@microsoft/teamsfx 0.3.3-alpha.3dc53ce2.0 → 0.3.3-alpha.7e7c7c23.0

package/dist/index.esm2017.js

@@ -0,0 +1,1413 @@
+import jwt_decode from 'jwt-decode';
+import * as microsoftTeams from '@microsoft/teams-js';
+import axios from 'axios';
+import { Client } from '@microsoft/microsoft-graph-client';
+import { ManagedIdentityCredential } from '@azure/identity';
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Error code to trace the error types.
+ * @beta
+ */
+var ErrorCode;
+(function (ErrorCode) {
+    /**
+     * Invalid parameter error.
+     */
+    ErrorCode["InvalidParameter"] = "InvalidParameter";
+    /**
+     * Invalid configuration error.
+     */
+    ErrorCode["InvalidConfiguration"] = "InvalidConfiguration";
+    /**
+     * Invalid certificate error.
+     */
+    ErrorCode["InvalidCertificate"] = "InvalidCertificate";
+    /**
+     * Internal error.
+     */
+    ErrorCode["InternalError"] = "InternalError";
+    /**
+     * Channel is not supported error.
+     */
+    ErrorCode["ChannelNotSupported"] = "ChannelNotSupported";
+    /**
+     * Runtime is not supported error.
+     */
+    ErrorCode["RuntimeNotSupported"] = "RuntimeNotSupported";
+    /**
+     * User failed to finish the AAD consent flow failed.
+     */
+    ErrorCode["ConsentFailed"] = "ConsentFailed";
+    /**
+     * The user or administrator has not consented to use the application error.
+     */
+    ErrorCode["UiRequiredError"] = "UiRequiredError";
+    /**
+     * Token is not within its valid time range error.
+     */
+    ErrorCode["TokenExpiredError"] = "TokenExpiredError";
+    /**
+     * Call service (AAD or simple authentication server) failed.
+     */
+    ErrorCode["ServiceError"] = "ServiceError";
+    /**
+     * Operation failed.
+     */
+    ErrorCode["FailedOperation"] = "FailedOperation";
+})(ErrorCode || (ErrorCode = {}));
+/**
+ * @internal
+ */
+class ErrorMessage {
+}
+// InvalidConfiguration Error
+ErrorMessage.InvalidConfiguration = "{0} in configuration is invalid: {1}.";
+ErrorMessage.ConfigurationNotExists = "Configuration does not exist. {0}";
+ErrorMessage.ResourceConfigurationNotExists = "{0} resource configuration does not exist.";
+ErrorMessage.MissingResourceConfiguration = "Missing resource configuration with type: {0}, name: {1}.";
+ErrorMessage.AuthenticationConfigurationNotExists = "Authentication configuration does not exist.";
+// RuntimeNotSupported Error
+ErrorMessage.BrowserRuntimeNotSupported = "{0} is not supported in browser.";
+ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
+// Internal Error
+ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
+// ChannelNotSupported Error
+ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+/**
+ * Error class with code and message thrown by the SDK.
+ *
+ * @beta
+ */
+class ErrorWithCode extends Error {
+    /**
+     * Constructor of ErrorWithCode.
+     *
+     * @param {string} message - error message.
+     * @param {ErrorCode} code - error code.
+     *
+     * @beta
+     */
+    constructor(message, code) {
+        if (!code) {
+            super(message);
+            return this;
+        }
+        super(message);
+        Object.setPrototypeOf(this, ErrorWithCode.prototype);
+        this.name = `${new.target.name}.${code}`;
+        this.code = code;
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Available resource type.
+ * @beta
+ */
+var ResourceType;
+(function (ResourceType) {
+    /**
+     * SQL database.
+     *
+     */
+    ResourceType[ResourceType["SQL"] = 0] = "SQL";
+    /**
+     * Rest API.
+     *
+     */
+    ResourceType[ResourceType["API"] = 1] = "API";
+})(ResourceType || (ResourceType = {}));
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Log level.
+ *
+ * @beta
+ */
+var LogLevel;
+(function (LogLevel) {
+    /**
+     * Show verbose, information, warning and error message.
+     */
+    LogLevel[LogLevel["Verbose"] = 0] = "Verbose";
+    /**
+     * Show information, warning and error message.
+     */
+    LogLevel[LogLevel["Info"] = 1] = "Info";
+    /**
+     * Show warning and error message.
+     */
+    LogLevel[LogLevel["Warn"] = 2] = "Warn";
+    /**
+     * Show error message.
+     */
+    LogLevel[LogLevel["Error"] = 3] = "Error";
+})(LogLevel || (LogLevel = {}));
+/**
+ * Update log level helper.
+ *
+ * @param { LogLevel } level - log level in configuration
+ *
+ * @beta
+ */
+function setLogLevel(level) {
+    internalLogger.level = level;
+}
+/**
+ * Get log level.
+ *
+ * @returns Log level
+ *
+ * @beta
+ */
+function getLogLevel() {
+    return internalLogger.level;
+}
+class InternalLogger {
+    constructor() {
+        this.level = undefined;
+        this.defaultLogger = {
+            verbose: console.debug,
+            info: console.info,
+            warn: console.warn,
+            error: console.error,
+        };
+    }
+    error(message) {
+        this.log(LogLevel.Error, (x) => x.error, message);
+    }
+    warn(message) {
+        this.log(LogLevel.Warn, (x) => x.warn, message);
+    }
+    info(message) {
+        this.log(LogLevel.Info, (x) => x.info, message);
+    }
+    verbose(message) {
+        this.log(LogLevel.Verbose, (x) => x.verbose, message);
+    }
+    log(logLevel, logFunction, message) {
+        if (message.trim() === "") {
+            return;
+        }
+        const timestamp = new Date().toUTCString();
+        const logHeader = `[${timestamp}] : @microsoft/teamsfx : ${LogLevel[logLevel]} - `;
+        const logMessage = `${logHeader}${message}`;
+        if (this.level !== undefined && this.level <= logLevel) {
+            if (this.customLogger) {
+                logFunction(this.customLogger)(logMessage);
+            }
+            else if (this.customLogFunction) {
+                this.customLogFunction(logLevel, logMessage);
+            }
+            else {
+                logFunction(this.defaultLogger)(logMessage);
+            }
+        }
+    }
+}
+/**
+ * Logger instance used internally
+ *
+ * @internal
+ */
+const internalLogger = new InternalLogger();
+/**
+ * Set custom logger. Use the output functions if it's set. Priority is higher than setLogFunction.
+ *
+ * @param {Logger} logger - custom logger. If it's undefined, custom logger will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogger({
+ *   verbose: console.debug,
+ *   info: console.info,
+ *   warn: console.warn,
+ *   error: console.error,
+ * });
+ * ```
+ *
+ * @beta
+ */
+function setLogger(logger) {
+    internalLogger.customLogger = logger;
+}
+/**
+ * Set custom log function. Use the function if it's set. Priority is lower than setLogger.
+ *
+ * @param {LogFunction} logFunction - custom log function. If it's undefined, custom log function will be cleared.
+ *
+ * @example
+ * ```typescript
+ * setLogFunction((level: LogLevel, message: string) => {
+ *   if (level === LogLevel.Error) {
+ *     console.log(message);
+ *   }
+ * });
+ * ```
+ *
+ * @beta
+ */
+function setLogFunction(logFunction) {
+    internalLogger.customLogFunction = logFunction;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Parse jwt token payload
+ *
+ * @param token
+ *
+ * @returns Payload object
+ *
+ * @internal
+ */
+function parseJwt(token) {
+    try {
+        const tokenObj = jwt_decode(token);
+        if (!tokenObj || !tokenObj.exp) {
+            throw new ErrorWithCode("Decoded token is null or exp claim does not exists.", ErrorCode.InternalError);
+        }
+        return tokenObj;
+    }
+    catch (err) {
+        const errorMsg = "Parse jwt token failed in node env with error: " + err.message;
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);
+    }
+}
+/**
+ * @internal
+ */
+function getUserInfoFromSsoToken(ssoToken) {
+    if (!ssoToken) {
+        const errorMsg = "SSO token is undefined.";
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+    }
+    const tokenObject = parseJwt(ssoToken);
+    const userInfo = {
+        displayName: tokenObject.name,
+        objectId: tokenObject.oid,
+        preferredUserName: "",
+    };
+    if (tokenObject.ver === "2.0") {
+        userInfo.preferredUserName = tokenObject.preferred_username;
+    }
+    else if (tokenObject.ver === "1.0") {
+        userInfo.preferredUserName = tokenObject.upn;
+    }
+    return userInfo;
+}
+/**
+ * Format string template with replacements
+ *
+ * ```typescript
+ * const template = "{0} and {1} are fruit. {0} is my favorite one."
+ * const formattedStr = formatString(template, "apple", "pear"); // formattedStr: "apple and pear are fruit. apple is my favorite one."
+ * ```
+ *
+ * @param str string template
+ * @param replacements replacement string array
+ * @returns Formatted string
+ *
+ * @internal
+ */
+function formatString(str, ...replacements) {
+    const args = replacements;
+    return str.replace(/{(\d+)}/g, function (match, number) {
+        return typeof args[number] != "undefined" ? args[number] : match;
+    });
+}
+/**
+ * @internal
+ */
+function validateScopesType(value) {
+    // string
+    if (typeof value === "string" || value instanceof String) {
+        return;
+    }
+    // empty array
+    if (Array.isArray(value) && value.length === 0) {
+        return;
+    }
+    // string array
+    if (Array.isArray(value) && value.length > 0 && value.every((item) => typeof item === "string")) {
+        return;
+    }
+    const errorMsg = "The type of scopes is not valid, it must be string or string array";
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+}
+/**
+ * @internal
+ */
+const isNode = typeof process !== "undefined" &&
+    !!process.version &&
+    !!process.versions &&
+    !!process.versions.node;
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Global configuration instance
+ *
+ */
+let config;
+/**
+ * Initialize configuration from environment variables or configuration object and set the global instance
+ *
+ * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
+ *
+ * @beta
+ */
+function loadConfiguration(configuration) {
+    internalLogger.info("load configuration");
+    // browser environment
+    if (!isNode) {
+        if (!configuration) {
+            const errorMsg = "You are running the code in browser. Configuration must be passed in.";
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+        }
+        config = configuration;
+        return;
+    }
+    // node environment
+    let newAuthentication;
+    let newResources = [];
+    const defaultResourceName = "default";
+    if (configuration === null || configuration === void 0 ? void 0 : configuration.authentication) {
+        newAuthentication = configuration.authentication;
+    }
+    else {
+        newAuthentication = {
+            authorityHost: process.env.M365_AUTHORITY_HOST,
+            tenantId: process.env.M365_TENANT_ID,
+            clientId: process.env.M365_CLIENT_ID,
+            clientSecret: process.env.M365_CLIENT_SECRET,
+            simpleAuthEndpoint: process.env.SIMPLE_AUTH_ENDPOINT,
+            initiateLoginEndpoint: process.env.INITIATE_LOGIN_ENDPOINT,
+            applicationIdUri: process.env.M365_APPLICATION_ID_URI,
+        };
+    }
+    if (configuration === null || configuration === void 0 ? void 0 : configuration.resources) {
+        newResources = configuration.resources;
+    }
+    else {
+        newResources = [
+            {
+                // SQL resource
+                type: ResourceType.SQL,
+                name: defaultResourceName,
+                properties: {
+                    sqlServerEndpoint: process.env.SQL_ENDPOINT,
+                    sqlUsername: process.env.SQL_USER_NAME,
+                    sqlPassword: process.env.SQL_PASSWORD,
+                    sqlDatabaseName: process.env.SQL_DATABASE_NAME,
+                    sqlIdentityId: process.env.IDENTITY_ID,
+                },
+            },
+            {
+                // API resource
+                type: ResourceType.API,
+                name: defaultResourceName,
+                properties: {
+                    endpoint: process.env.API_ENDPOINT,
+                },
+            },
+        ];
+    }
+    config = {
+        authentication: newAuthentication,
+        resources: newResources,
+    };
+}
+/**
+ * Get configuration for a specific resource.
+ * @param {ResourceType} resourceType - The type of resource
+ * @param {string} resourceName - The name of resource, default value is "default".
+ *
+ * @returns Resource configuration for target resource from global configuration instance.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
+ *
+ * @beta
+ */
+function getResourceConfiguration(resourceType, resourceName = "default") {
+    var _a;
+    internalLogger.info(`Get resource configuration of ${ResourceType[resourceType]} from ${resourceName}`);
+    const result = (_a = config.resources) === null || _a === void 0 ? void 0 : _a.find((item) => item.type === resourceType && item.name === resourceName);
+    if (result) {
+        return result.properties;
+    }
+    const errorMsg = formatString(ErrorMessage.MissingResourceConfiguration, ResourceType[resourceType], resourceName);
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
+}
+/**
+ * Get configuration for authentication.
+ *
+ * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
+ *
+ * @beta
+ */
+function getAuthenticationConfiguration() {
+    internalLogger.info("Get authentication configuration");
+    if (config) {
+        return config.authentication;
+    }
+    const errorMsg = "Please call loadConfiguration() first before calling getAuthenticationConfiguration().";
+    internalLogger.error(errorMsg);
+    throw new ErrorWithCode(formatString(ErrorMessage.ConfigurationNotExists, errorMsg), ErrorCode.InvalidConfiguration);
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Represent Microsoft 365 tenant identity, and it is usually used when user is not involved.
+ *
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ */
+class M365TenantCredential {
+    /**
+     * Constructor of M365TenantCredential.
+     *
+     * @remarks
+     * Only works in in server side.
+     * @beta
+     */
+    constructor() {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Get access token for credential.
+     *
+     * @remarks
+     * Only works in in server side.
+     * @beta
+     */
+    async getToken(scopes, options) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "M365TenantCredential"), ErrorCode.RuntimeNotSupported);
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Represent on-behalf-of flow to get user identity, and it is designed to be used in Azure Function or Bot scenarios.
+ *
+ * @remarks
+ * Can only be used in server side.
+ *
+ * @beta
+ */
+class OnBehalfOfUserCredential {
+    /**
+     * Constructor of OnBehalfOfUserCredential
+     *
+     * @remarks
+     * Can Only works in in server side.
+     * @beta
+     */
+    constructor(ssoToken) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Get access token from credential.
+     * @remarks
+     * Can only be used in server side.
+     * @beta
+     */
+    async getToken(scopes, options) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Get basic user info from SSO token.
+     * @remarks
+     * Can only be used in server side.
+     * @beta
+     */
+    getUserInfo() {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "OnBehalfOfUserCredential"), ErrorCode.RuntimeNotSupported);
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Configuration used in initialization.
+ * @internal
+ */
+class Cache {
+    static get(key) {
+        return sessionStorage.getItem(key);
+    }
+    static set(key, value) {
+        sessionStorage.setItem(key, value);
+    }
+    static remove(key) {
+        sessionStorage.removeItem(key);
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * @internal
+ */
+var GrantType;
+(function (GrantType) {
+    GrantType["authCode"] = "authorization_code";
+    GrantType["ssoToken"] = "sso_token";
+})(GrantType || (GrantType = {}));
+
+// Copyright (c) Microsoft Corporation.
+const accessTokenCacheKeyPrefix = "accessToken";
+const separator = "-";
+const tokenRefreshTimeSpanInMillisecond = 5 * 60 * 1000;
+const initializeTeamsSdkTimeoutInMillisecond = 5000;
+const loginPageWidth = 600;
+const loginPageHeight = 535;
+const maxRetryCount = 3;
+const retryTimeSpanInMillisecond = 3000;
+/**
+ * Represent Teams current user's identity, and it is used within Teams tab application.
+ *
+ * @remarks
+ * Can only be used within Teams.
+ *
+ * @beta
+ */
+class TeamsUserCredential {
+    /**
+     * Constructor of TeamsUserCredential.
+     * Developer need to call loadConfiguration(config) before using this class.
+     *
+     * @example
+     * ```typescript
+     * const config = {
+     *  authentication: {
+     *    runtimeConnectorEndpoint: "https://xxx.xxx.com",
+     *    initiateLoginEndpoint: "https://localhost:3000/auth-start.html",
+     *    clientId: "xxx"
+     *   }
+     * }
+       loadConfiguration(config); // No default config from environment variables, developers must provide the config object.
+       const credential = new TeamsUserCredential(["https://graph.microsoft.com/User.Read"]);
+     * ```
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when client id, initiate login endpoint or simple auth endpoint is not found in config.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    constructor() {
+        internalLogger.info("Create teams user credential");
+        this.config = this.loadAndValidateConfig();
+        this.ssoToken = null;
+    }
+    /**
+     * Popup login page to get user's access token with specific scopes.
+     *
+     * @remarks
+     * Only works in Teams client APP. User will be redirected to the authorization page to login and consent.
+     *
+     * @example
+     * ```typescript
+     * await credential.login(["https://graph.microsoft.com/User.Read"]); // single scope using string array
+     * await credential.login("https://graph.microsoft.com/User.Read"); // single scopes using string
+     * await credential.login(["https://graph.microsoft.com/User.Read", "Calendars.Read"]); // multiple scopes using string array
+     * await credential.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
+     * ```
+     * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
+     * @throws {@link ErrorCode|ServiceError} when simple auth server failed to exchange access token.
+     * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    async login(scopes) {
+        validateScopesType(scopes);
+        const scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+        internalLogger.info(`Popup login page to get user's access token with scopes: ${scopesStr}`);
+        return new Promise((resolve, reject) => {
+            microsoftTeams.initialize(() => {
+                microsoftTeams.authentication.authenticate({
+                    url: `${this.config.initiateLoginEndpoint}?clientId=${this.config.clientId}&scope=${encodeURI(scopesStr)}`,
+                    width: loginPageWidth,
+                    height: loginPageHeight,
+                    successCallback: async (result) => {
+                        if (!result) {
+                            const errorMsg = "Get empty authentication result from Teams";
+                            internalLogger.error(errorMsg);
+                            reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                            return;
+                        }
+                        const authCodeResult = JSON.parse(result);
+                        try {
+                            await this.exchangeAccessTokenFromSimpleAuthServer(scopesStr, authCodeResult);
+                            resolve();
+                        }
+                        catch (err) {
+                            reject(this.generateAuthServerError(err));
+                        }
+                    },
+                    failureCallback: (reason) => {
+                        const errorMsg = `Consent failed for the scope ${scopesStr} with error: ${reason}`;
+                        internalLogger.error(errorMsg);
+                        reject(new ErrorWithCode(errorMsg, ErrorCode.ConsentFailed));
+                    },
+                });
+            });
+        });
+    }
+    /**
+     * Get access token from credential.
+     *
+     * @example
+     * ```typescript
+     * await credential.getToken([]) // Get SSO token using empty string array
+     * await credential.getToken("") // Get SSO token using empty string
+     * await credential.getToken([".default"]) // Get Graph access token with default scope using string array
+     * await credential.getToken(".default") // Get Graph access token with default scope using string
+     * await credential.getToken(["User.Read"]) // Get Graph access token for single scope using string array
+     * await credential.getToken("User.Read") // Get Graph access token for single scope using string
+     * await credential.getToken(["User.Read", "Application.Read.All"]) // Get Graph access token for multiple scopes using string array
+     * await credential.getToken("User.Read Application.Read.All") // Get Graph access token for multiple scopes using space-separated string
+     * await credential.getToken("https://graph.microsoft.com/User.Read") // Get Graph access token with full resource URI
+     * await credential.getToken(["https://outlook.office.com/Mail.Read"]) // Get Outlook access token
+     * ```
+     *
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     * @param {GetTokenOptions} options - The options used to configure any requests this TokenCredential implementation might make.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @returns User access token of defined scopes.
+     * If scopes is empty string or array, it returns SSO token.
+     * If scopes is non-empty, it returns access token for target scope.
+     * Throw error if get access token failed.
+     *
+     * @beta
+     */
+    async getToken(scopes, options) {
+        validateScopesType(scopes);
+        const ssoToken = await this.getSSOToken();
+        const scopeStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+        if (scopeStr === "") {
+            internalLogger.info("Get SSO token");
+            return ssoToken;
+        }
+        else {
+            internalLogger.info("Get access token with scopes: " + scopeStr);
+            const cachedKey = await this.getAccessTokenCacheKey(scopeStr);
+            const cachedToken = this.getTokenCache(cachedKey);
+            if (cachedToken) {
+                if (!this.isAccessTokenNearExpired(cachedToken)) {
+                    internalLogger.verbose("Get access token from cache");
+                    return cachedToken;
+                }
+                else {
+                    internalLogger.verbose("Cached access token is expired");
+                }
+            }
+            else {
+                internalLogger.verbose("No cached access token");
+            }
+            const accessToken = await this.getAndCacheAccessTokenFromSimpleAuthServer(scopeStr);
+            return accessToken;
+        }
+    }
+    /**
+     * Get basic user info from SSO token
+     *
+     * @example
+     * ```typescript
+     * const currentUser = await credential.getUserInfo();
+     * ```
+     *
+     * @throws {@link ErrorCode|InternalError} when SSO token from Teams client is not valid.
+     * @throws {@link ErrorCode|InvalidParameter} when SSO token from Teams client is empty.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @returns Basic user info with user displayName, objectId and preferredUserName.
+     *
+     * @beta
+     */
+    async getUserInfo() {
+        internalLogger.info("Get basic user info from SSO token");
+        const ssoToken = await this.getSSOToken();
+        return getUserInfoFromSsoToken(ssoToken.token);
+    }
+    async exchangeAccessTokenFromSimpleAuthServer(scopesStr, authCodeResult) {
+        var _a, _b;
+        const axiosInstance = await this.getAxiosInstance();
+        let retryCount = 0;
+        while (true) {
+            try {
+                const response = await axiosInstance.post("/auth/token", {
+                    scope: scopesStr,
+                    code: authCodeResult.code,
+                    code_verifier: authCodeResult.codeVerifier,
+                    redirect_uri: authCodeResult.redirectUri,
+                    grant_type: GrantType.authCode,
+                });
+                const tokenResult = response.data;
+                const key = await this.getAccessTokenCacheKey(scopesStr);
+                this.setTokenCache(key, {
+                    token: tokenResult.access_token,
+                    expiresOnTimestamp: tokenResult.expires_on,
+                });
+                return;
+            }
+            catch (err) {
+                if (((_b = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) && err.response.data.type === "AadUiRequiredException") {
+                    internalLogger.warn("Exchange access token failed, retry...");
+                    if (retryCount < maxRetryCount) {
+                        await this.sleep(retryTimeSpanInMillisecond);
+                        retryCount++;
+                        continue;
+                    }
+                }
+                throw err;
+            }
+        }
+    }
+    /**
+     * Get access token cache from authentication server
+     * @returns Access token
+     */
+    async getAndCacheAccessTokenFromSimpleAuthServer(scopesStr) {
+        try {
+            internalLogger.verbose("Get access token from authentication server with scopes: " + scopesStr);
+            const axiosInstance = await this.getAxiosInstance();
+            const response = await axiosInstance.post("/auth/token", {
+                scope: scopesStr,
+                grant_type: GrantType.ssoToken,
+            });
+            const accessTokenResult = response.data;
+            const accessToken = {
+                token: accessTokenResult.access_token,
+                expiresOnTimestamp: accessTokenResult.expires_on,
+            };
+            const cacheKey = await this.getAccessTokenCacheKey(scopesStr);
+            this.setTokenCache(cacheKey, accessToken);
+            return accessToken;
+        }
+        catch (err) {
+            throw this.generateAuthServerError(err);
+        }
+    }
+    /**
+     * Get SSO token using teams SDK
+     * It will try to get SSO token from memory first, if SSO token doesn't exist or about to expired, then it will using teams SDK to get SSO token
+     * @returns SSO token
+     */
+    getSSOToken() {
+        return new Promise((resolve, reject) => {
+            if (this.ssoToken) {
+                if (this.ssoToken.expiresOnTimestamp - Date.now() > tokenRefreshTimeSpanInMillisecond) {
+                    internalLogger.verbose("Get SSO token from memory cache");
+                    resolve(this.ssoToken);
+                    return;
+                }
+            }
+            let initialized = false;
+            microsoftTeams.initialize(() => {
+                initialized = true;
+                microsoftTeams.authentication.getAuthToken({
+                    successCallback: (token) => {
+                        if (!token) {
+                            const errorMsg = "Get empty SSO token from Teams";
+                            internalLogger.error(errorMsg);
+                            reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                            return;
+                        }
+                        const tokenObject = parseJwt(token);
+                        if (tokenObject.ver !== "1.0" && tokenObject.ver !== "2.0") {
+                            const errorMsg = "SSO token is not valid with an unknown version: " + tokenObject.ver;
+                            internalLogger.error(errorMsg);
+                            reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                            return;
+                        }
+                        const ssoToken = {
+                            token,
+                            expiresOnTimestamp: tokenObject.exp * 1000,
+                        };
+                        this.ssoToken = ssoToken;
+                        resolve(ssoToken);
+                    },
+                    failureCallback: (errMessage) => {
+                        const errorMsg = "Get SSO token failed with error: " + errMessage;
+                        internalLogger.error(errorMsg);
+                        reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                    },
+                    resources: [],
+                });
+            });
+            // If the code not running in Teams, the initialize callback function would never trigger
+            setTimeout(() => {
+                if (!initialized) {
+                    const errorMsg = "Initialize teams sdk timeout, maybe the code is not running inside Teams";
+                    internalLogger.error(errorMsg);
+                    reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+                }
+            }, initializeTeamsSdkTimeoutInMillisecond);
+        });
+    }
+    /**
+     * Load and validate authentication configuration
+     * @returns Authentication configuration
+     */
+    loadAndValidateConfig() {
+        internalLogger.verbose("Validate authentication configuration");
+        const config = getAuthenticationConfiguration();
+        if (!config) {
+            internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
+            throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, ErrorCode.InvalidConfiguration);
+        }
+        if (config.initiateLoginEndpoint && config.simpleAuthEndpoint && config.clientId) {
+            return config;
+        }
+        const missingValues = [];
+        if (!config.initiateLoginEndpoint) {
+            missingValues.push("initiateLoginEndpoint");
+        }
+        if (!config.simpleAuthEndpoint) {
+            missingValues.push("simpleAuthEndpoint");
+        }
+        if (!config.clientId) {
+            missingValues.push("clientId");
+        }
+        const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingValues.join(", "), "undefined");
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
+    }
+    /**
+     * Get axios instance with sso token bearer header
+     * @returns AxiosInstance
+     */
+    async getAxiosInstance() {
+        const ssoToken = await this.getSSOToken();
+        const axiosInstance = axios.create({
+            baseURL: this.config.simpleAuthEndpoint,
+        });
+        axiosInstance.interceptors.request.use((config) => {
+            config.headers.Authorization = "Bearer " + ssoToken.token;
+            return config;
+        });
+        return axiosInstance;
+    }
+    /**
+     * Set access token to cache
+     * @param key
+     * @param token
+     */
+    setTokenCache(key, token) {
+        Cache.set(key, JSON.stringify(token));
+    }
+    /**
+     * Get access token from cache.
+     * If there is no cache or cannot be parsed, then it will return null
+     * @param key
+     * @returns Access token or null
+     */
+    getTokenCache(key) {
+        const value = Cache.get(key);
+        if (value === null) {
+            return null;
+        }
+        const accessToken = this.validateAndParseJson(value);
+        return accessToken;
+    }
+    /**
+     * Parses passed value as JSON access token, if value is not a valid json string JSON.parse() will throw an error.
+     * @param jsonValue
+     */
+    validateAndParseJson(jsonValue) {
+        try {
+            const parsedJson = JSON.parse(jsonValue);
+            /**
+             * There are edge cases in which JSON.parse will successfully parse a non-valid JSON object
+             * (e.g. JSON.parse will parse an escaped string into an unescaped string), so adding a type check
+             * of the parsed value is necessary in order to be certain that the string represents a valid JSON object.
+             *
+             */
+            return parsedJson && typeof parsedJson === "object" ? parsedJson : null;
+        }
+        catch (error) {
+            return null;
+        }
+    }
+    /**
+     * Generate cache key
+     * @param scopesStr
+     * @returns Access token cache key, a key example: accessToken-userId-clientId-tenantId-scopes
+     */
+    async getAccessTokenCacheKey(scopesStr) {
+        const ssoToken = await this.getSSOToken();
+        const ssoTokenObj = parseJwt(ssoToken.token);
+        const clientId = this.config.clientId;
+        const userObjectId = ssoTokenObj.oid;
+        const tenantId = ssoTokenObj.tid;
+        const key = [accessTokenCacheKeyPrefix, userObjectId, clientId, tenantId, scopesStr]
+            .join(separator)
+            .replace(/" "/g, "_");
+        return key;
+    }
+    /**
+     * Check whether the token is about to expire (within 5 minutes)
+     * @returns Boolean value indicate whether the token is about to expire
+     */
+    isAccessTokenNearExpired(token) {
+        const expireDate = new Date(token.expiresOnTimestamp);
+        if (expireDate.getTime() - Date.now() > tokenRefreshTimeSpanInMillisecond) {
+            return false;
+        }
+        return true;
+    }
+    generateAuthServerError(err) {
+        var _a, _b;
+        let errorMessage = err.message;
+        if ((_b = (_a = err.response) === null || _a === void 0 ? void 0 : _a.data) === null || _b === void 0 ? void 0 : _b.type) {
+            errorMessage = err.response.data.detail;
+            if (err.response.data.type === "AadUiRequiredException") {
+                const fullErrorMsg = "Failed to get access token from authentication server, please login first: " +
+                    errorMessage;
+                internalLogger.warn(fullErrorMsg);
+                return new ErrorWithCode(fullErrorMsg, ErrorCode.UiRequiredError);
+            }
+            else {
+                const fullErrorMsg = "Failed to get access token from authentication server: " + errorMessage;
+                internalLogger.error(fullErrorMsg);
+                return new ErrorWithCode(fullErrorMsg, ErrorCode.ServiceError);
+            }
+        }
+        const fullErrorMsg = "Failed to get access token with error: " + errorMessage;
+        return new ErrorWithCode(fullErrorMsg, ErrorCode.InternalError);
+    }
+    sleep(ms) {
+        return new Promise((resolve) => setTimeout(resolve, ms));
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+const defaultScope = "https://graph.microsoft.com/.default";
+/**
+ * Microsoft Graph auth provider for Teams Framework
+ *
+ * @beta
+ */
+class MsGraphAuthProvider {
+    /**
+     * Constructor of MsGraphAuthProvider.
+     *
+     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
+     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns An instance of MsGraphAuthProvider.
+     *
+     * @beta
+     */
+    constructor(credential, scopes) {
+        this.credential = credential;
+        let scopesStr = defaultScope;
+        if (scopes) {
+            validateScopesType(scopes);
+            scopesStr = typeof scopes === "string" ? scopes : scopes.join(" ");
+            if (scopesStr === "") {
+                scopesStr = defaultScope;
+            }
+        }
+        internalLogger.info(`Create Microsoft Graph Authentication Provider with scopes: '${scopesStr}'`);
+        this.scopes = scopesStr;
+    }
+    /**
+     * Get access token for Microsoft Graph API requests.
+     *
+     * @throws {@link ErrorCode|InternalError} when get access token failed due to empty token or unknown other problems.
+     * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+     * @throws {@link ErrorCode|UiRequiredError} when need user consent to get access token.
+     * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth or AAD server.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     *
+     * @returns Access token from the credential.
+     *
+     */
+    async getAccessToken() {
+        internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
+        const accessToken = await this.credential.getToken(this.scopes);
+        return new Promise((resolve, reject) => {
+            if (accessToken) {
+                resolve(accessToken.token);
+            }
+            else {
+                const errorMsg = "Graph access token is undefined or empty";
+                internalLogger.error(errorMsg);
+                reject(new ErrorWithCode(errorMsg, ErrorCode.InternalError));
+            }
+        });
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Get Microsoft graph client.
+ *
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // Sso token example (Azure Function)
+ * const ssoToken = "YOUR_TOKEN_STRING";
+ * const options = {"AAD_APP_ID", "AAD_APP_SECRET"};
+ * const credential = new OnBehalfOfAADUserCredential(ssoToken, options);
+ * const graphClient = await createMicrosoftGraphClient(credential);
+ * const profile = await graphClient.api("/me").get();
+ *
+ * // TeamsBotSsoPrompt example (Bot Application)
+ * const requiredScopes = ["User.Read"];
+ * const config: Configuration = {
+ *    loginUrl: loginUrl,
+ *    clientId: clientId,
+ *    clientSecret: clientSecret,
+ *    tenantId: tenantId
+ * };
+ * const prompt = new TeamsBotSsoPrompt(dialogId, {
+ *    config: config
+ *    scopes: '["User.Read"],
+ * });
+ * this.addDialog(prompt);
+ *
+ * const oboCredential = new OnBehalfOfAADUserCredential(
+ *  getUserId(dialogContext),
+ *  {
+ *    clientId: "AAD_APP_ID",
+ *    clientSecret: "AAD_APP_SECRET"
+ *  });
+ * try {
+ *    const graphClient = await createMicrosoftGraphClient(credential);
+ *    const profile = await graphClient.api("/me").get();
+ * } catch (e) {
+ *    dialogContext.beginDialog(dialogId);
+ *    return Dialog.endOfTurn();
+ * }
+ * ```
+ *
+ * @param {TokenCredential} credential - token credential instance.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ *
+ * @beta
+ */
+function createMicrosoftGraphClient(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const graphClient = Client.initWithMiddleware({
+        authProvider,
+    });
+    return graphClient;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * SQL connection configuration instance.
+ * @remarks
+ * Only works in in server side.
+ *
+ * @beta
+ *
+ */
+class DefaultTediousConnectionConfiguration {
+    constructor() {
+        /**
+         * MSSQL default scope
+         * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
+         */
+        this.defaultSQLScope = "https://database.windows.net/";
+    }
+    /**
+     * Generate connection configuration consumed by tedious.
+     *
+     * @returns Connection configuration of tedious for the SQL.
+     *
+     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
+     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    async getConfig() {
+        internalLogger.info("Get SQL configuration");
+        const configuration = getResourceConfiguration(ResourceType.SQL);
+        if (!configuration) {
+            const errMsg = "SQL resource configuration not exist";
+            internalLogger.error(errMsg);
+            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
+        }
+        try {
+            this.isSQLConfigurationValid(configuration);
+        }
+        catch (err) {
+            throw err;
+        }
+        if (!this.isMsiAuthentication()) {
+            const configWithUPS = this.generateDefaultConfig(configuration);
+            internalLogger.verbose("SQL configuration with username and password generated");
+            return configWithUPS;
+        }
+        try {
+            const configWithToken = await this.generateTokenConfig(configuration);
+            internalLogger.verbose("SQL configuration with MSI token generated");
+            return configWithToken;
+        }
+        catch (error) {
+            throw error;
+        }
+    }
+    /**
+     * Check SQL use MSI identity or username and password.
+     *
+     * @returns false - login with SQL MSI identity, true - login with username and password.
+     * @internal
+     */
+    isMsiAuthentication() {
+        internalLogger.verbose("Check connection config using MSI access token or username and password");
+        const configuration = getResourceConfiguration(ResourceType.SQL);
+        if ((configuration === null || configuration === void 0 ? void 0 : configuration.sqlUsername) != null && (configuration === null || configuration === void 0 ? void 0 : configuration.sqlPassword) != null) {
+            internalLogger.verbose("Login with username and password");
+            return false;
+        }
+        internalLogger.verbose("Login with MSI identity");
+        return true;
+    }
+    /**
+     * check configuration is an available configurations.
+     * @param { SqlConfiguration } sqlConfig
+     *
+     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
+     *          false - configuration is not valid.
+     * @internal
+     */
+    isSQLConfigurationValid(sqlConfig) {
+        internalLogger.verbose("Check SQL configuration if valid");
+        if (!sqlConfig.sqlServerEndpoint) {
+            internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
+            throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", ErrorCode.InvalidConfiguration);
+        }
+        if (!(sqlConfig.sqlUsername && sqlConfig.sqlPassword) && !sqlConfig.sqlIdentityId) {
+            const errMsg = `SQL configuration is not valid without ${sqlConfig.sqlIdentityId ? "" : "identity id "} ${sqlConfig.sqlUsername ? "" : "SQL username "} ${sqlConfig.sqlPassword ? "" : "SQL password"} exist`;
+            internalLogger.error(errMsg);
+            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
+        }
+        internalLogger.verbose("SQL configuration is valid");
+    }
+    /**
+     * Generate tedious connection configuration with default authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with username and password.
+     *
+     * @returns Tedious connection configuration with username and password.
+     * @internal
+     */
+    generateDefaultConfig(sqlConfig) {
+        internalLogger.verbose(`SQL server ${sqlConfig.sqlServerEndpoint}, user name ${sqlConfig.sqlUsername}, database name ${sqlConfig.sqlDatabaseName}`);
+        const config = {
+            server: sqlConfig.sqlServerEndpoint,
+            authentication: {
+                type: TediousAuthenticationType.default,
+                options: {
+                    userName: sqlConfig.sqlUsername,
+                    password: sqlConfig.sqlPassword,
+                },
+            },
+            options: {
+                database: sqlConfig.sqlDatabaseName,
+                encrypt: true,
+            },
+        };
+        return config;
+    }
+    /**
+     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
+     *
+     * @param { SqlConfiguration } SQL configuration with AAD access token.
+     *
+     * @returns Tedious connection configuration with access token.
+     * @internal
+     */
+    async generateTokenConfig(sqlConfig) {
+        internalLogger.verbose("Generate tedious config with MSI token");
+        let token;
+        try {
+            const credential = new ManagedIdentityCredential(sqlConfig.sqlIdentityId);
+            token = await credential.getToken(this.defaultSQLScope);
+        }
+        catch (error) {
+            const errMsg = "Get user MSI token failed";
+            internalLogger.error(errMsg);
+            throw new ErrorWithCode(errMsg, ErrorCode.InternalError);
+        }
+        if (token) {
+            const config = {
+                server: sqlConfig.sqlServerEndpoint,
+                authentication: {
+                    type: TediousAuthenticationType.MSI,
+                    options: {
+                        token: token.token,
+                    },
+                },
+                options: {
+                    database: sqlConfig.sqlDatabaseName,
+                    encrypt: true,
+                },
+            };
+            internalLogger.verbose(`Generate token configuration success, server endpoint is ${sqlConfig.sqlServerEndpoint}, database name is ${sqlConfig.sqlDatabaseName}`);
+            return config;
+        }
+        internalLogger.error(`Generate token configuration, server endpoint is ${sqlConfig.sqlServerEndpoint}, MSI token is not valid`);
+        throw new ErrorWithCode("MSI token is not valid", ErrorCode.InternalError);
+    }
+}
+/**
+ * tedious connection config authentication type.
+ * https://tediousjs.github.io/tedious/api-connection.html
+ * @internal
+ */
+var TediousAuthenticationType;
+(function (TediousAuthenticationType) {
+    TediousAuthenticationType["default"] = "default";
+    TediousAuthenticationType["MSI"] = "azure-active-directory-access-token";
+})(TediousAuthenticationType || (TediousAuthenticationType = {}));
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Creates a new prompt that leverage Teams Single Sign On (SSO) support for bot to automatically sign in user and
+ * help receive oauth token, asks the user to consent if needed.
+ *
+ * @remarks
+ * The prompt will attempt to retrieve the users current token of the desired scopes and store it in
+ * the token store.
+ *
+ * User will be automatically signed in leveraging Teams support of Bot Single Sign On(SSO):
+ * https://docs.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-aad-sso-bots
+ *
+ * @example
+ * When used with your bots `DialogSet` you can simply add a new instance of the prompt as a named
+ * dialog using `DialogSet.add()`. You can then start the prompt from a waterfall step using either
+ * `DialogContext.beginDialog()` or `DialogContext.prompt()`. The user will be prompted to sign in as
+ * needed and their access token will be passed as an argument to the callers next waterfall step:
+ *
+ * ```JavaScript
+ * const { ConversationState, MemoryStorage } = require('botbuilder');
+ * const { DialogSet, WaterfallDialog } = require('botbuilder-dialogs');
+ * const { TeamsBotSsoPrompt } = require('@microsoft/teamsfx');
+ *
+ * const convoState = new ConversationState(new MemoryStorage());
+ * const dialogState = convoState.createProperty('dialogState');
+ * const dialogs = new DialogSet(dialogState);
+ *
+ * loadConfiguration();
+ * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
+ *    scopes: ["User.Read"],
+ * }));
+ *
+ * dialogs.add(new WaterfallDialog('taskNeedingLogin', [
+ *      async (step) => {
+ *          return await step.beginDialog('TeamsBotSsoPrompt');
+ *      },
+ *      async (step) => {
+ *          const token = step.result;
+ *          if (token) {
+ *
+ *              // ... continue with task needing access token ...
+ *
+ *          } else {
+ *              await step.context.sendActivity(`Sorry... We couldn't log you in. Try again later.`);
+ *              return await step.endDialog();
+ *          }
+ *      }
+ * ]));
+ * ```
+ *
+ * @beta
+ */
+class TeamsBotSsoPrompt {
+    /**
+     * Constructor of TeamsBotSsoPrompt.
+     *
+     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
+     * @param settings Settings used to configure the prompt.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    constructor(dialogId, settings) {
+        this.settings = settings;
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Called when a prompt dialog is pushed onto the dialog stack and is being activated.
+     * @remarks
+     * If the task is successful, the result indicates whether the prompt is still
+     * active after the turn has been processed by the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @throws {@link ErrorCode|InvalidParameter} when timeout property in teams bot sso prompt settings is not number or is not positive.
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @beta
+     */
+    async beginDialog(dc) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Called when a prompt dialog is the active dialog and the user replied with a new activity.
+     *
+     * @remarks
+     * If the task is successful, the result indicates whether the dialog is still
+     * active after the turn has been processed by the dialog.
+     * The prompt generally continues to receive the user's replies until it accepts the
+     * user's reply as valid input for the prompt.
+     *
+     * @param dc The DialogContext for the current turn of the conversation.
+     *
+     * @returns A `Promise` representing the asynchronous operation.
+     *
+     * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+     *
+     * @beta
+     */
+    async continueDialog(dc) {
+        throw new ErrorWithCode(formatString(ErrorMessage.BrowserRuntimeNotSupported, "TeamsBotSsoPrompt"), ErrorCode.RuntimeNotSupported);
+    }
+}
+
+export { DefaultTediousConnectionConfiguration, ErrorCode, ErrorWithCode, LogLevel, M365TenantCredential, MsGraphAuthProvider, OnBehalfOfUserCredential, ResourceType, TeamsBotSsoPrompt, TeamsUserCredential, createMicrosoftGraphClient, getAuthenticationConfiguration, getLogLevel, getResourceConfiguration, loadConfiguration, setLogFunction, setLogLevel, setLogger };
+//# sourceMappingURL=index.esm2017.js.map