npm - @microsoft/teamsfx - Versions diffs - 0.3.3-alpha.3dc53ce2.0 → 0.3.3-alpha.7e7c7c23.0 - Mend

@microsoft/teamsfx 0.3.3-alpha.3dc53ce2.0 → 0.3.3-alpha.7e7c7c23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/README.md +2 -2
package/dist/index.esm2017.js +1413 -0
package/dist/index.esm2017.js.map +1 -0
package/dist/{index.js → index.esm2017.mjs} +1467 -1506
package/dist/index.esm2017.mjs.map +1 -0
package/dist/index.esm5.js +1575 -0
package/dist/index.esm5.js.map +1 -0
package/dist/index.node.cjs.js +1653 -0
package/dist/index.node.cjs.js.map +1 -0
package/package.json +58 -78
package/types/teamsfx.d.ts +0 -2
package/dist/index.js.map +0 -1
package/dist/teamsfx.js +0 -30
package/dist/teamsfx.js.map +0 -1
package/dist-esm/src/bot/teamsBotSsoPrompt.browser.js +0 -118
package/dist-esm/src/bot/teamsBotSsoPrompt.browser.js.map +0 -1
package/dist-esm/src/bot/teamsBotSsoPrompt.js +0 -349
package/dist-esm/src/bot/teamsBotSsoPrompt.js.map +0 -1
package/dist-esm/src/bot/teamsBotSsoPromptTokenResponse.js +0 -2
package/dist-esm/src/bot/teamsBotSsoPromptTokenResponse.js.map +0 -1
package/dist-esm/src/core/cache.browser.js +0 -22
package/dist-esm/src/core/cache.browser.js.map +0 -1
package/dist-esm/src/core/cache.js +0 -28
package/dist-esm/src/core/cache.js.map +0 -1
package/dist-esm/src/core/configurationProvider.js +0 -124
package/dist-esm/src/core/configurationProvider.js.map +0 -1
package/dist-esm/src/core/defaultTediousConnectionConfiguration.browser.js +0 -28
package/dist-esm/src/core/defaultTediousConnectionConfiguration.browser.js.map +0 -1
package/dist-esm/src/core/defaultTediousConnectionConfiguration.js +0 -182
package/dist-esm/src/core/defaultTediousConnectionConfiguration.js.map +0 -1
package/dist-esm/src/core/errors.js +0 -97
package/dist-esm/src/core/errors.js.map +0 -1
package/dist-esm/src/core/msGraphAuthProvider.js +0 -68
package/dist-esm/src/core/msGraphAuthProvider.js.map +0 -1
package/dist-esm/src/core/msGraphClientProvider.js +0 -65
package/dist-esm/src/core/msGraphClientProvider.js.map +0 -1
package/dist-esm/src/credential/m365TenantCredential.browser.js +0 -38
package/dist-esm/src/credential/m365TenantCredential.browser.js.map +0 -1
package/dist-esm/src/credential/m365TenantCredential.js +0 -126
package/dist-esm/src/credential/m365TenantCredential.js.map +0 -1
package/dist-esm/src/credential/onBehalfOfUserCredential.browser.js +0 -46
package/dist-esm/src/credential/onBehalfOfUserCredential.browser.js.map +0 -1
package/dist-esm/src/credential/onBehalfOfUserCredential.js +0 -178
package/dist-esm/src/credential/onBehalfOfUserCredential.js.map +0 -1
package/dist-esm/src/credential/teamsUserCredential.browser.js +0 -462
package/dist-esm/src/credential/teamsUserCredential.browser.js.map +0 -1
package/dist-esm/src/credential/teamsUserCredential.js +0 -56
package/dist-esm/src/credential/teamsUserCredential.js.map +0 -1
package/dist-esm/src/index.js +0 -14
package/dist-esm/src/index.js.map +0 -1
package/dist-esm/src/models/accessTokenResult.js +0 -4
package/dist-esm/src/models/accessTokenResult.js.map +0 -1
package/dist-esm/src/models/authCodeResult.js +0 -4
package/dist-esm/src/models/authCodeResult.js.map +0 -1
package/dist-esm/src/models/configuration.js +0 -20
package/dist-esm/src/models/configuration.js.map +0 -1
package/dist-esm/src/models/grantType.js +0 -11
package/dist-esm/src/models/grantType.js.map +0 -1
package/dist-esm/src/models/ssoTokenInfo.js +0 -4
package/dist-esm/src/models/ssoTokenInfo.js.map +0 -1
package/dist-esm/src/models/userinfo.js +0 -4
package/dist-esm/src/models/userinfo.js.map +0 -1
package/dist-esm/src/util/logger.js +0 -134
package/dist-esm/src/util/logger.js.map +0 -1
package/dist-esm/src/util/utils.js +0 -130
package/dist-esm/src/util/utils.js.map +0 -1
package/dist-esm/src/util/utils.node.js +0 -23
package/dist-esm/src/util/utils.node.js.map +0 -1

package/dist-esm/src/credential/m365TenantCredential.browser.js DELETED Viewed

@@ -1,38 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { formatString } from "../util/utils";
-import { ErrorCode, ErrorMessage, ErrorWithCode } from "../core/errors";
-/**
- * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved.
- *
- * @remarks
- * Only works in in server side.
- *
- * @beta
- */
-export class M365TenantCredential {
-    /**
-     * Constructor of M365TenantCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     * @beta
-     */
-    constructor() {
-        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
-    }
-    /**
-     * Get access token for credential.
-     *
-     * @remarks
-     * Only works in in server side.
-     * @beta
-     */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
-        });
-    }
-}
-//# sourceMappingURL=m365TenantCredential.browser.js.map

package/dist-esm/src/credential/m365TenantCredential.browser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"m365TenantCredential.browser.js","sourceRoot":"","sources":["../../../src/credential/m365TenantCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAGlC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAExE;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;;;;;OAMG;IACH;QACE,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,0BAA0B,EAAE,sBAAsB,CAAC,EAC7E,SAAS,CAAC,mBAAmB,CAC9B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,0BAA0B,EAAE,sBAAsB,CAAC,EAC7E,SAAS,CAAC,mBAAmB,CAC9B,CAAC;QACJ,CAAC;KAAA;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/identity\";\nimport { formatString } from \"../util/utils\";\nimport { ErrorCode, ErrorMessage, ErrorWithCode } from \"../core/errors\";\n\n/**\n * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved.\n *\n * @remarks\n * Only works in in server side.\n *\n * @beta\n */\nexport class M365TenantCredential implements TokenCredential {\n /**\n * Constructor of M365TenantCredential.\n *\n * @remarks\n * Only works in in server side.\n * @beta\n */\n constructor() {\n throw new ErrorWithCode(\n formatString(ErrorMessage.BrowserRuntimeNotSupported, \"M365TenantCredential\"),\n ErrorCode.RuntimeNotSupported\n );\n }\n\n /**\n * Get access token for credential.\n *\n * @remarks\n * Only works in in server side.\n * @beta\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n throw new ErrorWithCode(\n formatString(ErrorMessage.BrowserRuntimeNotSupported, \"M365TenantCredential\"),\n ErrorCode.RuntimeNotSupported\n );\n }\n}\n"]}

package/dist-esm/src/credential/m365TenantCredential.js DELETED Viewed

@@ -1,126 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { internalLogger } from "../util/logger";
-import { validateScopesType, formatString, getScopesArray } from "../util/utils";
-import { getAuthenticationConfiguration } from "../core/configurationProvider";
-import { ErrorCode, ErrorMessage, ErrorWithCode } from "../core/errors";
-import { createConfidentialClientApplication } from "../util/utils.node";
-/**
- * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved like time-triggered automation job.
- *
- * @example
- * ```typescript
- * loadConfiguration(); // load configuration from environment variables
- * const credential = new M365TenantCredential();
- * ```
- *
- * @remarks
- * Only works in in server side.
- *
- * @beta
- */
-export class M365TenantCredential {
-    /**
-     * Constructor of M365TenantCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
-     */
-    constructor() {
-        internalLogger.info("Create M365 tenant credential");
-        const config = this.loadAndValidateConfig();
-        this.msalClient = createConfidentialClientApplication(config);
-    }
-    /**
-     * Get access token for credential.
-     *
-     * @example
-     * ```typescript
-     * await credential.getToken(["User.Read.All"]) // Get Graph access token for single scope using string array
-     * await credential.getToken("User.Read.All") // Get Graph access token for single scope using string
-     * await credential.getToken(["User.Read.All", "Calendars.Read"]) // Get Graph access token for multiple scopes using string array
-     * await credential.getToken("User.Read.All Calendars.Read") // Get Graph access token for multiple scopes using space-separated string
-     * await credential.getToken("https://graph.microsoft.com/User.Read.All") // Get Graph access token with full resource URI
-     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
-     * ```
-     *
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
-     *
-     * @throws {@link ErrorCode|ServiceError} when get access token with authentication error.
-     * @throws {@link ErrorCode|InternalError} when get access token with unknown error.
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @returns Access token with expected scopes.
-     * Throw error if get access token failed.
-     *
-     * @beta
-     */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            let accessToken;
-            validateScopesType(scopes);
-            const scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
-            internalLogger.info("Get access token with scopes: " + scopesStr);
-            try {
-                const scopesArray = getScopesArray(scopes);
-                const authenticationResult = yield this.msalClient.acquireTokenByClientCredential({
-                    scopes: scopesArray,
-                });
-                if (authenticationResult) {
-                    accessToken = {
-                        token: authenticationResult.accessToken,
-                        expiresOnTimestamp: authenticationResult.expiresOn.getTime(),
-                    };
-                }
-            }
-            catch (err) {
-                const errorMsg = "Get M365 tenant credential failed with error: " + err.message;
-                internalLogger.error(errorMsg);
-                throw new ErrorWithCode(errorMsg, ErrorCode.ServiceError);
-            }
-            if (!accessToken) {
-                const errorMsg = "Get M365 tenant credential access token failed with empty access token";
-                internalLogger.error(errorMsg);
-                throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);
-            }
-            return accessToken;
-        });
-    }
-    /**
-     * Load and validate authentication configuration
-     * @returns Authentication configuration
-     */
-    loadAndValidateConfig() {
-        internalLogger.verbose("Validate authentication configuration");
-        const config = getAuthenticationConfiguration();
-        if (!config) {
-            internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
-            throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, ErrorCode.InvalidConfiguration);
-        }
-        if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {
-            return config;
-        }
-        const missingValues = [];
-        if (!config.clientId) {
-            missingValues.push("clientId");
-        }
-        if (!config.clientSecret && !config.certificateContent) {
-            missingValues.push("clientSecret or certificateContent");
-        }
-        if (!config.tenantId) {
-            missingValues.push("tenantId");
-        }
-        const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingValues.join(", "), "undefined");
-        internalLogger.error(errorMsg);
-        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
-    }
-}
-//# sourceMappingURL=m365TenantCredential.js.map

package/dist-esm/src/credential/m365TenantCredential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"m365TenantCredential.js","sourceRoot":"","sources":["../../../src/credential/m365TenantCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,8BAA8B,EAAE,MAAM,+BAA+B,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAExE,OAAO,EAAE,mCAAmC,EAAE,MAAM,oBAAoB,CAAC;AAEzE;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,oBAAoB;IAG/B;;;;;;;;;;OAUG;IACH;QACE,cAAc,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAE5C,IAAI,CAAC,UAAU,GAAG,mCAAmC,CAAC,MAAM,CAAC,CAAC;IAChE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,IAAI,WAAW,CAAC;YAChB,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC3B,MAAM,SAAS,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzE,cAAc,CAAC,IAAI,CAAC,gCAAgC,GAAG,SAAS,CAAC,CAAC;YAElE,IAAI;gBACF,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;gBAC3C,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,8BAA8B,CAAC;oBAChF,MAAM,EAAE,WAAW;iBACpB,CAAC,CAAC;gBACH,IAAI,oBAAoB,EAAE;oBACxB,WAAW,GAAG;wBACZ,KAAK,EAAE,oBAAoB,CAAC,WAAW;wBACvC,kBAAkB,EAAE,oBAAoB,CAAC,SAAU,CAAC,OAAO,EAAE;qBAC9D,CAAC;iBACH;aACF;YAAC,OAAO,GAAQ,EAAE;gBACjB,MAAM,QAAQ,GAAG,gDAAgD,GAAG,GAAG,CAAC,OAAO,CAAC;gBAChF,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC/B,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;aAC3D;YAED,IAAI,CAAC,WAAW,EAAE;gBAChB,MAAM,QAAQ,GAAG,wEAAwE,CAAC;gBAC1F,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC/B,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,aAAa,CAAC,CAAC;aAC5D;YAED,OAAO,WAAW,CAAC;QACrB,CAAC;KAAA;IAED;;;OAGG;IACK,qBAAqB;QAC3B,cAAc,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;QAEhE,MAAM,MAAM,GAAG,8BAA8B,EAAE,CAAC;QAEhD,IAAI,CAAC,MAAM,EAAE;YACX,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,oCAAoC,CAAC,CAAC;YACxE,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,oCAAoC,EACjD,SAAS,CAAC,oBAAoB,CAC/B,CAAC;SACH;QAED,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,kBAAkB,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE;YAC5F,OAAO,MAAM,CAAC;SACf;QAED,MAAM,aAAa,GAAG,EAAE,CAAC;QAEzB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAChC;QAED,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACtD,aAAa,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SAChC;QAED,MAAM,QAAQ,GAAG,YAAY,CAC3B,YAAY,CAAC,oBAAoB,EACjC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EACxB,WAAW,CACZ,CAAC;QACF,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC;IACpE,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, TokenCredential, GetTokenOptions } from \"@azure/identity\";\nimport { AuthenticationConfiguration } from \"../models/configuration\";\nimport { internalLogger } from \"../util/logger\";\nimport { validateScopesType, formatString, getScopesArray } from \"../util/utils\";\nimport { getAuthenticationConfiguration } from \"../core/configurationProvider\";\nimport { ErrorCode, ErrorMessage, ErrorWithCode } from \"../core/errors\";\nimport { ConfidentialClientApplication } from \"@azure/msal-node\";\nimport { createConfidentialClientApplication } from \"../util/utils.node\";\n\n/**\n * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved like time-triggered automation job.\n *\n * @example\n * ```typescript\n * loadConfiguration(); // load configuration from environment variables\n * const credential = new M365TenantCredential();\n * ```\n *\n * @remarks\n * Only works in in server side.\n *\n * @beta\n */\nexport class M365TenantCredential implements TokenCredential {\n private readonly msalClient: ConfidentialClientApplication;\n\n /**\n * Constructor of M365TenantCredential.\n *\n * @remarks\n * Only works in in server side.\n *\n * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.\n * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.\n *\n * @beta\n */\n constructor() {\n internalLogger.info(\"Create M365 tenant credential\");\n\n const config = this.loadAndValidateConfig();\n\n this.msalClient = createConfidentialClientApplication(config);\n }\n\n /**\n * Get access token for credential.\n *\n * @example\n * ```typescript\n * await credential.getToken([\"User.Read.All\"]) // Get Graph access token for single scope using string array\n * await credential.getToken(\"User.Read.All\") // Get Graph access token for single scope using string\n * await credential.getToken([\"User.Read.All\", \"Calendars.Read\"]) // Get Graph access token for multiple scopes using string array\n * await credential.getToken(\"User.Read.All Calendars.Read\") // Get Graph access token for multiple scopes using space-separated string\n * await credential.getToken(\"https://graph.microsoft.com/User.Read.All\") // Get Graph access token with full resource URI\n * await credential.getToken([\"https://outlook.office.com/Mail.Read\"]) // Get Outlook access token\n * ```\n *\n * @param {string | string[]} scopes - The list of scopes for which the token will have access.\n * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.\n *\n * @throws {@link ErrorCode|ServiceError} when get access token with authentication error.\n * @throws {@link ErrorCode|InternalError} when get access token with unknown error.\n * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.\n * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.\n *\n * @returns Access token with expected scopes.\n * Throw error if get access token failed.\n *\n * @beta\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n let accessToken;\n validateScopesType(scopes);\n const scopesStr = typeof scopes === \"string\" ? scopes : scopes.join(\" \");\n internalLogger.info(\"Get access token with scopes: \" + scopesStr);\n\n try {\n const scopesArray = getScopesArray(scopes);\n const authenticationResult = await this.msalClient.acquireTokenByClientCredential({\n scopes: scopesArray,\n });\n if (authenticationResult) {\n accessToken = {\n token: authenticationResult.accessToken,\n expiresOnTimestamp: authenticationResult.expiresOn!.getTime(),\n };\n }\n } catch (err: any) {\n const errorMsg = \"Get M365 tenant credential failed with error: \" + err.message;\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(errorMsg, ErrorCode.ServiceError);\n }\n\n if (!accessToken) {\n const errorMsg = \"Get M365 tenant credential access token failed with empty access token\";\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);\n }\n\n return accessToken;\n }\n\n /**\n * Load and validate authentication configuration\n * @returns Authentication configuration\n */\n private loadAndValidateConfig(): AuthenticationConfiguration {\n internalLogger.verbose(\"Validate authentication configuration\");\n\n const config = getAuthenticationConfiguration();\n\n if (!config) {\n internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);\n throw new ErrorWithCode(\n ErrorMessage.AuthenticationConfigurationNotExists,\n ErrorCode.InvalidConfiguration\n );\n }\n\n if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {\n return config;\n }\n\n const missingValues = [];\n\n if (!config.clientId) {\n missingValues.push(\"clientId\");\n }\n\n if (!config.clientSecret && !config.certificateContent) {\n missingValues.push(\"clientSecret or certificateContent\");\n }\n\n if (!config.tenantId) {\n missingValues.push(\"tenantId\");\n }\n\n const errorMsg = formatString(\n ErrorMessage.InvalidConfiguration,\n missingValues.join(\", \"),\n \"undefined\"\n );\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);\n }\n}\n"]}

package/dist-esm/src/credential/onBehalfOfUserCredential.browser.js DELETED Viewed

@@ -1,46 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { formatString } from "../util/utils";
-import { ErrorWithCode, ErrorCode, ErrorMessage } from "../core/errors";
-/**
- * Represent on-behalf-of flow to get user identity, and it is designed to be used in Azure Function or Bot scenarios.
- *
- * @remarks
- * Can only be used in server side.
- *
- * @beta
- */
-export class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Can Only works in in server side.
-     * @beta
-     */
-    constructor(ssoToken) {
-        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
-    }
-    /**
-     * Get access token from credential.
-     * @remarks
-     * Can only be used in server side.
-     * @beta
-     */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
-        });
-    }
-    /**
-     * Get basic user info from SSO token.
-     * @remarks
-     * Can only be used in server side.
-     * @beta
-     */
-    getUserInfo() {
-        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
-    }
-}
-//# sourceMappingURL=onBehalfOfUserCredential.browser.js.map

package/dist-esm/src/credential/onBehalfOfUserCredential.browser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"onBehalfOfUserCredential.browser.js","sourceRoot":"","sources":["../../../src/credential/onBehalfOfUserCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAExE;;;;;;;GAOG;AACH,MAAM,OAAO,wBAAwB;IACnC;;;;;;OAMG;IACH,YAAY,QAAgB;QAC1B,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,EACjF,SAAS,CAAC,mBAAmB,CAC9B,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,EACjF,SAAS,CAAC,mBAAmB,CAC9B,CAAC;QACJ,CAAC;KAAA;IAED;;;;;OAKG;IACI,WAAW;QAChB,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,EACjF,SAAS,CAAC,mBAAmB,CAC9B,CAAC;IACJ,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/identity\";\nimport { UserInfo } from \"../models/userinfo\";\nimport { formatString } from \"../util/utils\";\nimport { ErrorWithCode, ErrorCode, ErrorMessage } from \"../core/errors\";\n\n/**\n * Represent on-behalf-of flow to get user identity, and it is designed to be used in Azure Function or Bot scenarios.\n *\n * @remarks\n * Can only be used in server side.\n *\n * @beta\n */\nexport class OnBehalfOfUserCredential implements TokenCredential {\n /**\n * Constructor of OnBehalfOfUserCredential\n *\n * @remarks\n * Can Only works in in server side.\n * @beta\n */\n constructor(ssoToken: string) {\n throw new ErrorWithCode(\n formatString(ErrorMessage.BrowserRuntimeNotSupported, \"OnBehalfOfUserCredential\"),\n ErrorCode.RuntimeNotSupported\n );\n }\n\n /**\n * Get access token from credential.\n * @remarks\n * Can only be used in server side.\n * @beta\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n throw new ErrorWithCode(\n formatString(ErrorMessage.BrowserRuntimeNotSupported, \"OnBehalfOfUserCredential\"),\n ErrorCode.RuntimeNotSupported\n );\n }\n\n /**\n * Get basic user info from SSO token.\n * @remarks\n * Can only be used in server side.\n * @beta\n */\n public getUserInfo(): Promise<UserInfo> {\n throw new ErrorWithCode(\n formatString(ErrorMessage.BrowserRuntimeNotSupported, \"OnBehalfOfUserCredential\"),\n ErrorCode.RuntimeNotSupported\n );\n }\n}\n"]}

package/dist-esm/src/credential/onBehalfOfUserCredential.js DELETED Viewed

@@ -1,178 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-import { __awaiter } from "tslib";
-import { config } from "../core/configurationProvider";
-import { internalLogger } from "../util/logger";
-import { formatString, getScopesArray, getUserInfoFromSsoToken, parseJwt, validateScopesType, } from "../util/utils";
-import { ErrorWithCode, ErrorCode, ErrorMessage } from "../core/errors";
-import { createConfidentialClientApplication } from "../util/utils.node";
-/**
- * Represent on-behalf-of flow to get user identity, and it is designed to be used in server side.
- *
- * @example
- * ```typescript
- * loadConfiguration(); // load configuration from environment variables
- * const credential = new OnBehalfOfUserCredential(ssoToken);
- * ```
- *
- * @remarks
- * Can only be used in server side.
- *
- * @beta
- */
-export class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    constructor(ssoToken) {
-        var _a, _b, _c, _d, _e;
-        internalLogger.info("Get on behalf of user credential");
-        const missingConfigurations = [];
-        if (!((_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.clientId)) {
-            missingConfigurations.push("clientId");
-        }
-        if (!((_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.authorityHost)) {
-            missingConfigurations.push("authorityHost");
-        }
-        if (!((_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.clientSecret) && !((_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.certificateContent)) {
-            missingConfigurations.push("clientSecret or certificateContent");
-        }
-        if (!((_e = config === null || config === void 0 ? void 0 : config.authentication) === null || _e === void 0 ? void 0 : _e.tenantId)) {
-            missingConfigurations.push("tenantId");
-        }
-        if (missingConfigurations.length != 0) {
-            const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
-            internalLogger.error(errorMsg);
-            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
-        }
-        this.msalClient = createConfidentialClientApplication(config.authentication);
-        const decodedSsoToken = parseJwt(ssoToken);
-        this.ssoToken = {
-            token: ssoToken,
-            expiresOnTimestamp: decodedSsoToken.exp,
-        };
-    }
-    /**
-     * Get access token from credential.
-     *
-     * @example
-     * ```typescript
-     * await credential.getToken([]) // Get SSO token using empty string array
-     * await credential.getToken("") // Get SSO token using empty string
-     * await credential.getToken([".default"]) // Get Graph access token with default scope using string array
-     * await credential.getToken(".default") // Get Graph access token with default scope using string
-     * await credential.getToken(["User.Read"]) // Get Graph access token for single scope using string array
-     * await credential.getToken("User.Read") // Get Graph access token for single scope using string
-     * await credential.getToken(["User.Read", "Application.Read.All"]) // Get Graph access token for multiple scopes using string array
-     * await credential.getToken("User.Read Application.Read.All") // Get Graph access token for multiple scopes using space-separated string
-     * await credential.getToken("https://graph.microsoft.com/User.Read") // Get Graph access token with full resource URI
-     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
-     * ```
-     *
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
-     *
-     * @throws {@link ErrorCode|InternalError} when failed to acquire access token on behalf of user with unknown error.
-     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
-     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
-     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @returns Access token with expected scopes.
-     *
-     * @remarks
-     * If scopes is empty string or array, it returns SSO token.
-     * If scopes is non-empty, it returns access token for target scope.
-     *
-     * @beta
-     */
-    getToken(scopes, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            validateScopesType(scopes);
-            const scopesArray = getScopesArray(scopes);
-            let result;
-            if (!scopesArray.length) {
-                internalLogger.info("Get SSO token.");
-                if (Math.floor(Date.now() / 1000) > this.ssoToken.expiresOnTimestamp) {
-                    const errorMsg = "Sso token has already expired.";
-                    internalLogger.error(errorMsg);
-                    throw new ErrorWithCode(errorMsg, ErrorCode.TokenExpiredError);
-                }
-                result = this.ssoToken;
-            }
-            else {
-                internalLogger.info("Get access token with scopes: " + scopesArray.join(" "));
-                let authenticationResult;
-                try {
-                    authenticationResult = yield this.msalClient.acquireTokenOnBehalfOf({
-                        oboAssertion: this.ssoToken.token,
-                        scopes: scopesArray,
-                    });
-                }
-                catch (error) {
-                    throw this.generateAuthServerError(error);
-                }
-                if (!authenticationResult) {
-                    const errorMsg = "Access token is null";
-                    internalLogger.error(errorMsg);
-                    throw new ErrorWithCode(formatString(ErrorMessage.FailToAcquireTokenOnBehalfOfUser, errorMsg), ErrorCode.InternalError);
-                }
-                result = {
-                    token: authenticationResult.accessToken,
-                    expiresOnTimestamp: authenticationResult.expiresOn.getTime(),
-                };
-            }
-            return result;
-        });
-    }
-    /**
-     * Get basic user info from SSO token.
-     *
-     * @example
-     * ```typescript
-     * const currentUser = getUserInfo();
-     * ```
-     *
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @returns Basic user info with user displayName, objectId and preferredUserName.
-     *
-     * @beta
-     */
-    getUserInfo() {
-        internalLogger.info("Get basic user info from SSO token");
-        return getUserInfoFromSsoToken(this.ssoToken.token);
-    }
-    generateAuthServerError(err) {
-        const errorMessage = err.errorMessage;
-        if (err.name === "InteractionRequiredAuthError") {
-            const fullErrorMsg = "Failed to get access token from AAD server, interaction required: " + errorMessage;
-            internalLogger.warn(fullErrorMsg);
-            return new ErrorWithCode(fullErrorMsg, ErrorCode.UiRequiredError);
-        }
-        else if (errorMessage && errorMessage.indexOf("AADSTS500133") >= 0) {
-            const fullErrorMsg = "Failed to get access token from AAD server, sso token expired: " + errorMessage;
-            internalLogger.error(fullErrorMsg);
-            return new ErrorWithCode(fullErrorMsg, ErrorCode.TokenExpiredError);
-        }
-        else {
-            const fullErrorMsg = formatString(ErrorMessage.FailToAcquireTokenOnBehalfOfUser, errorMessage);
-            internalLogger.error(fullErrorMsg);
-            return new ErrorWithCode(fullErrorMsg, ErrorCode.ServiceError);
-        }
-    }
-}
-//# sourceMappingURL=onBehalfOfUserCredential.js.map

package/dist-esm/src/credential/onBehalfOfUserCredential.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"onBehalfOfUserCredential.js","sourceRoot":"","sources":["../../../src/credential/onBehalfOfUserCredential.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;;AAIlC,OAAO,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAEvD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EACL,YAAY,EACZ,cAAc,EACd,uBAAuB,EACvB,QAAQ,EACR,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,mCAAmC,EAAE,MAAM,oBAAoB,CAAC;AAEzE;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,wBAAwB;IAInC;;;;;;;;;;;;;OAaG;IACH,YAAY,QAAgB;;QAC1B,cAAc,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAExD,MAAM,qBAAqB,GAAa,EAAE,CAAC;QAC3C,IAAI,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,cAAc,0CAAE,QAAQ,CAAA,EAAE;YACrC,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACxC;QAED,IAAI,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,cAAc,0CAAE,aAAa,CAAA,EAAE;YAC1C,qBAAqB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;SAC7C;QAED,IAAI,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,cAAc,0CAAE,YAAY,CAAA,IAAI,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,cAAc,0CAAE,kBAAkB,CAAA,EAAE;YACxF,qBAAqB,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,CAAA,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,cAAc,0CAAE,QAAQ,CAAA,EAAE;YACrC,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;SACxC;QAED,IAAI,qBAAqB,CAAC,MAAM,IAAI,CAAC,EAAE;YACrC,MAAM,QAAQ,GAAG,YAAY,CAC3B,YAAY,CAAC,oBAAoB,EACjC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAChC,WAAW,CACZ,CAAC;YACF,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC/B,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC;SACnE;QAED,IAAI,CAAC,UAAU,GAAG,mCAAmC,CAAC,MAAM,CAAC,cAAe,CAAC,CAAC;QAE9E,MAAM,eAAe,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG;YACd,KAAK,EAAE,QAAQ;YACf,kBAAkB,EAAE,eAAe,CAAC,GAAG;SACxC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,QAAQ,CACZ,MAAyB,EACzB,OAAyB;;YAEzB,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAE3B,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;YAE3C,IAAI,MAA0B,CAAC;YAC/B,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE;gBACvB,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBACtC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE;oBACpE,MAAM,QAAQ,GAAG,gCAAgC,CAAC;oBAClD,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAC/B,MAAM,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAC;iBAChE;gBACD,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC;aACxB;iBAAM;gBACL,cAAc,CAAC,IAAI,CAAC,gCAAgC,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBAE9E,IAAI,oBAAiD,CAAC;gBACtD,IAAI;oBACF,oBAAoB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,sBAAsB,CAAC;wBAClE,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK;wBACjC,MAAM,EAAE,WAAW;qBACpB,CAAC,CAAC;iBACJ;gBAAC,OAAO,KAAK,EAAE;oBACd,MAAM,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;iBAC3C;gBAED,IAAI,CAAC,oBAAoB,EAAE;oBACzB,MAAM,QAAQ,GAAG,sBAAsB,CAAC;oBACxC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBAC/B,MAAM,IAAI,aAAa,CACrB,YAAY,CAAC,YAAY,CAAC,gCAAgC,EAAE,QAAQ,CAAC,EACrE,SAAS,CAAC,aAAa,CACxB,CAAC;iBACH;gBAED,MAAM,GAAG;oBACP,KAAK,EAAE,oBAAoB,CAAC,WAAW;oBACvC,kBAAkB,EAAE,oBAAoB,CAAC,SAAU,CAAC,OAAO,EAAE;iBAC9D,CAAC;aACH;YAED,OAAO,MAAM,CAAC;QAChB,CAAC;KAAA;IAED;;;;;;;;;;;;;;OAcG;IACI,WAAW;QAChB,cAAc,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAC1D,OAAO,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAEO,uBAAuB,CAAC,GAAQ;QACtC,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;QACtC,IAAI,GAAG,CAAC,IAAI,KAAK,8BAA8B,EAAE;YAC/C,MAAM,YAAY,GAChB,oEAAoE,GAAG,YAAY,CAAC;YACtF,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAClC,OAAO,IAAI,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,eAAe,CAAC,CAAC;SACnE;aAAM,IAAI,YAAY,IAAI,YAAY,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE;YACpE,MAAM,YAAY,GAChB,iEAAiE,GAAG,YAAY,CAAC;YACnF,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACnC,OAAO,IAAI,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,iBAAiB,CAAC,CAAC;SACrE;aAAM;YACL,MAAM,YAAY,GAAG,YAAY,CAC/B,YAAY,CAAC,gCAAgC,EAC7C,YAAY,CACb,CAAC;YACF,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACnC,OAAO,IAAI,aAAa,CAAC,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;SAChE;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken, GetTokenOptions, TokenCredential } from \"@azure/identity\";\nimport { AuthenticationResult, ConfidentialClientApplication } from \"@azure/msal-node\";\nimport { config } from \"../core/configurationProvider\";\nimport { UserInfo } from \"../models/userinfo\";\nimport { internalLogger } from \"../util/logger\";\nimport {\n formatString,\n getScopesArray,\n getUserInfoFromSsoToken,\n parseJwt,\n validateScopesType,\n} from \"../util/utils\";\nimport { ErrorWithCode, ErrorCode, ErrorMessage } from \"../core/errors\";\nimport { createConfidentialClientApplication } from \"../util/utils.node\";\n\n/**\n * Represent on-behalf-of flow to get user identity, and it is designed to be used in server side.\n *\n * @example\n * ```typescript\n * loadConfiguration(); // load configuration from environment variables\n * const credential = new OnBehalfOfUserCredential(ssoToken);\n * ```\n *\n * @remarks\n * Can only be used in server side.\n *\n * @beta\n */\nexport class OnBehalfOfUserCredential implements TokenCredential {\n private msalClient: ConfidentialClientApplication;\n private ssoToken: AccessToken;\n\n /**\n * Constructor of OnBehalfOfUserCredential\n *\n * @remarks\n * Only works in in server side.\n *\n * @param {string} ssoToken - User token provided by Teams SSO feature.\n *\n * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.\n * @throws {@link ErrorCode|InternalError} when SSO token is not valid.\n * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.\n *\n * @beta\n */\n constructor(ssoToken: string) {\n internalLogger.info(\"Get on behalf of user credential\");\n\n const missingConfigurations: string[] = [];\n if (!config?.authentication?.clientId) {\n missingConfigurations.push(\"clientId\");\n }\n\n if (!config?.authentication?.authorityHost) {\n missingConfigurations.push(\"authorityHost\");\n }\n\n if (!config?.authentication?.clientSecret && !config?.authentication?.certificateContent) {\n missingConfigurations.push(\"clientSecret or certificateContent\");\n }\n\n if (!config?.authentication?.tenantId) {\n missingConfigurations.push(\"tenantId\");\n }\n\n if (missingConfigurations.length != 0) {\n const errorMsg = formatString(\n ErrorMessage.InvalidConfiguration,\n missingConfigurations.join(\", \"),\n \"undefined\"\n );\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);\n }\n\n this.msalClient = createConfidentialClientApplication(config.authentication!);\n\n const decodedSsoToken = parseJwt(ssoToken);\n this.ssoToken = {\n token: ssoToken,\n expiresOnTimestamp: decodedSsoToken.exp,\n };\n }\n\n /**\n * Get access token from credential.\n *\n * @example\n * ```typescript\n * await credential.getToken([]) // Get SSO token using empty string array\n * await credential.getToken(\"\") // Get SSO token using empty string\n * await credential.getToken([\".default\"]) // Get Graph access token with default scope using string array\n * await credential.getToken(\".default\") // Get Graph access token with default scope using string\n * await credential.getToken([\"User.Read\"]) // Get Graph access token for single scope using string array\n * await credential.getToken(\"User.Read\") // Get Graph access token for single scope using string\n * await credential.getToken([\"User.Read\", \"Application.Read.All\"]) // Get Graph access token for multiple scopes using string array\n * await credential.getToken(\"User.Read Application.Read.All\") // Get Graph access token for multiple scopes using space-separated string\n * await credential.getToken(\"https://graph.microsoft.com/User.Read\") // Get Graph access token with full resource URI\n * await credential.getToken([\"https://outlook.office.com/Mail.Read\"]) // Get Outlook access token\n * ```\n *\n * @param {string | string[]} scopes - The list of scopes for which the token will have access.\n * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.\n *\n * @throws {@link ErrorCode|InternalError} when failed to acquire access token on behalf of user with unknown error.\n * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.\n * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.\n * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.\n * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.\n * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.\n *\n * @returns Access token with expected scopes.\n *\n * @remarks\n * If scopes is empty string or array, it returns SSO token.\n * If scopes is non-empty, it returns access token for target scope.\n *\n * @beta\n */\n async getToken(\n scopes: string | string[],\n options?: GetTokenOptions\n ): Promise<AccessToken | null> {\n validateScopesType(scopes);\n\n const scopesArray = getScopesArray(scopes);\n\n let result: AccessToken | null;\n if (!scopesArray.length) {\n internalLogger.info(\"Get SSO token.\");\n if (Math.floor(Date.now() / 1000) > this.ssoToken.expiresOnTimestamp) {\n const errorMsg = \"Sso token has already expired.\";\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(errorMsg, ErrorCode.TokenExpiredError);\n }\n result = this.ssoToken;\n } else {\n internalLogger.info(\"Get access token with scopes: \" + scopesArray.join(\" \"));\n\n let authenticationResult: AuthenticationResult | null;\n try {\n authenticationResult = await this.msalClient.acquireTokenOnBehalfOf({\n oboAssertion: this.ssoToken.token,\n scopes: scopesArray,\n });\n } catch (error) {\n throw this.generateAuthServerError(error);\n }\n\n if (!authenticationResult) {\n const errorMsg = \"Access token is null\";\n internalLogger.error(errorMsg);\n throw new ErrorWithCode(\n formatString(ErrorMessage.FailToAcquireTokenOnBehalfOfUser, errorMsg),\n ErrorCode.InternalError\n );\n }\n\n result = {\n token: authenticationResult.accessToken,\n expiresOnTimestamp: authenticationResult.expiresOn!.getTime(),\n };\n }\n\n return result;\n }\n\n /**\n * Get basic user info from SSO token.\n *\n * @example\n * ```typescript\n * const currentUser = getUserInfo();\n * ```\n *\n * @throws {@link ErrorCode|InternalError} when SSO token is not valid.\n * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.\n *\n * @returns Basic user info with user displayName, objectId and preferredUserName.\n *\n * @beta\n */\n public getUserInfo(): UserInfo {\n internalLogger.info(\"Get basic user info from SSO token\");\n return getUserInfoFromSsoToken(this.ssoToken.token);\n }\n\n private generateAuthServerError(err: any): Error {\n const errorMessage = err.errorMessage;\n if (err.name === \"InteractionRequiredAuthError\") {\n const fullErrorMsg =\n \"Failed to get access token from AAD server, interaction required: \" + errorMessage;\n internalLogger.warn(fullErrorMsg);\n return new ErrorWithCode(fullErrorMsg, ErrorCode.UiRequiredError);\n } else if (errorMessage && errorMessage.indexOf(\"AADSTS500133\") >= 0) {\n const fullErrorMsg =\n \"Failed to get access token from AAD server, sso token expired: \" + errorMessage;\n internalLogger.error(fullErrorMsg);\n return new ErrorWithCode(fullErrorMsg, ErrorCode.TokenExpiredError);\n } else {\n const fullErrorMsg = formatString(\n ErrorMessage.FailToAcquireTokenOnBehalfOfUser,\n errorMessage\n );\n internalLogger.error(fullErrorMsg);\n return new ErrorWithCode(fullErrorMsg, ErrorCode.ServiceError);\n }\n }\n}\n"]}