npm - @microsoft/teamsfx - Versions diffs - 0.5.1-rc.0 → 0.5.2-alpha.1c67600f6.0 - Mend

@microsoft/teamsfx 0.5.1-rc.0 → 0.5.2-alpha.1c67600f6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +151 -83
package/dist/index.esm2017.js +152 -185
package/dist/index.esm2017.js.map +1 -1
package/dist/index.esm2017.mjs +403 -344
package/dist/index.esm2017.mjs.map +1 -1
package/dist/index.esm5.js +159 -187
package/dist/index.esm5.js.map +1 -1
package/dist/index.node.cjs.js +421 -360
package/dist/index.node.cjs.js.map +1 -1
package/package.json +3 -5
package/types/teamsfx.d.ts +285 -231

package/dist/index.esm2017.mjs CHANGED Viewed

@@ -63,6 +63,10 @@ var ErrorCode;
      * Invalid response error.
      */
     ErrorCode["InvalidResponse"] = "InvalidResponse";
+    /**
+     * Identity type error.
+     */
+    ErrorCode["IdentityTypeNotSupported"] = "IdentityTypeNotSupported";
 })(ErrorCode || (ErrorCode = {}));
 /**
  * @internal
@@ -82,6 +86,8 @@ ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
 ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
 // ChannelNotSupported Error
 ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+// IdentityTypeNotSupported Error
+ErrorMessage.IdentityTypeNotSupported = "{0} identity is not supported in {1}";
 /**
  * Error class with code and message thrown by the SDK.
  *
@@ -108,26 +114,6 @@ class ErrorWithCode extends Error {
     }
 }
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * Available resource type.
- * @beta
- */
-var ResourceType;
-(function (ResourceType) {
-    /**
-     * SQL database.
-     *
-     */
-    ResourceType[ResourceType["SQL"] = 0] = "SQL";
-    /**
-     * Rest API.
-     *
-     */
-    ResourceType[ResourceType["API"] = 1] = "API";
-})(ResourceType || (ResourceType = {}));
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -370,131 +356,6 @@ function getScopesArray(scopes) {
 function getAuthority(authorityHost, tenantId) {
     const normalizedAuthorityHost = authorityHost.replace(/\/+$/g, "");
     return normalizedAuthorityHost + "/" + tenantId;
-}
-/**
- * @internal
- */
-const isNode = typeof process !== "undefined" &&
-    !!process.version &&
-    !!process.versions &&
-    !!process.versions.node;
-// Copyright (c) Microsoft Corporation.
-/**
- * Global configuration instance
- *
- */
-let config;
-/**
- * Initialize configuration from environment variables or configuration object and set the global instance
- *
- * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
- *
- * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
- *
- * @beta
- */
-function loadConfiguration(configuration) {
-    internalLogger.info("load configuration");
-    // browser environment
-    if (!isNode) {
-        if (!configuration) {
-            const errorMsg = "You are running the code in browser. Configuration must be passed in.";
-            internalLogger.error(errorMsg);
-            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
-        }
-        config = configuration;
-        return;
-    }
-    // node environment
-    let newAuthentication;
-    let newResources = [];
-    const defaultResourceName = "default";
-    if (configuration === null || configuration === void 0 ? void 0 : configuration.authentication) {
-        newAuthentication = configuration.authentication;
-    }
-    else {
-        newAuthentication = {
-            authorityHost: process.env.M365_AUTHORITY_HOST,
-            tenantId: process.env.M365_TENANT_ID,
-            clientId: process.env.M365_CLIENT_ID,
-            clientSecret: process.env.M365_CLIENT_SECRET,
-            simpleAuthEndpoint: process.env.SIMPLE_AUTH_ENDPOINT,
-            initiateLoginEndpoint: process.env.INITIATE_LOGIN_ENDPOINT,
-            applicationIdUri: process.env.M365_APPLICATION_ID_URI,
-        };
-    }
-    if (configuration === null || configuration === void 0 ? void 0 : configuration.resources) {
-        newResources = configuration.resources;
-    }
-    else {
-        newResources = [
-            {
-                // SQL resource
-                type: ResourceType.SQL,
-                name: defaultResourceName,
-                properties: {
-                    sqlServerEndpoint: process.env.SQL_ENDPOINT,
-                    sqlUsername: process.env.SQL_USER_NAME,
-                    sqlPassword: process.env.SQL_PASSWORD,
-                    sqlDatabaseName: process.env.SQL_DATABASE_NAME,
-                    sqlIdentityId: process.env.IDENTITY_ID,
-                },
-            },
-            {
-                // API resource
-                type: ResourceType.API,
-                name: defaultResourceName,
-                properties: {
-                    endpoint: process.env.API_ENDPOINT,
-                },
-            },
-        ];
-    }
-    config = {
-        authentication: newAuthentication,
-        resources: newResources,
-    };
-}
-/**
- * Get configuration for a specific resource.
- * @param {ResourceType} resourceType - The type of resource
- * @param {string} resourceName - The name of resource, default value is "default".
- *
- * @returns Resource configuration for target resource from global configuration instance.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
- *
- * @beta
- */
-function getResourceConfiguration(resourceType, resourceName = "default") {
-    var _a;
-    internalLogger.info(`Get resource configuration of ${ResourceType[resourceType]} from ${resourceName}`);
-    const result = (_a = config.resources) === null || _a === void 0 ? void 0 : _a.find((item) => item.type === resourceType && item.name === resourceName);
-    if (result) {
-        return result.properties;
-    }
-    const errorMsg = formatString(ErrorMessage.MissingResourceConfiguration, ResourceType[resourceType], resourceName);
-    internalLogger.error(errorMsg);
-    throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
-}
-/**
- * Get configuration for authentication.
- *
- * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
- *
- * @beta
- */
-function getAuthenticationConfiguration() {
-    internalLogger.info("Get authentication configuration");
-    if (config) {
-        return config.authentication;
-    }
-    const errorMsg = "Please call loadConfiguration() first before calling getAuthenticationConfiguration().";
-    internalLogger.error(errorMsg);
-    throw new ErrorWithCode(formatString(ErrorMessage.ConfigurationNotExists, errorMsg), ErrorCode.InvalidConfiguration);
 }
 /**
@@ -548,7 +409,7 @@ function parseCertificate(certificateContent) {
  * @example
  * ```typescript
  * loadConfiguration(); // load configuration from environment variables
- * const credential = new M365TenantCredential();
+ * const credential = new AppCredential();
  * ```
  *
  * @remarks
@@ -556,21 +417,23 @@ function parseCertificate(certificateContent) {
  *
  * @beta
  */
-class M365TenantCredential {
+class AppCredential {
     /**
-     * Constructor of M365TenantCredential.
+     * Constructor of AppCredential.
      *
      * @remarks
      * Only works in in server side.
      *
+     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
+     *
      * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
      *
      * @beta
      */
-    constructor() {
+    constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
-        const config = this.loadAndValidateConfig();
+        const config = this.loadAndValidateConfig(authConfig);
         this.msalClient = createConfidentialClientApplication(config);
     }
     /**
@@ -630,15 +493,13 @@ class M365TenantCredential {
     }
     /**
      * Load and validate authentication configuration
+     *
+     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
+     *
      * @returns Authentication configuration
      */
-    loadAndValidateConfig() {
+    loadAndValidateConfig(config) {
         internalLogger.verbose("Validate authentication configuration");
-        const config = getAuthenticationConfiguration();
-        if (!config) {
-            internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
-            throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, ErrorCode.InvalidConfiguration);
-        }
         if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {
             return config;
         }
@@ -664,7 +525,6 @@ class M365TenantCredential {
  *
  * @example
  * ```typescript
- * loadConfiguration(); // load configuration from environment variables
  * const credential = new OnBehalfOfUserCredential(ssoToken);
  * ```
  *
@@ -681,6 +541,7 @@ class OnBehalfOfUserCredential {
      * Only works in in server side.
      *
      * @param {string} ssoToken - User token provided by Teams SSO feature.
+     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
      *
      * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
      * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
@@ -688,20 +549,19 @@ class OnBehalfOfUserCredential {
      *
      * @beta
      */
-    constructor(ssoToken) {
-        var _a, _b, _c, _d, _e;
+    constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
-        if (!((_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.clientId)) {
+        if (!config.clientId) {
             missingConfigurations.push("clientId");
         }
-        if (!((_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.authorityHost)) {
+        if (!config.authorityHost) {
             missingConfigurations.push("authorityHost");
         }
-        if (!((_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.clientSecret) && !((_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.certificateContent)) {
+        if (!config.clientSecret && !config.certificateContent) {
             missingConfigurations.push("clientSecret or certificateContent");
         }
-        if (!((_e = config === null || config === void 0 ? void 0 : config.authentication) === null || _e === void 0 ? void 0 : _e.tenantId)) {
+        if (!config.tenantId) {
             missingConfigurations.push("tenantId");
         }
         if (missingConfigurations.length != 0) {
@@ -709,7 +569,7 @@ class OnBehalfOfUserCredential {
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
         }
-        this.msalClient = createConfidentialClientApplication(config.authentication);
+        this.msalClient = createConfidentialClientApplication(config);
         const decodedSsoToken = parseJwt(ssoToken);
         this.ssoToken = {
             token: ssoToken,
@@ -843,7 +703,7 @@ class TeamsUserCredential {
      * Can only be used within Teams.
      * @beta
      */
-    constructor() {
+    constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
     /**
@@ -886,7 +746,7 @@ class MsGraphAuthProvider {
     /**
      * Constructor of MsGraphAuthProvider.
      *
-     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
+     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
      * @param {string | string[]} scopes - The list of scopes for which the token will have access.
      *
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
@@ -895,8 +755,8 @@ class MsGraphAuthProvider {
      *
      * @beta
      */
-    constructor(credential, scopes) {
-        this.credential = credential;
+    constructor(teamsfx, scopes) {
+        this.teamsfx = teamsfx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -922,7 +782,7 @@ class MsGraphAuthProvider {
      */
     async getAccessToken() {
         internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-        const accessToken = await this.credential.getToken(this.scopes);
+        const accessToken = await this.teamsfx.getCredential().getToken(this.scopes);
         return new Promise((resolve, reject) => {
             if (accessToken) {
                 resolve(accessToken.token);
@@ -979,7 +839,7 @@ class MsGraphAuthProvider {
  * }
  * ```
  *
- * @param {TokenCredential} credential - token credential instance.
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
  * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
  *
  * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
@@ -988,9 +848,9 @@ class MsGraphAuthProvider {
  *
  * @beta
  */
-function createMicrosoftGraphClient(credential, scopes) {
+function createMicrosoftGraphClient(teamsfx, scopes) {
     internalLogger.info("Create Microsoft Graph Client");
-    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const authProvider = new MsGraphAuthProvider(teamsfx, scopes);
     const graphClient = Client.initWithMiddleware({
         authProvider,
     });
@@ -999,172 +859,161 @@ function createMicrosoftGraphClient(credential, scopes) {
 // Copyright (c) Microsoft Corporation.
 /**
- * SQL connection configuration instance.
- * @remarks
- * Only works in in server side.
+ * MSSQL default scope
+ * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
+ */
+const defaultSQLScope = "https://database.windows.net/";
+/**
+ * Generate connection configuration consumed by tedious.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
+ *
+ * @returns Connection configuration of tedious for the SQL.
+ *
+ * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
+ * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
  *
  * @beta
+ */
+async function getTediousConnectionConfig(teamsfx, databaseName) {
+    internalLogger.info("Get SQL configuration");
+    try {
+        isSQLConfigurationValid(teamsfx);
+    }
+    catch (err) {
+        throw err;
+    }
+    if (databaseName === "") {
+        internalLogger.warn(`SQL database name is empty string`);
+    }
+    const dbName = databaseName !== null && databaseName !== void 0 ? databaseName : (teamsfx.hasConfig("sqlDatabaseName") ? teamsfx.getConfig("sqlDatabaseName") : undefined);
+    if (!isMsiAuthentication(teamsfx)) {
+        const configWithUPS = generateDefaultConfig(teamsfx, dbName);
+        internalLogger.verbose("SQL configuration with username and password generated");
+        return configWithUPS;
+    }
+    try {
+        const configWithToken = await generateTokenConfig(teamsfx, dbName);
+        internalLogger.verbose("SQL configuration with MSI token generated");
+        return configWithToken;
+    }
+    catch (error) {
+        throw error;
+    }
+}
+/**
+ * check configuration is an available configurations.
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
  *
+ * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
+ *          false - configuration is not valid.
+ * @internal
  */
-class DefaultTediousConnectionConfiguration {
-    constructor() {
-        /**
-         * MSSQL default scope
-         * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
-         */
-        this.defaultSQLScope = "https://database.windows.net/";
+function isSQLConfigurationValid(teamsfx) {
+    internalLogger.verbose("Check SQL configuration if valid");
+    if (!teamsfx.hasConfig("sqlServerEndpoint")) {
+        internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
+        throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", ErrorCode.InvalidConfiguration);
     }
-    /**
-     * Generate connection configuration consumed by tedious.
-     *
-     * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
-     *
-     * @returns Connection configuration of tedious for the SQL.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
-     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    async getConfig(databaseName) {
-        internalLogger.info("Get SQL configuration");
-        const configuration = getResourceConfiguration(ResourceType.SQL);
-        if (!configuration) {
-            const errMsg = "SQL resource configuration not exist";
-            internalLogger.error(errMsg);
-            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
-        }
-        try {
-            this.isSQLConfigurationValid(configuration);
-        }
-        catch (err) {
-            throw err;
-        }
-        if (!this.isMsiAuthentication()) {
-            const configWithUPS = this.generateDefaultConfig(configuration, databaseName);
-            internalLogger.verbose("SQL configuration with username and password generated");
-            return configWithUPS;
-        }
-        try {
-            const configWithToken = await this.generateTokenConfig(configuration, databaseName);
-            internalLogger.verbose("SQL configuration with MSI token generated");
-            return configWithToken;
-        }
-        catch (error) {
-            throw error;
-        }
+    if (!(teamsfx.hasConfig("sqlUsername") && teamsfx.hasConfig("sqlPassword")) &&
+        !teamsfx.hasConfig("sqlIdentityId")) {
+        const errMsg = `SQL configuration is not valid without ${teamsfx.hasConfig("sqlIdentityId") ? "" : "identity id "} ${teamsfx.hasConfig("sqlUsername") ? "" : "SQL username "} ${teamsfx.hasConfig("sqlPassword") ? "" : "SQL password"} exist`;
+        internalLogger.error(errMsg);
+        throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
     }
-    /**
-     * Check SQL use MSI identity or username and password.
-     *
-     * @returns false - login with SQL MSI identity, true - login with username and password.
-     * @internal
-     */
-    isMsiAuthentication() {
-        internalLogger.verbose("Check connection config using MSI access token or username and password");
-        const configuration = getResourceConfiguration(ResourceType.SQL);
-        if ((configuration === null || configuration === void 0 ? void 0 : configuration.sqlUsername) != null && (configuration === null || configuration === void 0 ? void 0 : configuration.sqlPassword) != null) {
-            internalLogger.verbose("Login with username and password");
-            return false;
-        }
-        internalLogger.verbose("Login with MSI identity");
-        return true;
+    internalLogger.verbose("SQL configuration is valid");
+}
+/**
+ * Check SQL use MSI identity or username and password.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ *
+ * @returns false - login with SQL MSI identity, true - login with username and password.
+ * @internal
+ */
+function isMsiAuthentication(teamsfx) {
+    internalLogger.verbose("Check connection config using MSI access token or username and password");
+    if (teamsfx.hasConfig("sqlUsername") && teamsfx.hasConfig("sqlPassword")) {
+        internalLogger.verbose("Login with username and password");
+        return false;
     }
-    /**
-     * check configuration is an available configurations.
-     * @param { SqlConfiguration } sqlConfig
-     *
-     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
-     *          false - configuration is not valid.
-     * @internal
-     */
-    isSQLConfigurationValid(sqlConfig) {
-        internalLogger.verbose("Check SQL configuration if valid");
-        if (!sqlConfig.sqlServerEndpoint) {
-            internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
-            throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", ErrorCode.InvalidConfiguration);
-        }
-        if (!(sqlConfig.sqlUsername && sqlConfig.sqlPassword) && !sqlConfig.sqlIdentityId) {
-            const errMsg = `SQL configuration is not valid without ${sqlConfig.sqlIdentityId ? "" : "identity id "} ${sqlConfig.sqlUsername ? "" : "SQL username "} ${sqlConfig.sqlPassword ? "" : "SQL password"} exist`;
-            internalLogger.error(errMsg);
-            throw new ErrorWithCode(errMsg, ErrorCode.InvalidConfiguration);
-        }
-        internalLogger.verbose("SQL configuration is valid");
+    internalLogger.verbose("Login with MSI identity");
+    return true;
+}
+/**
+ * Generate tedious connection configuration with default authentication type.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
+ *
+ * @returns Tedious connection configuration with username and password.
+ * @internal
+ */
+function generateDefaultConfig(teamsfx, databaseName) {
+    internalLogger.verbose(`SQL server ${teamsfx.getConfig("sqlServerEndpoint")}
+    , user name ${teamsfx.getConfig("sqlUsername")}
+    , database name ${databaseName}`);
+    const config = {
+        server: teamsfx.getConfig("sqlServerEndpoint"),
+        authentication: {
+            type: TediousAuthenticationType.default,
+            options: {
+                userName: teamsfx.getConfig("sqlUsername"),
+                password: teamsfx.getConfig("sqlPassword"),
+            },
+        },
+        options: {
+            database: databaseName,
+            encrypt: true,
+        },
+    };
+    return config;
+}
+/**
+ * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ *
+ * @returns Tedious connection configuration with access token.
+ * @internal
+ */
+async function generateTokenConfig(teamsfx, databaseName) {
+    internalLogger.verbose("Generate tedious config with MSI token");
+    let token;
+    try {
+        const credential = new ManagedIdentityCredential(teamsfx.getConfig("sqlIdentityId"));
+        token = await credential.getToken(defaultSQLScope);
     }
-    /**
-     * Generate tedious connection configuration with default authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with username and password.
-     *
-     * @returns Tedious connection configuration with username and password.
-     * @internal
-     */
-    generateDefaultConfig(sqlConfig, databaseName) {
-        if (databaseName === "") {
-            internalLogger.warn(`SQL database name is empty string`);
-        }
-        const dbName = databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName;
-        internalLogger.verbose(`SQL server ${sqlConfig.sqlServerEndpoint}, user name ${sqlConfig.sqlUsername}, database name ${dbName}`);
+    catch (error) {
+        const errMsg = "Get user MSI token failed";
+        internalLogger.error(errMsg);
+        throw new ErrorWithCode(errMsg, ErrorCode.InternalError);
+    }
+    if (token) {
         const config = {
-            server: sqlConfig.sqlServerEndpoint,
+            server: teamsfx.getConfig("sqlServerEndpoint"),
             authentication: {
-                type: TediousAuthenticationType.default,
+                type: TediousAuthenticationType.MSI,
                 options: {
-                    userName: sqlConfig.sqlUsername,
-                    password: sqlConfig.sqlPassword,
+                    token: token.token,
                 },
             },
             options: {
-                database: dbName,
+                database: databaseName,
                 encrypt: true,
             },
         };
+        internalLogger.verbose(`Generate token configuration success
+      , server endpoint is ${teamsfx.getConfig("sqlServerEndpoint")}
+      , database name is ${databaseName}`);
         return config;
     }
-    /**
-     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with AAD access token.
-     *
-     * @returns Tedious connection configuration with access token.
-     * @internal
-     */
-    async generateTokenConfig(sqlConfig, databaseName) {
-        internalLogger.verbose("Generate tedious config with MSI token");
-        if (databaseName === "") {
-            internalLogger.warn(`SQL database name is empty string`);
-        }
-        let token;
-        try {
-            const credential = new ManagedIdentityCredential(sqlConfig.sqlIdentityId);
-            token = await credential.getToken(this.defaultSQLScope);
-        }
-        catch (error) {
-            const errMsg = "Get user MSI token failed";
-            internalLogger.error(errMsg);
-            throw new ErrorWithCode(errMsg, ErrorCode.InternalError);
-        }
-        if (token) {
-            const config = {
-                server: sqlConfig.sqlServerEndpoint,
-                authentication: {
-                    type: TediousAuthenticationType.MSI,
-                    options: {
-                        token: token.token,
-                    },
-                },
-                options: {
-                    database: databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName,
-                    encrypt: true,
-                },
-            };
-            internalLogger.verbose(`Generate token configuration success, server endpoint is ${sqlConfig.sqlServerEndpoint}, database name is ${databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName}`);
-            return config;
-        }
-        internalLogger.error(`Generate token configuration, server endpoint is ${sqlConfig.sqlServerEndpoint}, MSI token is not valid`);
-        throw new ErrorWithCode("MSI token is not valid", ErrorCode.InternalError);
-    }
+    internalLogger.error(`Generate token configuration
+    , server endpoint is ${teamsfx.getConfig("sqlServerEndpoint")}
+    , MSI token is not valid`);
+    throw new ErrorWithCode("MSI token is not valid", ErrorCode.InternalError);
 }
 /**
  * tedious connection config authentication type.
@@ -1177,6 +1026,25 @@ var TediousAuthenticationType;
     TediousAuthenticationType["MSI"] = "azure-active-directory-access-token";
 })(TediousAuthenticationType || (TediousAuthenticationType = {}));
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Identity type to use in authentication.
+ *
+ * @beta
+ */
+var IdentityType;
+(function (IdentityType) {
+    /**
+     * Represents the current user of Teams.
+     */
+    IdentityType["User"] = "User";
+    /**
+     * Represents the application itself.
+     */
+    IdentityType["App"] = "Application";
+})(IdentityType || (IdentityType = {}));
 // Copyright (c) Microsoft Corporation.
 const invokeResponseType = "invokeResponse";
 /**
@@ -1216,7 +1084,6 @@ class TokenExchangeInvokeResponse {
  * const dialogState = convoState.createProperty('dialogState');
  * const dialogs = new DialogSet(dialogState);
  *
- * loadConfiguration();
  * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
  *    scopes: ["User.Read"],
  * }));
@@ -1245,6 +1112,7 @@ class TeamsBotSsoPrompt extends Dialog {
     /**
      * Constructor of TeamsBotSsoPrompt.
      *
+     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
      * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
      * @param settings Settings used to configure the prompt.
      *
@@ -1253,10 +1121,12 @@ class TeamsBotSsoPrompt extends Dialog {
      *
      * @beta
      */
-    constructor(dialogId, settings) {
+    constructor(teamsfx, dialogId, settings) {
         super(dialogId);
+        this.teamsfx = teamsfx;
         this.settings = settings;
         validateScopesType(settings.scopes);
+        this.loadAndValidateConfig();
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1357,6 +1227,31 @@ class TeamsBotSsoPrompt extends Dialog {
             return Dialog.EndOfTurn;
         }
     }
+    loadAndValidateConfig() {
+        if (this.teamsfx.getIdentityType() !== IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.IdentityTypeNotSupported);
+        }
+        const missingConfigurations = [];
+        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+            missingConfigurations.push("initiateLoginEndpoint");
+        }
+        if (!this.teamsfx.hasConfig("clientId")) {
+            missingConfigurations.push("clientId");
+        }
+        if (!this.teamsfx.hasConfig("tenantId")) {
+            missingConfigurations.push("tenantId");
+        }
+        if (!this.teamsfx.hasConfig("applicationIdUri")) {
+            missingConfigurations.push("applicationIdUri");
+        }
+        if (missingConfigurations.length != 0) {
+            const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
+        }
+    }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
      * @param dc dialog context
@@ -1396,31 +1291,12 @@ class TeamsBotSsoPrompt extends Dialog {
      * @internal
      */
     getSignInResource(loginHint) {
-        var _a, _b, _c, _d, _e;
         internalLogger.verbose("Get sign in authentication configuration");
-        const missingConfigurations = [];
-        if (!((_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.initiateLoginEndpoint)) {
-            missingConfigurations.push("initiateLoginEndpoint");
-        }
-        if (!((_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.clientId)) {
-            missingConfigurations.push("clientId");
-        }
-        if (!((_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.tenantId)) {
-            missingConfigurations.push("tenantId");
-        }
-        if (!((_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.applicationIdUri)) {
-            missingConfigurations.push("applicationIdUri");
-        }
-        if (missingConfigurations.length != 0) {
-            const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
-            internalLogger.error(errorMsg);
-            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
-        }
-        const signInLink = `${config.authentication.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${config.authentication.clientId}&tenantId=${config.authentication.tenantId}&loginHint=${loginHint}`;
+        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: v4(),
-            uri: ((_e = config.authentication) === null || _e === void 0 ? void 0 : _e.applicationIdUri.replace(/\/$/, "")) + "/access_as_user",
+            uri: this.teamsfx.getConfig("applicationIdUri").replace(/\/$/, "") + "/access_as_user",
         };
         internalLogger.verbose("Token exchange resource uri: " + tokenExchangeResource.uri);
         return {
@@ -1444,7 +1320,8 @@ class TeamsBotSsoPrompt extends Dialog {
             }
             else {
                 const ssoToken = context.activity.value.token;
-                const credential = new OnBehalfOfUserCredential(ssoToken);
+                this.teamsfx.setSsoToken(ssoToken);
+                const credential = this.teamsfx.getCredential();
                 let exchangedToken;
                 try {
                     exchangedToken = await credential.getToken(this.settings.scopes);
@@ -1508,5 +1385,187 @@ class TeamsBotSsoPrompt extends Dialog {
     }
 }
-export { DefaultTediousConnectionConfiguration, ErrorCode, ErrorWithCode, LogLevel, M365TenantCredential, MsGraphAuthProvider, OnBehalfOfUserCredential, ResourceType, TeamsBotSsoPrompt, TeamsUserCredential, createMicrosoftGraphClient, getAuthenticationConfiguration, getLogLevel, getResourceConfiguration, loadConfiguration, setLogFunction, setLogLevel, setLogger };
+// Copyright (c) Microsoft Corporation.
+/**
+ * A class providing credential and configuration.
+ * @beta
+ */
+class TeamsFx {
+    /**
+     * Constructor of TeamsFx
+     *
+     * @param {IdentityType} identityType - Choose user or app identity
+     * @param customConfig - key/value pairs of customized configuration that overrides default ones.
+     *
+     * @throws {@link ErrorCode|IdentityTypeNotSupported} when setting app identity in browser.
+     *
+     * @beta
+     */
+    constructor(identityType, customConfig) {
+        this.identityType = identityType !== null && identityType !== void 0 ? identityType : IdentityType.User;
+        this.configuration = new Map();
+        this.loadFromEnv();
+        if (customConfig) {
+            for (const key of Object.keys(customConfig)) {
+                const value = customConfig[key];
+                if (value) {
+                    this.configuration.set(key, value);
+                }
+            }
+        }
+    }
+    /**
+     * Identity type set by user.
+     *
+     * @returns identity type.
+     * @beta
+     */
+    getIdentityType() {
+        return this.identityType;
+    }
+    /**
+     * Credential instance according to identity type choice.
+     *
+     * @remarks If user identity is chose, will return {@link TeamsUserCredential}
+     * in browser environment and {@link OnBehalfOfUserCredential} in NodeJS. If app
+     * identity is chose, will return {@link AppCredential}.
+     *
+     * @returns instance implements TokenCredential interface.
+     * @beta
+     */
+    getCredential() {
+        if (this.identityType === IdentityType.User) {
+            if (this.oboUserCredential) {
+                return this.oboUserCredential;
+            }
+            const errorMsg = "SSO token is required to user identity. Please use setSsoToken().";
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.InvalidParameter);
+        }
+        else {
+            if (!this.appCredential) {
+                this.appCredential = new AppCredential(Object.fromEntries(this.configuration));
+            }
+            return this.appCredential;
+        }
+    }
+    /**
+     * Get user information.
+     * @returns UserInfo object.
+     * @beta
+     */
+    async getUserInfo() {
+        if (this.identityType !== IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.identityType.toString(), "TeamsFx");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.IdentityTypeNotSupported);
+        }
+        return Promise.resolve(this.getCredential().getUserInfo());
+    }
+    /**
+     * Popup login page to get user's access token with specific scopes.
+     *
+     * @remarks
+     * Only works in Teams client APP. User will be redirected to the authorization page to login and consent.
+     *
+     * @example
+     * ```typescript
+     * await teamsfx.login(["https://graph.microsoft.com/User.Read"]); // single scope using string array
+     * await teamsfx.login("https://graph.microsoft.com/User.Read"); // single scopes using string
+     * await teamsfx.login(["https://graph.microsoft.com/User.Read", "Calendars.Read"]); // multiple scopes using string array
+     * await teamsfx.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
+     * ```
+     * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
+     * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    async login(scopes) {
+        throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "login"), ErrorCode.RuntimeNotSupported);
+    }
+    /**
+     * Set SSO token when using user identity in NodeJS.
+     * @param {string} ssoToken - used for on behalf of user flow.
+     * @returns self instance.
+     * @beta
+     */
+    setSsoToken(ssoToken) {
+        if (this.identityType !== IdentityType.User) {
+            throw new Error();
+        }
+        this.oboUserCredential = new OnBehalfOfUserCredential(ssoToken, Object.fromEntries(this.configuration));
+        return this;
+    }
+    /**
+     * Usually used by service plugins to retrieve specific config
+     * @param {string} key - configuration key.
+     * @returns value in configuration.
+     * @beta
+     */
+    getConfig(key) {
+        const value = this.configuration.get(key);
+        if (!value) {
+            const errorMsg = `Cannot find ${key} in configuration`;
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.InternalError);
+        }
+        return value;
+    }
+    /**
+     * Check the value of specific key.
+     * @param {string} key - configuration key.
+     * @returns true if corresponding value is not empty string.
+     * @beta
+     */
+    hasConfig(key) {
+        const value = this.configuration.get(key);
+        return !!value;
+    }
+    /**
+     * Get all configurations.
+     * @returns key value mappings.
+     * @beta
+     */
+    getConfigs() {
+        const config = {};
+        for (const key of this.configuration.keys()) {
+            const value = this.configuration.get(key);
+            if (value) {
+                config[key] = value;
+            }
+        }
+        return config;
+    }
+    /**
+     * Load configuration from environment variables.
+     */
+    loadFromEnv() {
+        const env = process.env;
+        this.configuration.set("authorityHost", env.M365_AUTHORITY_HOST);
+        this.configuration.set("tenantId", env.M365_TENANT_ID);
+        this.configuration.set("clientId", env.M365_CLIENT_ID);
+        this.configuration.set("clientSecret", env.M365_CLIENT_SECRET);
+        this.configuration.set("initiateLoginEndpoint", env.INITIATE_LOGIN_ENDPOINT);
+        this.configuration.set("applicationIdUri", env.M365_APPLICATION_ID_URI);
+        this.configuration.set("apiEndpoint", env.API_ENDPOINT);
+        this.configuration.set("apiName", env.API_NAME);
+        this.configuration.set("sqlServerEndpoint", env.SQL_ENDPOINT);
+        this.configuration.set("sqlUsername", env.SQL_USER_NAME);
+        this.configuration.set("sqlPassword", env.SQL_PASSWORD);
+        this.configuration.set("sqlDatabaseName", env.SQL_DATABASE_NAME);
+        this.configuration.set("sqlIdentityId", env.IDENTITY_ID);
+        Object.keys(env).forEach((key) => {
+            const value = env[key];
+            if (key.startsWith("TEAMSFX_") && value) {
+                this.configuration.set(key.substring(8), value);
+            }
+        });
+    }
+}
+export { AppCredential, ErrorCode, ErrorWithCode, IdentityType, LogLevel, MsGraphAuthProvider, OnBehalfOfUserCredential, TeamsBotSsoPrompt, TeamsFx, TeamsUserCredential, createMicrosoftGraphClient, getLogLevel, getTediousConnectionConfig, setLogFunction, setLogLevel, setLogger };
 //# sourceMappingURL=index.esm2017.mjs.map