPrototypeOf(_this, ErrorWithCode.prototype);
+        _this.name = _newTarget.name + "." + code;
+        _this.code = code;
+        return _this;
+    }
+    return ErrorWithCode;
+}(Error));
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Available resource type.
+ * @beta
+ */
+var ResourceType;
+(function (ResourceType) {
+    /**
+     * SQL database.
+     *
+     */
+    ResourceType[ResourceType["SQL"] = 0] = "SQL";
+    /**
+     * Rest API.
+     *
+     */
+    ResourceType[ResourceType["API"] = 1] = "API";
+})(ResourceType || (ResourceType = {}));
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Log level.
+ *
+ * @beta
+ */
+var LogLevel;
+(function (LogLevel) {
+    /**
+     * Show verbose, information, warning and error message.
+     */
+    LogLevel[LogLevel["Verbose"] = 0] = "Verbose";
+    /**
+     * Show information, warning and error message.
+     */
+    LogLevel[LogLevel["Info"] = 1] = "Info";
+    /**
+     * Show warning and error message.
+     */
+    LogLevel[LogLevel["Warn"] = 2] = "Warn";
+    /**
+     * Show error message.
+     */
+    LogLevel[LogLevel["Error"] = 3] = "Error";
+})(LogLevel || (LogLevel = {}));
+/**
+ * Update log level helper.
+ *
+ * @param { LogLevel } level - log level in configuration
+ *
+ * @beta
+ */
+function setLogLevel(level) {
+    internalLogger.level = level;
+}
+/**
+ * Get log level.
+ *
+ * @returns Log level
+ *
+ * @beta
+ */
+function getLogLevel() {
+    return internalLogger.level;
+}
+var InternalLogger = /** @class */ (function () {
+    function InternalLogger() {
+        this.level = undefined;
+        this.defaultLogger = {
+            verbose: console.debug,
+            info: console.info,
+            warn: console.warn,
+            error: console.error,
+        };
+    }
+    InternalLogger.prototype.error = function (message) {
+        this.log(LogLevel.Error, function (x) { return x.error; }, message);
+    };
+    InternalLogger.prototype.warn = function (message) {
+        this.log(LogLevel.Warn, function (x) { return x.warn; }, message);
+    };
+    InternalLogger.prototype.info = function (message) {
+        this.log(LogLevel.Info, function (x) { return x.info; }, message);
+    };
+    InternalLogger.prototype.verbose = function (message) {
+        this.log(LogLevel.Verbose, function (x) { return x.verbose; }, message);
+    };
+    InternalLogger.prototype.log = function (logLevel, logFunction, message) {
+        if (message.trim() === "") {
+            return;
+        }
+        var timestamp = new Date().toUTCString();
+        var logHeader = "[" + timestamp + "] : @microsoft/teamsfx : " + LogLevel[logLevel] + " - ";
+        var logMessage = "" + logHeader + message;
+        if (this.level !== undefined && this.level <= logLevel) {
+            if (this.customLogger) {
+                logFunction(this.customLogger)(logMessage);
+            }
+            else if (this.customLogFunction) {
+                this.customLogFunction(logLevel, logMessage);
+            }
+            else {
+                logFunction(this.defaultLogger)(logMessage);
+            }
+        }
+    };
+    return InternalLogger;
+}());
+/**
+ * Logger instance used internally
+ *
+ * @internal
+ */
+var internalLogger = new InternalLogger();
+/**
+ * Set custom logger. Use the output functions if it's set. Priority is higher than setLogFunction.
+ *
+ * @param {Logger} logger - custom logger. If it's undefined, custom logger will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogger({
+ *   verbose: console.debug,
+ *   info: console.info,
+ *   warn: console.warn,
+ *   error: console.error,
+ * });
+ * ```
+ *
+ * @beta
+ */
+function setLogger(logger) {
+    internalLogger.customLogger = logger;
+}
+/**
+ * Set custom log function. Use the function if it's set. Priority is lower than setLogger.
+ *
+ * @param {LogFunction} logFunction - custom log function. If it's undefined, custom log function will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogFunction((level: LogLevel, message: string) => {
+ *   if (level === LogLevel.Error) {
+ *     console.log(message);
+ *   }
+ * });
+ * ```
+ *
+ * @beta
+ */
+function setLogFunction(logFunction) {
+    internalLogger.customLogFunction = logFunction;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Parse jwt token payload
+ *
+ * @param token
+ *
+ * @returns Payload object
+ *
+ * @internal
+ */
+function parseJwt(token) {
+    try {
+        var tokenObj = jwt_decode(token);
+        if (!tokenObj || !tokenObj.exp) {
+            throw new ErrorWithCode("Decoded token is null or exp claim does not exists.", ErrorCode.InternalError);
+        }
+        return tokenObj;
+    }
+    catch (err) {
+        var errorMsg = "Parse jwt token failed in node env with error: " + err.message;
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);
+    }
+}
+/**
+ * @internal
+ */
+function getUserInfoFromSsoToken(ssoToken) {
+    if (!ssoToken) {
+        var errorMsg = "SSO token is undefined.";
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+    }
+    var tokenObject = parseJwt(ssoToken);
+    var userInfo = {
+        displayName: tokenObject.name,
+        objectId: tokenObject.oid,
+        preferredUserName: "",
+    };
+    if (tokenObject.ver === "2.0") {
+        userInfo.preferredUserName = tokenObject.preferred_username;
+    }
+    else if (tokenObject.ver === "1.0") {
+        userInfo.preferredUserName = tokenObject.upn;
+    }
+    return userInfo;
+}
+/**
+ * Format string template with replacements
+ *
+ * ```typescript
+ * const template = "{0} and {1} are fruit. {0} is my favorite one."
+ * const formattedStr = formatString(template, "apple", "pear"); // formattedStr: "apple and pear are fruit. apple is my favorite one."
+ * ```
+ *
+ * @param str string template
+ * @param replacements replacement string array
+ * @returns Formatted string
+ *
+ * @internal
+ */
+function formatString(str) {
+    var replacements = [];
+    for (var _i = 1; _i < arguments.length; _i++) {
+        replacements[_i - 1] = arguments[_i];
+    }
+    var args = replacements;
+    return str.replace(/{(\d+)}/g, function (match, number) {
+        return typeof args[number] != "undefined" ? args[number] : match;
+    });
+}
+/**
+ * @internal
+ */
+function validateScopesType(value) {
+    // string
+    if (typeof value === "string" || value instanceof String) {
+        return;
+    }
+    // empty array
+    if (Array.isArray(value) && value.length === 0) {
+        return;
+    }
+    // string array
+    if (Array.isArray(value) && value.length > 0 && value.every(function (item) { return typeof item === "string"; })) {
+        return;
+    }
+    var errorMsg = "The type of scopes is not valid, it must be string or string array";
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+}
+/**
+ * @internal
+ */
+var isNode = typeof process !== "undefined" &&
+    !!process.version &&
+    !!process.versions &&
+    !!process.versions.node;
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Global configuration instance
+ *
+ */
+var config;
+/**
+ * Initialize configuration from environment variables or configuration object and set the global instance
+ *
+ * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
+ *
+ * @beta
+ */
+function loadConfiguration(configuration) {
+    internalLogger.info("load configuration");
+    // browser environment
+    if (!isNode) {
+        if (!configuration) {
+            var errorMsg = "You are running the code in browser. Configuration must be passed in.";
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+        }
+        config = configuration;
+        return;
+    }
+    // node environment
+    var newAuthentication;
+    var newResources = [];
+    var defaultResourceName = "default";
+    if (configuration === null || configuration === void 0 ? void 0 : configuration.authentication) {
+        newAuthentication = configuration.authentication;
+    }
+    else {
+        newAuthentication = {
+            authorityHost: process.env.M365_AUTHORITY_HOST,
+            tenantId: process.env.M365_TENANT_ID,
+            clientId: process.env.M365_CLIENT_ID,
+            clientSecret: process.env.M365_CLIENT_SECRET,
+            simpleAuthEndpoint: process.env.SIMPLE_AUTH_ENDPOINT,
+            initiateLoginEndpoint: process.env.INITIATE_LOGIN_ENDPOINT,
+            applicationIdUri: process.env.M365_APPLICATION_ID_URI,
+        };
+    }
+    if (configuration === null || configuration === void 0 ? void 0 : configuration.resources) {
+        newResources = configuration.resources;
+    }
+    else {
+        newResources = [
+            {
+                // SQL resource
+                type: ResourceType.SQL,
+                name: defaultResourceName,
+                properties: {
+                    sqlServerEndpoint: process.env.SQL_ENDPOINT,
+                    sqlUsername: process.env.SQL_USER_NAME,
+                    sqlPassword: process.env.SQL_PASSWORD,
+                    sqlDatabaseName: process.env.SQL_DATABASE_NAME,
+                    sqlIdentityId: process.env.IDENTITY_ID,
+                },
+            },
+            {
+                // API resource
+                type: ResourceType.API,
+                name: defaultResourceName,
+                properties: {
+                    endpoint: process.env.API_ENDPOINT,
+                },
+            },
+        ];
+    }
+    config = {
+        authentication: newAuthentication,
+        resources: newResources,
+    };
+}
+/**
+ * Get configuration for a specific resource.
+ * @param {ResourceType} resourceType - The type of resource
+ * @param {string} resourceName - The name of resource, default value is "default".
+ *
+ * @returns Resource configuration for target resource from global configuration instance.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
+ *
+ * @beta
+ */
+function getResourceConfiguration(resourceType, resourceName) {
+    var _a;
+    if (resourceName === void 0) { resourceName = "default"; }
+    internalLogger.info("Get resource configuration of " + ResourceType[resourceType] + " from " + resourceName);
+    var result = (_a = config.resources) === null || _a === void 0 ? void 0 : _a.find(function (item) { return item.type === resourceType && item.name === resourceName; });
+    if (result) {
+        return result.properties;
+    }
+    var errorMsg = formatString(ErrorMessage.MissingResourceConfiguration, ResourceType[resourceType], resourceName);
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
+}
+/**
+ * Get configuration for authentication.
+ *
+ * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
+ *
+ * @beta
+ */
+function getAuthenticationConfiguration() {
+    internalLogger.info("Get authentication configuration");
+    if (config) {
+        return config.authentication;
+    }
+    var errorMsg = "Please call loadConfiguration() first before calling getAuthenticationConfiguration().";
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(formatString(ErrorMessage.ConfigurationNotExists, errorMsg), ErrorCode.InvalidConfiguration);
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved.
+ *
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ */
+var M365TenantCredential = /** @class */ (function () {
+    /**
+     * Constructor of M365TenantCredential.
+     *
+     * @remarks
+     * Only works in in server side.
+     * @beta
+     */
+    function M365TenantCredential() {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Get access token for credential.
+     *
+     * @remarks
+     * Only works in in server side.
+     * @beta
+     */
+    M365TenantCredential.prototype.getToken = function (scopes, options) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
+            });
+        });
+    };
+    return M365TenantCredential;
+}());
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Represent on-behalf-of flow to get user identity, and it is designed to be used in Azure Function or Bot scenarios.
+ *
+ * @remarks
+ * Can only be used in server side.
+ *
+ * @beta
+ */
+var OnBehalfOfUserCredential = /** @class */ (function () {
+    /**
+     * Constructor of OnBehalfOfUserCredential
+     *
+     * @remarks
+     * Can Only works in in server side.
+     * @beta
+     */
+    function OnBehalfOfUserCredential(ssoToken) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Get access token from credential.
+     * @remarks
+     * Can only be used in server side.
+     * @beta
+     */
+    OnBehalfOfUserCredential.prototype.getToken = function (scopes, options) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+            });
+        });
+    };
+    /**
+     * Get basic user info from SSO token.
+     * @remarks
+     * Can only be used in server side.
+     * @beta
+     */
+    OnBehalfOfUserCredential.prototype.getUserInfo = function () {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+    };
+    return OnBehalfOfUserCredential;
+}());
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Configuration used in initialization.
+ * @internal
+ */
+var Cache = /** @class */ (function () {
+    function Cache() {
+    }
+    Cache.get = function (key) {
+        return sessionStorage.getItem(key);
+    };
+    Cache.set = function (key, value) {
+        sessionStorage.setItem(key, value);
+    };
+    Cache.remove = function (key) {
+        sessionStorage.removeItem(key);
+    };
+    return Cache;
+}());
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @internal
+ */
+var GrantType;
+(function (GrantType) {
+    GrantType["authCode"] = "authorization_code";
+    GrantType["ssoToken"] = "sso_token";
+})(GrantType || (GrantType = {}));
+
+// Copyright (c) Microsoft Corporation.
+var accessTokenCacheKeyPrefix = "accessToken";
+var separator = "-";
+var tokenRefreshTimeSpanInMillisecond = 5 * 60 * 1000;
+var initializeTeamsSdkTimeoutInMillisecond = 5000;
+var loginPageWidth = 600;
+var loginPageHeight = 535;
+var maxRetryCount = 3;
+var retryTimeSpanInMillisecond = 3000;
+/**
+ * Represent Teams current user's identity, and it is used within Teams tab application.
+ *
+ * @remarks
+ * Can only be used within Teams.
+ *
+ * @beta
+ */
+var TeamsUserCredential = /** @class */ (function () {
+    /**
+     * Constructor of TeamsUserCredential.
+     * Developer need to call loadConfiguration(config) before using this class.
+     *
+     * @example
+     * ```typescript
+     * const config = {
+     *  authentication: {
+     *    runtimeConnectorEndpoint: "https://xxx.xxx.com",
+     *    initiateLoginEndpoint: "https://localhost:3000/auth-start.html",
+     *    clientId: "xxx"
+     *   }
+     * }
+       loadConfiguration(config); // No default config from environment variables, developers must provide the config object.
+       const credential = new TeamsUserCredential(["https://graph.microsoft.com/User.Read"]);
+     * ```
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when client id, initiate login endpoint or simple auth endpoint is not found in config.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    function TeamsUserCredential() {
+        internalLogger.info("Create teams user credential");
+        this.config = this.loadAndValidateConfig();
+        this.ssoToken = null;
+    }
+    /**
+     * Popup login page to get user's access token with specific scopes.
+     *
+     * @remarks
+     * Only works in Teams client APP. User will be redirected to the authorization page to login and consent.
+     *
+     * @example
+     * ```typescript
+     * await credential.login(["https://graph.microsoft.com/User.Read"]); // single scope using string array
+     * await credential.login("https://graph.microsoft.com/User.Read"); // single scopes using string
+     * await credential.login(["https://graph.microsoft.com/User.Read", "Calendars.Read"]); // multiple scopes using string array
+     * await credential.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
+     * ```
+     * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
+     * @throws {@link ErrorCode|ServiceError} when simple auth server failed to exchange access token.
+     * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    TeamsUserCredential.prototype.login = function (scopes) {
+        return __awaiter(this, void 0, void 0, function () {
+            var scopesStr;
+            var _this = this;
+            return __generator(this, function (_a) {
+                validateScopesType(scopes);
+                scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+                internalLogger.info("Popup login page to get user's access token with scopes: " + scopesStr);
+                return [2 /*return*/, new Promise(function (resolve, reject) {
+                        microsoftTeams.initialize(function () {
+                            microsoftTeams.authentication.authenticate({
+                                url: _this.config.initiateLoginEndpoint + "?clientId=" + _this.config.clientId + "&scope=" + encodeURI(scopesStr),
+                                width: loginPageWidth,
+                                height: loginPageHeight,
+                                successCallback: function (result) { return __awaiter(_this, void 0, void 0, function () {
+                                    var errorMsg, authCodeResult, err_1;
+                                    return __generator(this, function (_a) {
+                                        switch (_a.label) {
+                                            case 0:
+                                                if (!result) {
+                                                    errorMsg = "Get empty authentication result from Teams";
+                                                    internalLogger.error(errorMsg);
+                                                    reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                                                    return [2 /*return*/];
+                                                }
+                                                authCodeResult = JSON.parse(result);
+                                                _a.label = 1;
+                                            case 1:
+                                                _a.trys.push([1, 3, , 4]);
+                                                return [4 /*yield*/, this.exchangeAccessTokenFromSimpleAuthServer(scopesStr, authCodeResult)];
+                                            case 2:
+                                                _a.sent();
+                                                resolve();
+                                                return [3 /*break*/, 4];
+                                            case 3:
+                                                err_1 = _a.sent();
+                                                reject(this.generateAuthServerError(err_1));
+                                                return [3 /*break*/, 4];
+                                            case 4: return [2 /*return*/];
+                                        }
+                                    });
+                                }); },
+                                failureCallback: function (reason) {
+                                    var errorMsg = "Consent failed for the scope " + scopesStr + " with error: " + reason;
+                                    internalLogger.error(errorMsg);
+                                    reject(new ErrorWithCode(errorMsg, ErrorCode.ConsentFailed));
+                                },
+                            });
+                        });
+                    })];
+            });
+        });
+    };
+    /**
+     * Get access token from credential.
+     *
+     * @example
+     * ```typescript
+     * await credential.getToken([]) // Get SSO token using empty string array
+     * await credential.getToken("") // Get SSO token using empty string
+     * await credential.getToken([".default"]) // Get Graph access token with default scope using string array
+     * await credential.getToken(".default") // Get Graph access token with default scope using string
+     * await credential.getToken(["User.Read"]) // Get Graph access token for single scope using string array
+     * await credential.getToken("User.Read") // Get Graph access token for single scope using string
+     * await credential.getToken(["User.Read", "Application.Read.All"]) // Get Graph access token for multiple scopes using string array
+     * await credential.getToken("User.Read Application.Read.All") // Get Graph access token for multiple scopes using space-separated string
+     * await credential.getToken("https://graph.microsoft.com/User.Read") // Get Graph access token with full resource URI
+     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
+     * ```
+     *
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @returns User access token of defined scopes.
+     * If scopes is empty string or array, it returns SSO token.
+     * If scopes is non-empty, it returns access token for target scope.
+     * Throw error if get access token failed.
+     *
+     * @beta
+     */
+    TeamsUserCredential.prototype.getToken = function (scopes, options) {
+        return __awaiter(this, void 0, void 0, function () {
+            var ssoToken, scopeStr, cachedKey, cachedToken, accessToken;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        validateScopesType(scopes);
+                        return [4 /*yield*/, this.getSSOToken()];
+                    case 1:
+                        ssoToken = _a.sent();
+                        scopeStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+                        if (!(scopeStr === "")) return [3 /*break*/, 2];
+                        internalLogger.info("Get SSO token");
+                        return [2 /*return*/, ssoToken];
+                    case 2:
+                        internalLogger.info("Get access token with scopes: " + scopeStr);
+                        return [4 /*yield*/, this.getAccessTokenCacheKey(scopeStr)];
+                    case 3:
+                        cachedKey = _a.sent();
+                        cachedToken = this.getTokenCache(cachedKey);
+                        if (cachedToken) {
+                            if (!this.isAccessTokenNearExpired(cachedToken)) {
+                                internalLogger.verbose("Get access token from cache");
+                                return [2 /*return*/, cachedToken];
+                            }
+                            else {
+                                internalLogger.verbose("Cached access token is expired");
+                            }
+                        }
+                        else {
+                            internalLogger.verbose("No cached access token");
+                        }
+                        return [4 /*yield*/, this.getAndCacheAccessTokenFromSimpleAuthServer(scopeStr)];
+                    case 4:
+                        accessToken = _a.sent();
+                        return [2 /*return*/, accessToken];
+                }
+            });
+        });
+    };
+    /**
+     * Get basic user info from SSO token
+     *
+     * @example
+     * ```typescript
+     * const currentUser = await credential.getUserInfo();
+     * ```
+     *
+     * @throws {@link ErrorCode|InternalError} when SSO token from Teams client is not valid.
+     * @throws {@link ErrorCode|InvalidParameter} when SSO token from Teams client is empty.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @returns Basic user info with user displayName, objectId and preferredUserName.
+     *
+     * @beta
+     */
+    TeamsUserCredential.prototype.getUserInfo = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var ssoToken;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        internalLogger.info("Get basic user info from SSO token");
+                        return [4 /*yield*/, this.getSSOToken()];
+                    case 1:
+                        ssoToken = _a.sent();
+                        return [2 /*return*/, getUserInfoFromSsoToken(ssoToken.token)];
+                }
+            });
+        });
+    };
+    TeamsUserCredential.prototype.exchangeAccessTokenFromSimpleAuthServer = function (scopesStr, authCodeResult) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function () {
+            var axiosInstance, retryCount, response, tokenResult, key, err_2;
+            return __generator(this, function (_c) {
+                switch (_c.label) {
+                    case 0: return [4 /*yield*/, this.getAxiosInstance()];
+                    case 1:
+                        axiosInstance = _c.sent();
+                        retryCount = 0;
+                        _c.label = 2;
+                    case 2:
+                        _c.label = 3;
+                    case 3:
+                        _c.trys.push([3, 6, , 9]);
+                        return [4 /*yield*/, axiosInstance.post("/auth/token", {
+                                scope: scopesStr,
+                                code: authCodeResult.code,
+                                code_verifier: authCodeResult.codeVerifier,
+                                redirect_uri: authCodeResult.redirectUri,
+                                grant_type: GrantType.authCode,
+                            })];
+                    case 4:
+                        response = _c.sent();
+                        tokenResult = response.data;
+                        return [4 /*yield*/, this.getAccessTokenCacheKey(scopesStr)];
+                    case 5:
+                        key = _c.sent();
+                        this.setTokenCache(key, {
+                            token: tokenResult.access_token,
+                            expiresOnTimestamp: tokenResult.expires_on,
+                        });
+                        return [2 /*return*/];
+                    case 6:
+                        err_2 = _c.sent();
+                        if (!(((_b = (_a = err_2.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) && err_2.response.data.type === "AadUiRequiredException")) return [3 /*break*/, 8];
+                        internalLogger.warn("Exchange access token failed, retry...");
+                        if (!(retryCount < maxRetryCount)) return [3 /*break*/, 8];
+                        return [4 /*yield*/, this.sleep(retryTimeSpanInMillisecond)];
+                    case 7:
+                        _c.sent();
+                        retryCount++;
+                        return [3 /*break*/, 2];
+                    case 8: throw err_2;
+                    case 9: return [3 /*break*/, 2];
+                    case 10: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Get access token cache from authentication server
+     * @returns Access token
+     */
+    TeamsUserCredential.prototype.getAndCacheAccessTokenFromSimpleAuthServer = function (scopesStr) {
+        return __awaiter(this, void 0, void 0, function () {
+            var axiosInstance, response, accessTokenResult, accessToken, cacheKey, err_3;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 4, , 5]);
+                        internalLogger.verbose("Get access token from authentication server with scopes: " + scopesStr);
+                        return [4 /*yield*/, this.getAxiosInstance()];
+                    case 1:
+                        axiosInstance = _a.sent();
+                        return [4 /*yield*/, axiosInstance.post("/auth/token", {
+                                scope: scopesStr,
+                                grant_type: GrantType.ssoToken,
+                            })];
+                    case 2:
+                        response = _a.sent();
+                        accessTokenResult = response.data;
+                        accessToken = {
+                            token: accessTokenResult.access_token,
+                            expiresOnTimestamp: accessTokenResult.expires_on,
+                        };
+                        return [4 /*yield*/, this.getAccessTokenCacheKey(scopesStr)];
+                    case 3:
+                        cacheKey = _a.sent();
+                        this.setTokenCache(cacheKey, accessToken);
+                        return [2 /*return*/, accessToken];
+                    case 4:
+                        err_3 = _a.sent();
+                        throw this.generateAuthServerError(err_3);
+                    case 5: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Get SSO token using teams SDK
+     * It will try to get SSO token from memory first, if SSO token doesn't exist or about to expired, then it will using teams SDK to get SSO token
+     * @returns SSO token
+     */
+    TeamsUserCredential.prototype.getSSOToken = function () {
+        var _this = this;
+        return new Promise(function (resolve, reject) {
+            if (_this.ssoToken) {
+                if (_this.ssoToken.expiresOnTimestamp - Date.now() > tokenRefreshTimeSpanInMillisecond) {
+                    internalLogger.verbose("Get SSO token from memory cache");
+                    resolve(_this.ssoToken);
+                    return;
+                }
+            }
+            var initialized = false;
+            microsoftTeams.initialize(function () {
+                initialized = true;
+                microsoftTeams.authentication.getAuthToken({
+                    successCallback: function (token) {
+                        if (!token) {
+                            var errorMsg = "Get empty SSO token from Teams";
+                            internalLogger.error(errorMsg);
+                            reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                            return;
+                        }
+                        var tokenObject = parseJwt(token);
+                        if (tokenObject.ver !== "1.0" && tokenObject.ver !== "2.0") {
+                            var errorMsg = "SSO token is not valid with an unknown version: " + tokenObject.ver;
+                            internalLogger.error(errorMsg);
+                            reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                            return;
+                        }
+                        var ssoToken = {
+                            token: token,
+                            expiresOnTimestamp: tokenObject.exp * 1000,
+                        };
+                        _this.ssoToken = ssoToken;
+                        resolve(ssoToken);
+                    },
+                    failureCallback: function (errMessage) {
+                        var errorMsg = "Get SSO token failed with error: " + errMessage;
+                        internalLogger.error(errorMsg);
+                        reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                    },
+                    resources: [],
+                });
+            });
+            // If the code not running in Teams, the initialize callback function would never trigger
+            setTimeout(function () {
+                if (!initialized) {
+                    var errorMsg = "Initialize teams sdk timeout, maybe the code is not running inside Teams";
+                    internalLogger.error(errorMsg);
+                    reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                }
+            }, initializeTeamsSdkTimeoutInMillisecond);
+        });
+    };
+    /**
+     * Load and validate authentication configuration
+     * @returns Authentication configuration
+     */
+    TeamsUserCredential.prototype.loadAndValidateConfig = function () {
+        internalLogger.verbose("Validate authentication configuration");
+        var config = getAuthenticationConfiguration();
+        if (!config) {
+            internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
+            throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, ErrorCode.InvalidConfiguration);
+        }
+        if (config.initiateLoginEndpoint && config.simpleAuthEndpoint && config.clientId) {
+            return config;
+        }
+        var missingValues = [];
+        if (!config.initiateLoginEndpoint) {
+            missingValues.push("initiateLoginEndpoint");
+        }
+        if (!config.simpleAuthEndpoint) {
+            missingValues.push("simpleAuthEndpoint");
+        }
+        if (!config.clientId) {
+            missingValues.push("clientId");
+        }
+        var errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingValues.join(", "), "undefined");
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
+    };
+    /**
+     * Get axios instance with sso token bearer header
+     * @returns AxiosInstance
+     */
+    TeamsUserCredential.prototype.getAxiosInstance = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var ssoToken, axiosInstance;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getSSOToken()];
+                    case 1:
+                        ssoToken = _a.sent();
+                        axiosInstance = axios.create({
+                            baseURL: this.config.simpleAuthEndpoint,
+                        });
+                        axiosInstance.interceptors.request.use(function (config) {
+                            config.headers.Authorization = "Bearer " + ssoToken.token;
+                            return config;
+                        });
+                        return [2 /*return*/, axiosInstance];
+                }
+            });
+        });
+    };
+    /**
+     * Set access token to cache
+     * @param key
+     * @param token
+     */
+    TeamsUserCredential.prototype.setTokenCache = function (key, token) {
+        Cache.set(key, JSON.stringify(token));
+    };
+    /**
+     * Get access token from cache.
+     * If there is no cache or cannot be parsed, then it will return null
+     * @param key
+     * @returns Access token or null
+     */
+    TeamsUserCredential.prototype.getTokenCache = function (key) {
+        var value = Cache.get(key);
+        if (value === null) {
+            return null;
+        }
+        var accessToken = this.validateAndParseJson(value);
+        return accessToken;
+    };
+    /**
+     * Parses passed value as JSON access token, if value is not a valid json string JSON.parse() will throw an error.
+     * @param jsonValue
+     */
+    TeamsUserCredential.prototype.validateAndParseJson = function (jsonValue) {
+        try {
+            var parsedJson = JSON.parse(jsonValue);
+            /**
+             * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object
+             * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check
+             * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.
+             *
+             */
+            return parsedJson && typeof parsedJson === "object" ? parsedJson : null;
+        }
+        catch (error) {
+            return null;
+        }
+    };
+    /**
+     * Generate cache key
+     * @param scopesStr
+     * @returns Access token cache key, a key example: accessToken-userId-clientId-tenantId-scopes
+     */
+    TeamsUserCredential.prototype.getAccessTokenCacheKey = function (scopesStr) {
+        return __awaiter(this, void 0, void 0, function () {
+            var ssoToken, ssoTokenObj, clientId, userObjectId, tenantId, key;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0: return [4 /*yield*/, this.getSSOToken()];
+                    case 1:
+                        ssoToken = _a.sent();
+                        ssoTokenObj = parseJwt(ssoToken.token);
+                        clientId = this.config.clientId;
+                        userObjectId = ssoTokenObj.oid;
+                        tenantId = ssoTokenObj.tid;
+                        key = [accessTokenCacheKeyPrefix, userObjectId, clientId, tenantId, scopesStr]
+                            .join(separator)
+                            .replace(/" "/g, "_");
+                        return [2 /*return*/, key];
+                }
+            });
+        });
+    };
+    /**
+     * Check whether the token is about to expire (within 5 minutes)
+     * @returns Boolean value indicate whether the token is about to expire
+     */
+    TeamsUserCredential.prototype.isAccessTokenNearExpired = function (token) {
+        var expireDate = new Date(token.expiresOnTimestamp);
+        if (expireDate.getTime() - Date.now() > tokenRefreshTimeSpanInMillisecond) {
+            return false;
+        }
+        return true;
+    };
+    TeamsUserCredential.prototype.generateAuthServerError = function (err) {
+        var _a, _b;
+        var errorMessage = err.message;
+        if ((_b = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) {
+            errorMessage = err.response.data.detail;
+            if (err.response.data.type === "AadUiRequiredException") {
+                var fullErrorMsg_1 = "Failed to get access token from authentication server, please login first: " +
+                    errorMessage;
+                internalLogger.warn(fullErrorMsg_1);
+                return new ErrorWithCode(fullErrorMsg_1, ErrorCode.UiRequiredError);
+            }
+            else {
+                var fullErrorMsg_2 = "Failed to get access token from authentication server: " + errorMessage;
+                internalLogger.error(fullErrorMsg_2);
+                return new ErrorWithCode(fullErrorMsg_2, ErrorCode.ServiceError);
+            }
+        }
+        var fullErrorMsg = "Failed to get access token with error: " + errorMessage;
+        return new ErrorWithCode(fullErrorMsg, ErrorCode.InternalError);
+    };
+    TeamsUserCredential.prototype.sleep = function (ms) {
+        return new Promise(function (resolve) { return setTimeout(resolve, ms); });
+    };
+    return TeamsUserCredential;
+}());
+
+// Copyright (c) Microsoft Corporation.
+var defaultScope = "https://graph.microsoft.com/.default";
+/**
+ * Microsoft Graph auth provider for Teams Framework
+ *
+ * @beta
+ */
+var MsGraphAuthProvider = /** @class */ (function () {
+    /**
+     * Constructor of MsGraphAuthProvider.
+     *
+     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns An instance of MsGraphAuthProvider.
+     *
+     * @beta
+     */
+    function MsGraphAuthProvider(credential, scopes) {
+        this.credential = credential;
+        var scopesStr = defaultScope;
+        if (scopes) {
+            validateScopesType(scopes);
+            scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+            if (scopesStr === "") {
+                scopesStr = defaultScope;
+            }
+        }
+        internalLogger.info("Create Microsoft Graph Authentication Provider with scopes: '" + scopesStr + "'");
+        this.scopes = scopesStr;
+    }
+    /**
+     * Get access token for Microsoft Graph API requests.
+     *
+     * @throws {@link ErrorCode|InternalError} when get access token failed due to empty token or unknown other problems.
+     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth or AAD server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns Access token from the credential.
+     *
+     */
+    MsGraphAuthProvider.prototype.getAccessToken = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var accessToken;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        internalLogger.info("Get Graph Access token with scopes: '" + this.scopes + "'");
+                        return [4 /*yield*/, this.credential.getToken(this.scopes)];
+                    case 1:
+                        accessToken = _a.sent();
+                        return [2 /*return*/, new Promise(function (resolve, reject) {
+                                if (accessToken) {
+                                    resolve(accessToken.token);
+                                }
+                                else {
+                                    var errorMsg = "Graph access token is undefined or empty";
+                                    internalLogger.error(errorMsg);
+                                    reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                                }
+                            })];
+                }
+            });
+        });
+    };
+    return MsGraphAuthProvider;
+}());
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Get Microsoft graph client.
+ *
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // Sso token example (Azure Function)
+ * const ssoToken = "YOUR_TOKEN_STRING";
+ * const options = {"AAD_APP_ID", "AAD_APP_SECRET"};
+ * const credential = new OnBehalfOfAADUserCredential(ssoToken, options);
+ * const graphClient = await createMicrosoftGraphClient(credential);
+ * const profile = await graphClient.api("/me").get();
+ *
+ * // TeamsBotSsoPrompt example (Bot Application)
+ * const requiredScopes = ["User.Read"];
+ * const config: Configuration = {
+ *    loginUrl: loginUrl,
+ *    clientId: clientId,
+ *    clientSecret: clientSecret,
+ *    tenantId: tenantId
+ * };
+ * const prompt = new TeamsBotSsoPrompt(dialogId, {
+ *    config: config
+ *    scopes: '["User.Read"],
+ * });
+ * this.addDialog(prompt);
+ *
+ * const oboCredential = new OnBehalfOfAADUserCredential(
+ *  getUserId(dialogContext),
+ *  {
+ *    clientId: "AAD_APP_ID",
+ *    clientSecret: "AAD_APP_SECRET"
+ *  });
+ * try {
+ *    const graphClient = await createMicrosoftGraphClient(credential);
+ *    const profile = await graphClient.api("/me").get();
+ * } catch (e) {
+ *    dialogContext.beginDialog(dialogId);
+ *    return Dialog.endOfTurn();
+ * }
+ * ```
+ *
+ * @param {TokenCredential} credential - token credential instance.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ *
+ * @beta
+ */
+function createMicrosoftGraphClient(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    var authProvider = new MsGraphAuthProvider(credential, scopes);
+    var graphClient = Client.initWithMiddleware({
+        authProvider: authProvider,
+    });
+    return graphClient;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * SQL connection configuration instance.
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ *
+ */
+var DefaultTediousConnectionConfiguration = /** @class */ (function () {
+    function DefaultTediousConnectionConfiguration() {
+        /**
+         * MSSQL default scope
+         * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
+         */
+        this.defaultSQLScope = "https://database.windows.net/";
+    }
+    /**
+     * Generate connection configuration consumed by tedious.
+     *
+     * @returns Connection configuration of tedious for the SQL.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
+     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    DefaultTediousConnectionConfiguration.prototype.getConfig = function () {
+        return __awaiter(this, void 0, void 0, function () {
+            var configuration, errMsg, configWithUPS, configWithToken, error_1;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        internalLogger.info("Get SQL configuration");
+                        configuration = getResourceConfiguration(ResourceType.SQL);
+                        if (!configuration) {
+                            errMsg = "SQL resource configuration not exist";
+                            internalLogger.error(errMsg);
+                            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
+                        }
+                        try {
+                            this.isSQLConfigurationValid(configuration);
+                        }
+                        catch (err) {
+                            throw err;
+                        }
+                        if (!this.isMsiAuthentication()) {
+                            configWithUPS = this.generateDefaultConfig(configuration);
+                            internalLogger.verbose("SQL configuration with username and password generated");
+                            return [2 /*return*/, configWithUPS];
+                        }
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        return [4 /*yield*/, this.generateTokenConfig(configuration)];
+                    case 2:
+                        configWithToken = _a.sent();
+                        internalLogger.verbose("SQL configuration with MSI token generated");
+                        return [2 /*return*/, configWithToken];
+                    case 3:
+                        error_1 = _a.sent();
+                        throw error_1;
+                    case 4: return [2 /*return*/];
+                }
+            });
+        });
+    };
+    /**
+     * Check SQL use MSI identity or username and password.
+     *
+     * @returns false - login with SQL MSI identity, true - login with username and password.
+     * @internal
+     */
+    DefaultTediousConnectionConfiguration.prototype.isMsiAuthentication = function () {
+        internalLogger.verbose("Check connection config using MSI access token or username and password");
+        var configuration = getResourceConfiguration(ResourceType.SQL);
+        if ((configuration === null || configuration === void 0 ? void 0 : configuration.sqlUsername) != null && (configuration === null || configuration === void 0 ? void 0 : configuration.sqlPassword) != null) {
+            internalLogger.verbose("Login with username and password");
+            return false;
+        }
+        internalLogger.verbose("Login with MSI identity");
+        return true;
+    };
+    /**
+     * check configuration is an available configurations.
+     * @param { SqlConfiguration } sqlConfig
+     *
+     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
+     *          false - configuration is not valid.
+     * @internal
+     */
+    DefaultTediousConnectionConfiguration.prototype.isSQLConfigurationValid = function (sqlConfig) {
+        internalLogger.verbose("Check SQL configuration if valid");
+        if (!sqlConfig.sqlServerEndpoint) {
+            internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
+            throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", ErrorCode.InvalidConfiguration);
+        }
+        if (!(sqlConfig.sqlUsername && sqlConfig.sqlPassword) && !sqlConfig.sqlIdentityId) {
+            var errMsg = "SQL configuration is not valid without " + (sqlConfig.sqlIdentityId ? "" : "identity id ") + " " + (sqlConfig.sqlUsername ? "" : "SQL username ") + " " + (sqlConfig.sqlPassword ? "" : "SQL password") + " exist";
+            internalLogger.error(errMsg);
+            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
+        }
+        internalLogger.verbose("SQL configuration is valid");
+    };
+    /**
+     * Generate tedious connection configuration with default authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with username and password.
+     *
+     * @returns Tedious connection configuration with username and password.
+     * @internal
+     */
+    DefaultTediousConnectionConfiguration.prototype.generateDefaultConfig = function (sqlConfig) {
+        internalLogger.verbose("SQL server " + sqlConfig.sqlServerEndpoint + ", user name " + sqlConfig.sqlUsername + ", database name " + sqlConfig.sqlDatabaseName);
+        var config = {
+            server: sqlConfig.sqlServerEndpoint,
+            authentication: {
+                type: TediousAuthenticationType.default,
+                options: {
+                    userName: sqlConfig.sqlUsername,
+                    password: sqlConfig.sqlPassword,
+                },
+            },
+            options: {
+                database: sqlConfig.sqlDatabaseName,
+                encrypt: true,
+            },
+        };
+        return config;
+    };
+    /**
+     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with AAD access token.
+     *
+     * @returns Tedious connection configuration with access token.
+     * @internal
+     */
+    DefaultTediousConnectionConfiguration.prototype.generateTokenConfig = function (sqlConfig) {
+        return __awaiter(this, void 0, void 0, function () {
+            var token, credential, errMsg, config;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        internalLogger.verbose("Generate tedious config with MSI token");
+                        _a.label = 1;
+                    case 1:
+                        _a.trys.push([1, 3, , 4]);
+                        credential = new ManagedIdentityCredential(sqlConfig.sqlIdentityId);
+                        return [4 /*yield*/, credential.getToken(this.defaultSQLScope)];
+                    case 2:
+                        token = _a.sent();
+                        return [3 /*break*/, 4];
+                    case 3:
+                        _a.sent();
+                        errMsg = "Get user MSI token failed";
+                        internalLogger.error(errMsg);
+                        throw new ErrorWithCode(errMsg, ErrorCode.InternalError);
+                    case 4:
+                        if (token) {
+                            config = {
+                                server: sqlConfig.sqlServerEndpoint,
+                                authentication: {
+                                    type: TediousAuthenticationType.MSI,
+                                    options: {
+                                        token: token.token,
+                                    },
+                                },
+                                options: {
+                                    database: sqlConfig.sqlDatabaseName,
+                                    encrypt: true,
+                                },
+                            };
+                            internalLogger.verbose("Generate token configuration success, server endpoint is " + sqlConfig.sqlServerEndpoint + ", database name is " + sqlConfig.sqlDatabaseName);
+                            return [2 /*return*/, config];
+                        }
+                        internalLogger.error("Generate token configuration, server endpoint is " + sqlConfig.sqlServerEndpoint + ", MSI token is not valid");
+                        throw new ErrorWithCode("MSI token is not valid", ErrorCode.InternalError);
+                }
+            });
+        });
+    };
+    return DefaultTediousConnectionConfiguration;
+}());
+/**
+ * tedious connection config authentication type.
+ * https://tediousjs.github.io/tedious/api-connection.html
+ * @internal
+ */
+var TediousAuthenticationType;
+(function (TediousAuthenticationType) {
+    TediousAuthenticationType["default"] = "default";
+    TediousAuthenticationType["MSI"] = "azure-active-directory-access-token";
+})(TediousAuthenticationType || (TediousAuthenticationType = {}));
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Creates a new prompt that leverage Teams Single Sign On (SSO) support for bot to automatically sign in user and
+ * help receive oauth token, asks the user to consent if needed.
+ *
+ * @remarks
+ * The prompt will attempt to retrieve the users current token of the desired scopes and store it in
+ * the token store.
+ *
+ * User will be automatically signed in leveraging Teams support of Bot Single Sign On(SSO):
+ * https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots
+ *
+ * @example
+ * When used with your bots `DialogSet` you can simply add a new instance of the prompt as a named
+ * dialog using `DialogSet.add()`. You can then start the prompt from a waterfall step using either
+ * `DialogContext.beginDialog()` or `DialogContext.prompt()`. The user will be prompted to sign in as
+ * needed and their access token will be passed as an argument to the callers next waterfall step:
+ *
+ * ```JavaScript
+ * const { ConversationState, MemoryStorage } = require('botbuilder');
+ * const { DialogSet, WaterfallDialog } = require('botbuilder-dialogs');
+ * const { TeamsBotSsoPrompt } = require('@microsoft/teamsfx');
+ *
+ * const convoState = new ConversationState(new MemoryStorage());
+ * const dialogState = convoState.createProperty('dialogState');
+ * const dialogs = new DialogSet(dialogState);
+ *
+ * loadConfiguration();
+ * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
+ *    scopes: ["User.Read"],
+ * }));
+ *
+ * dialogs.add(new WaterfallDialog('taskNeedingLogin', [
+ *      async (step) => {
+ *          return await step.beginDialog('TeamsBotSsoPrompt');
+ *      },
+ *      async (step) => {
+ *          const token = step.result;
+ *          if (token) {
+ *
+ *              // ... continue with task needing access token ...
+ *
+ *          } else {
+ *              await step.context.sendActivity(`Sorry... We couldn't log you in. Try again later.`);
+ *              return await step.endDialog();
+ *          }
+ *      }
+ * ]));
+ * ```
+ *
+ * @beta
+ */
+var TeamsBotSsoPrompt = /** @class */ (function () {
+    /**
+     * Constructor of TeamsBotSsoPrompt.
+     *
+     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
+     * @param settings Settings used to configure the prompt.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    function TeamsBotSsoPrompt(dialogId, settings) {
+        this.settings = settings;
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Called when a prompt dialog is pushed onto the dialog stack and is being activated.
+     * @remarks
+     * If the task is successful, the result indicates whether the prompt is still
+     * active after the turn has been processed by the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when timeout property in teams bot sso prompt settings is not number or is not positive.
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @beta
+     */
+    TeamsBotSsoPrompt.prototype.beginDialog = function (dc) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+            });
+        });
+    };
+    /**
+     * Called when a prompt dialog is the active dialog and the user replied with a new activity.
+     *
+     * @remarks
+     * If the task is successful, the result indicates whether the dialog is still
+     * active after the turn has been processed by the dialog.
+     * The prompt generally continues to receive the user's replies until it accepts the
+     * user's reply as valid input for the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    TeamsBotSsoPrompt.prototype.continueDialog = function (dc) {
+        return __awaiter(this, void 0, void 0, function () {
+            return __generator(this, function (_a) {
+                throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+            });
+        });
+    };
+    return TeamsBotSsoPrompt;
+}());
+
+export { DefaultTediousConnectionConfiguration, ErrorCode, ErrorWithCode, LogLevel, M365TenantCredential, MsGraphAuthProvider, OnBehalfOfUserCredential, ResourceType, TeamsBotSsoPrompt, TeamsUserCredential, createMicrosoftGraphClient, getAuthenticationConfiguration, getLogLevel, getResourceConfiguration, loadConfiguration, setLogFunction, setLogLevel, setLogger };
+//# sourceMappingURL=index.esm5.js.map