@microsoft/teamsfx 0.5.2-alpha.313131ea.0 → 0.5.2-alpha.e7b82d5e0.0

package/dist/index.node.cjs.js

@@ -2,8 +2,8 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var jwt_decode = require('jwt-decode');
 var tslib = require('tslib');
+var jwt_decode = require('jwt-decode');
 var msalNode = require('@azure/msal-node');
 var crypto = require('crypto');
 var microsoftGraphClient = require('@microsoft/microsoft-graph-client');
@@ -72,6 +72,10 @@ exports.ErrorCode = void 0;
      * Invalid response error.
      */
     ErrorCode["InvalidResponse"] = "InvalidResponse";
+    /**
+     * Identity type error.
+     */
+    ErrorCode["IdentityTypeNotSupported"] = "IdentityTypeNotSupported";
 })(exports.ErrorCode || (exports.ErrorCode = {}));
 /**
  * @internal
@@ -91,6 +95,8 @@ ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
 ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
 // ChannelNotSupported Error
 ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+// IdentityTypeNotSupported Error
+ErrorMessage.IdentityTypeNotSupported = "{0} identity is not supported in {1}";
 /**
  * Error class with code and message thrown by the SDK.
  *
@@ -117,26 +123,6 @@ class ErrorWithCode extends Error {
     }
 }
 
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT license.
-/**
- * Available resource type.
- * @beta
- */
-exports.ResourceType = void 0;
-(function (ResourceType) {
-    /**
-     * SQL database.
-     *
-     */
-    ResourceType[ResourceType["SQL"] = 0] = "SQL";
-    /**
-     * Rest API.
-     *
-     */
-    ResourceType[ResourceType["API"] = 1] = "API";
-})(exports.ResourceType || (exports.ResourceType = {}));
-
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
@@ -379,131 +365,6 @@ function getScopesArray(scopes) {
 function getAuthority(authorityHost, tenantId) {
     const normalizedAuthorityHost = authorityHost.replace(/\/+$/g, "");
     return normalizedAuthorityHost + "/" + tenantId;
-}
-/**
- * @internal
- */
-const isNode = typeof process !== "undefined" &&
-    !!process.version &&
-    !!process.versions &&
-    !!process.versions.node;
-
-// Copyright (c) Microsoft Corporation.
-/**
- * Global configuration instance
- *
- */
-let config;
-/**
- * Initialize configuration from environment variables or configuration object and set the global instance
- *
- * @param {Configuration} configuration - Optional configuration that overrides the default configuration values. The override depth is 1.
- *
- * @throws {@link ErrorCode|InvalidParameter} when configuration is not passed in browser environment
- *
- * @beta
- */
-function loadConfiguration(configuration) {
-    internalLogger.info("load configuration");
-    // browser environment
-    if (!isNode) {
-        if (!configuration) {
-            const errorMsg = "You are running the code in browser. Configuration must be passed in.";
-            internalLogger.error(errorMsg);
-            throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidParameter);
-        }
-        config = configuration;
-        return;
-    }
-    // node environment
-    let newAuthentication;
-    let newResources = [];
-    const defaultResourceName = "default";
-    if (configuration === null || configuration === void 0 ? void 0 : configuration.authentication) {
-        newAuthentication = configuration.authentication;
-    }
-    else {
-        newAuthentication = {
-            authorityHost: process.env.M365_AUTHORITY_HOST,
-            tenantId: process.env.M365_TENANT_ID,
-            clientId: process.env.M365_CLIENT_ID,
-            clientSecret: process.env.M365_CLIENT_SECRET,
-            simpleAuthEndpoint: process.env.SIMPLE_AUTH_ENDPOINT,
-            initiateLoginEndpoint: process.env.INITIATE_LOGIN_ENDPOINT,
-            applicationIdUri: process.env.M365_APPLICATION_ID_URI,
-        };
-    }
-    if (configuration === null || configuration === void 0 ? void 0 : configuration.resources) {
-        newResources = configuration.resources;
-    }
-    else {
-        newResources = [
-            {
-                // SQL resource
-                type: exports.ResourceType.SQL,
-                name: defaultResourceName,
-                properties: {
-                    sqlServerEndpoint: process.env.SQL_ENDPOINT,
-                    sqlUsername: process.env.SQL_USER_NAME,
-                    sqlPassword: process.env.SQL_PASSWORD,
-                    sqlDatabaseName: process.env.SQL_DATABASE_NAME,
-                    sqlIdentityId: process.env.IDENTITY_ID,
-                },
-            },
-            {
-                // API resource
-                type: exports.ResourceType.API,
-                name: defaultResourceName,
-                properties: {
-                    endpoint: process.env.API_ENDPOINT,
-                },
-            },
-        ];
-    }
-    config = {
-        authentication: newAuthentication,
-        resources: newResources,
-    };
-}
-/**
- * Get configuration for a specific resource.
- * @param {ResourceType} resourceType - The type of resource
- * @param {string} resourceName - The name of resource, default value is "default".
- *
- * @returns Resource configuration for target resource from global configuration instance.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when resource configuration with the specific type and name is not found
- *
- * @beta
- */
-function getResourceConfiguration(resourceType, resourceName = "default") {
-    var _a;
-    internalLogger.info(`Get resource configuration of ${exports.ResourceType[resourceType]} from ${resourceName}`);
-    const result = (_a = config.resources) === null || _a === void 0 ? void 0 : _a.find((item) => item.type === resourceType && item.name === resourceName);
-    if (result) {
-        return result.properties;
-    }
-    const errorMsg = formatString(ErrorMessage.MissingResourceConfiguration, exports.ResourceType[resourceType], resourceName);
-    internalLogger.error(errorMsg);
-    throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
-}
-/**
- * Get configuration for authentication.
- *
- * @returns Authentication configuration from global configuration instance, the value may be undefined if no authentication config exists in current environment.
- *
- * @throws {@link ErrorCode|InvalidConfiguration} when global configuration does not exist
- *
- * @beta
- */
-function getAuthenticationConfiguration() {
-    internalLogger.info("Get authentication configuration");
-    if (config) {
-        return config.authentication;
-    }
-    const errorMsg = "Please call loadConfiguration() first before calling getAuthenticationConfiguration().";
-    internalLogger.error(errorMsg);
-    throw new ErrorWithCode(formatString(ErrorMessage.ConfigurationNotExists, errorMsg), exports.ErrorCode.InvalidConfiguration);
 }
 
 /**
@@ -557,7 +418,7 @@ function parseCertificate(certificateContent) {
  * @example
  * ```typescript
  * loadConfiguration(); // load configuration from environment variables
- * const credential = new M365TenantCredential();
+ * const credential = new AppCredential();
  * ```
  *
  * @remarks
@@ -565,21 +426,23 @@ function parseCertificate(certificateContent) {
  *
  * @beta
  */
-class M365TenantCredential {
+class AppCredential {
     /**
-     * Constructor of M365TenantCredential.
+     * Constructor of AppCredential.
      *
      * @remarks
      * Only works in in server side.
      *
+     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
+     *
      * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
      *
      * @beta
      */
-    constructor() {
+    constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
-        const config = this.loadAndValidateConfig();
+        const config = this.loadAndValidateConfig(authConfig);
         this.msalClient = createConfidentialClientApplication(config);
     }
     /**
@@ -641,15 +504,13 @@ class M365TenantCredential {
     }
     /**
      * Load and validate authentication configuration
+     *
+     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
+     *
      * @returns Authentication configuration
      */
-    loadAndValidateConfig() {
+    loadAndValidateConfig(config) {
         internalLogger.verbose("Validate authentication configuration");
-        const config = getAuthenticationConfiguration();
-        if (!config) {
-            internalLogger.error(ErrorMessage.AuthenticationConfigurationNotExists);
-            throw new ErrorWithCode(ErrorMessage.AuthenticationConfigurationNotExists, exports.ErrorCode.InvalidConfiguration);
-        }
         if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {
             return config;
         }
@@ -675,7 +536,6 @@ class M365TenantCredential {
  *
  * @example
  * ```typescript
- * loadConfiguration(); // load configuration from environment variables
  * const credential = new OnBehalfOfUserCredential(ssoToken);
  * ```
  *
@@ -692,6 +552,7 @@ class OnBehalfOfUserCredential {
      * Only works in in server side.
      *
      * @param {string} ssoToken - User token provided by Teams SSO feature.
+     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
      *
      * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
      * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
@@ -699,20 +560,19 @@ class OnBehalfOfUserCredential {
      *
      * @beta
      */
-    constructor(ssoToken) {
-        var _a, _b, _c, _d, _e;
+    constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
-        if (!((_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.clientId)) {
+        if (!config.clientId) {
             missingConfigurations.push("clientId");
         }
-        if (!((_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.authorityHost)) {
+        if (!config.authorityHost) {
             missingConfigurations.push("authorityHost");
         }
-        if (!((_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.clientSecret) && !((_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.certificateContent)) {
+        if (!config.clientSecret && !config.certificateContent) {
             missingConfigurations.push("clientSecret or certificateContent");
         }
-        if (!((_e = config === null || config === void 0 ? void 0 : config.authentication) === null || _e === void 0 ? void 0 : _e.tenantId)) {
+        if (!config.tenantId) {
             missingConfigurations.push("tenantId");
         }
         if (missingConfigurations.length != 0) {
@@ -720,7 +580,7 @@ class OnBehalfOfUserCredential {
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
         }
-        this.msalClient = createConfidentialClientApplication(config.authentication);
+        this.msalClient = createConfidentialClientApplication(config);
         const decodedSsoToken = parseJwt(ssoToken);
         this.ssoToken = {
             token: ssoToken,
@@ -856,7 +716,7 @@ class TeamsUserCredential {
      * Can only be used within Teams.
      * @beta
      */
-    constructor() {
+    constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
     }
     /**
@@ -903,7 +763,7 @@ class MsGraphAuthProvider {
     /**
      * Constructor of MsGraphAuthProvider.
      *
-     * @param {TokenCredential} credential - Credential used to invoke Microsoft Graph APIs.
+     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
      * @param {string | string[]} scopes - The list of scopes for which the token will have access.
      *
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
@@ -912,8 +772,8 @@ class MsGraphAuthProvider {
      *
      * @beta
      */
-    constructor(credential, scopes) {
-        this.credential = credential;
+    constructor(teamsfx, scopes) {
+        this.teamsfx = teamsfx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -940,7 +800,7 @@ class MsGraphAuthProvider {
     getAccessToken() {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-            const accessToken = yield this.credential.getToken(this.scopes);
+            const accessToken = yield this.teamsfx.getCredential().getToken(this.scopes);
             return new Promise((resolve, reject) => {
                 if (accessToken) {
                     resolve(accessToken.token);
@@ -998,7 +858,7 @@ class MsGraphAuthProvider {
  * }
  * ```
  *
- * @param {TokenCredential} credential - token credential instance.
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
  * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
  *
  * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
@@ -1007,9 +867,9 @@ class MsGraphAuthProvider {
  *
  * @beta
  */
-function createMicrosoftGraphClient(credential, scopes) {
+function createMicrosoftGraphClient(teamsfx, scopes) {
     internalLogger.info("Create Microsoft Graph Client");
-    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const authProvider = new MsGraphAuthProvider(teamsfx, scopes);
     const graphClient = microsoftGraphClient.Client.initWithMiddleware({
         authProvider,
     });
@@ -1018,176 +878,165 @@ function createMicrosoftGraphClient(credential, scopes) {
 
 // Copyright (c) Microsoft Corporation.
 /**
- * SQL connection configuration instance.
- * @remarks
- * Only works in in server side.
+ * MSSQL default scope
+ * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
+ */
+const defaultSQLScope = "https://database.windows.net/";
+/**
+ * Generate connection configuration consumed by tedious.
  *
- * @beta
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
+ *
+ * @returns Connection configuration of tedious for the SQL.
  *
+ * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
+ * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
+ *
+ * @beta
  */
-class DefaultTediousConnectionConfiguration {
-    constructor() {
-        /**
-         * MSSQL default scope
-         * https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi
-         */
-        this.defaultSQLScope = "https://database.windows.net/";
-    }
-    /**
-     * Generate connection configuration consumed by tedious.
-     *
-     * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
-     *
-     * @returns Connection configuration of tedious for the SQL.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
-     * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    getConfig(databaseName) {
-        return tslib.__awaiter(this, void 0, void 0, function* () {
-            internalLogger.info("Get SQL configuration");
-            const configuration = getResourceConfiguration(exports.ResourceType.SQL);
-            if (!configuration) {
-                const errMsg = "SQL resource configuration not exist";
-                internalLogger.error(errMsg);
-                throw new ErrorWithCode(errMsg, exports.ErrorCode.InvalidConfiguration);
-            }
-            try {
-                this.isSQLConfigurationValid(configuration);
-            }
-            catch (err) {
-                throw err;
-            }
-            if (!this.isMsiAuthentication()) {
-                const configWithUPS = this.generateDefaultConfig(configuration, databaseName);
-                internalLogger.verbose("SQL configuration with username and password generated");
-                return configWithUPS;
-            }
-            try {
-                const configWithToken = yield this.generateTokenConfig(configuration, databaseName);
-                internalLogger.verbose("SQL configuration with MSI token generated");
-                return configWithToken;
-            }
-            catch (error) {
-                throw error;
-            }
-        });
-    }
-    /**
-     * Check SQL use MSI identity or username and password.
-     *
-     * @returns false - login with SQL MSI identity, true - login with username and password.
-     * @internal
-     */
-    isMsiAuthentication() {
-        internalLogger.verbose("Check connection config using MSI access token or username and password");
-        const configuration = getResourceConfiguration(exports.ResourceType.SQL);
-        if ((configuration === null || configuration === void 0 ? void 0 : configuration.sqlUsername) != null && (configuration === null || configuration === void 0 ? void 0 : configuration.sqlPassword) != null) {
-            internalLogger.verbose("Login with username and password");
-            return false;
+function getTediousConnectionConfig(teamsfx, databaseName) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        internalLogger.info("Get SQL configuration");
+        try {
+            isSQLConfigurationValid(teamsfx);
         }
-        internalLogger.verbose("Login with MSI identity");
-        return true;
-    }
-    /**
-     * check configuration is an available configurations.
-     * @param { SqlConfiguration } sqlConfig
-     *
-     * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
-     *          false - configuration is not valid.
-     * @internal
-     */
-    isSQLConfigurationValid(sqlConfig) {
-        internalLogger.verbose("Check SQL configuration if valid");
-        if (!sqlConfig.sqlServerEndpoint) {
-            internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
-            throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", exports.ErrorCode.InvalidConfiguration);
+        catch (err) {
+            throw err;
         }
-        if (!(sqlConfig.sqlUsername && sqlConfig.sqlPassword) && !sqlConfig.sqlIdentityId) {
-            const errMsg = `SQL configuration is not valid without ${sqlConfig.sqlIdentityId ? "" : "identity id "} ${sqlConfig.sqlUsername ? "" : "SQL username "} ${sqlConfig.sqlPassword ? "" : "SQL password"} exist`;
-            internalLogger.error(errMsg);
-            throw new ErrorWithCode(errMsg, exports.ErrorCode.InvalidConfiguration);
-        }
-        internalLogger.verbose("SQL configuration is valid");
-    }
-    /**
-     * Generate tedious connection configuration with default authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with username and password.
-     *
-     * @returns Tedious connection configuration with username and password.
-     * @internal
-     */
-    generateDefaultConfig(sqlConfig, databaseName) {
         if (databaseName === "") {
             internalLogger.warn(`SQL database name is empty string`);
         }
-        const dbName = databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName;
-        internalLogger.verbose(`SQL server ${sqlConfig.sqlServerEndpoint}, user name ${sqlConfig.sqlUsername}, database name ${dbName}`);
-        const config = {
-            server: sqlConfig.sqlServerEndpoint,
-            authentication: {
-                type: TediousAuthenticationType.default,
-                options: {
-                    userName: sqlConfig.sqlUsername,
-                    password: sqlConfig.sqlPassword,
-                },
-            },
+        const dbName = databaseName !== null && databaseName !== void 0 ? databaseName : (teamsfx.hasConfig("sqlDatabaseName") ? teamsfx.getConfig("sqlDatabaseName") : undefined);
+        if (!isMsiAuthentication(teamsfx)) {
+            const configWithUPS = generateDefaultConfig(teamsfx, dbName);
+            internalLogger.verbose("SQL configuration with username and password generated");
+            return configWithUPS;
+        }
+        try {
+            const configWithToken = yield generateTokenConfig(teamsfx, dbName);
+            internalLogger.verbose("SQL configuration with MSI token generated");
+            return configWithToken;
+        }
+        catch (error) {
+            throw error;
+        }
+    });
+}
+/**
+ * check configuration is an available configurations.
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ *
+ * @returns true - SQL configuration has a valid SQL endpoints, SQL username with password or identity ID.
+ *          false - configuration is not valid.
+ * @internal
+ */
+function isSQLConfigurationValid(teamsfx) {
+    internalLogger.verbose("Check SQL configuration if valid");
+    if (!teamsfx.hasConfig("sqlServerEndpoint")) {
+        internalLogger.error("SQL configuration is not valid without SQL server endpoint exist");
+        throw new ErrorWithCode("SQL configuration error without SQL server endpoint exist", exports.ErrorCode.InvalidConfiguration);
+    }
+    if (!(teamsfx.hasConfig("sqlUsername") && teamsfx.hasConfig("sqlPassword")) &&
+        !teamsfx.hasConfig("sqlIdentityId")) {
+        const errMsg = `SQL configuration is not valid without ${teamsfx.hasConfig("sqlIdentityId") ? "" : "identity id "} ${teamsfx.hasConfig("sqlUsername") ? "" : "SQL username "} ${teamsfx.hasConfig("sqlPassword") ? "" : "SQL password"} exist`;
+        internalLogger.error(errMsg);
+        throw new ErrorWithCode(errMsg, exports.ErrorCode.InvalidConfiguration);
+    }
+    internalLogger.verbose("SQL configuration is valid");
+}
+/**
+ * Check SQL use MSI identity or username and password.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ *
+ * @returns false - login with SQL MSI identity, true - login with username and password.
+ * @internal
+ */
+function isMsiAuthentication(teamsfx) {
+    internalLogger.verbose("Check connection config using MSI access token or username and password");
+    if (teamsfx.hasConfig("sqlUsername") && teamsfx.hasConfig("sqlPassword")) {
+        internalLogger.verbose("Login with username and password");
+        return false;
+    }
+    internalLogger.verbose("Login with MSI identity");
+    return true;
+}
+/**
+ * Generate tedious connection configuration with default authentication type.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
+ *
+ * @returns Tedious connection configuration with username and password.
+ * @internal
+ */
+function generateDefaultConfig(teamsfx, databaseName) {
+    internalLogger.verbose(`SQL server ${teamsfx.getConfig("sqlServerEndpoint")}
+    , user name ${teamsfx.getConfig("sqlUsername")}
+    , database name ${databaseName}`);
+    const config = {
+        server: teamsfx.getConfig("sqlServerEndpoint"),
+        authentication: {
+            type: TediousAuthenticationType.default,
             options: {
-                database: dbName,
-                encrypt: true,
+                userName: teamsfx.getConfig("sqlUsername"),
+                password: teamsfx.getConfig("sqlPassword"),
             },
-        };
-        return config;
-    }
-    /**
-     * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
-     *
-     * @param { SqlConfiguration } SQL configuration with AAD access token.
-     *
-     * @returns Tedious connection configuration with access token.
-     * @internal
-     */
-    generateTokenConfig(sqlConfig, databaseName) {
-        return tslib.__awaiter(this, void 0, void 0, function* () {
-            internalLogger.verbose("Generate tedious config with MSI token");
-            if (databaseName === "") {
-                internalLogger.warn(`SQL database name is empty string`);
-            }
-            let token;
-            try {
-                const credential = new identity.ManagedIdentityCredential(sqlConfig.sqlIdentityId);
-                token = yield credential.getToken(this.defaultSQLScope);
-            }
-            catch (error) {
-                const errMsg = "Get user MSI token failed";
-                internalLogger.error(errMsg);
-                throw new ErrorWithCode(errMsg, exports.ErrorCode.InternalError);
-            }
-            if (token) {
-                const config = {
-                    server: sqlConfig.sqlServerEndpoint,
-                    authentication: {
-                        type: TediousAuthenticationType.MSI,
-                        options: {
-                            token: token.token,
-                        },
-                    },
+        },
+        options: {
+            database: databaseName,
+            encrypt: true,
+        },
+    };
+    return config;
+}
+/**
+ * Generate tedious connection configuration with azure-active-directory-access-token authentication type.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth
+ *
+ * @returns Tedious connection configuration with access token.
+ * @internal
+ */
+function generateTokenConfig(teamsfx, databaseName) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        internalLogger.verbose("Generate tedious config with MSI token");
+        let token;
+        try {
+            const credential = new identity.ManagedIdentityCredential(teamsfx.getConfig("sqlIdentityId"));
+            token = yield credential.getToken(defaultSQLScope);
+        }
+        catch (error) {
+            const errMsg = "Get user MSI token failed";
+            internalLogger.error(errMsg);
+            throw new ErrorWithCode(errMsg, exports.ErrorCode.InternalError);
+        }
+        if (token) {
+            const config = {
+                server: teamsfx.getConfig("sqlServerEndpoint"),
+                authentication: {
+                    type: TediousAuthenticationType.MSI,
                     options: {
-                        database: databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName,
-                        encrypt: true,
+                        token: token.token,
                     },
-                };
-                internalLogger.verbose(`Generate token configuration success, server endpoint is ${sqlConfig.sqlServerEndpoint}, database name is ${databaseName !== null && databaseName !== void 0 ? databaseName : sqlConfig.sqlDatabaseName}`);
-                return config;
-            }
-            internalLogger.error(`Generate token configuration, server endpoint is ${sqlConfig.sqlServerEndpoint}, MSI token is not valid`);
-            throw new ErrorWithCode("MSI token is not valid", exports.ErrorCode.InternalError);
-        });
-    }
+                },
+                options: {
+                    database: databaseName,
+                    encrypt: true,
+                },
+            };
+            internalLogger.verbose(`Generate token configuration success
+      , server endpoint is ${teamsfx.getConfig("sqlServerEndpoint")}
+      , database name is ${databaseName}`);
+            return config;
+        }
+        internalLogger.error(`Generate token configuration
+    , server endpoint is ${teamsfx.getConfig("sqlServerEndpoint")}
+    , MSI token is not valid`);
+        throw new ErrorWithCode("MSI token is not valid", exports.ErrorCode.InternalError);
+    });
 }
 /**
  * tedious connection config authentication type.
@@ -1200,6 +1049,25 @@ var TediousAuthenticationType;
     TediousAuthenticationType["MSI"] = "azure-active-directory-access-token";
 })(TediousAuthenticationType || (TediousAuthenticationType = {}));
 
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+/**
+ * Identity type to use in authentication.
+ *
+ * @beta
+ */
+exports.IdentityType = void 0;
+(function (IdentityType) {
+    /**
+     * Represents the current user of Teams.
+     */
+    IdentityType["User"] = "User";
+    /**
+     * Represents the application itself.
+     */
+    IdentityType["App"] = "Application";
+})(exports.IdentityType || (exports.IdentityType = {}));
+
 // Copyright (c) Microsoft Corporation.
 const invokeResponseType = "invokeResponse";
 /**
@@ -1239,7 +1107,6 @@ class TokenExchangeInvokeResponse {
  * const dialogState = convoState.createProperty('dialogState');
  * const dialogs = new DialogSet(dialogState);
  *
- * loadConfiguration();
  * dialogs.add(new TeamsBotSsoPrompt('TeamsBotSsoPrompt', {
  *    scopes: ["User.Read"],
  * }));
@@ -1268,6 +1135,7 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
     /**
      * Constructor of TeamsBotSsoPrompt.
      *
+     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
      * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
      * @param settings Settings used to configure the prompt.
      *
@@ -1276,10 +1144,12 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      *
      * @beta
      */
-    constructor(dialogId, settings) {
+    constructor(teamsfx, dialogId, settings) {
         super(dialogId);
+        this.teamsfx = teamsfx;
         this.settings = settings;
         validateScopesType(settings.scopes);
+        this.loadAndValidateConfig();
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1384,6 +1254,31 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
             }
         });
     }
+    loadAndValidateConfig() {
+        if (this.teamsfx.getIdentityType() !== exports.IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.IdentityTypeNotSupported);
+        }
+        const missingConfigurations = [];
+        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+            missingConfigurations.push("initiateLoginEndpoint");
+        }
+        if (!this.teamsfx.hasConfig("clientId")) {
+            missingConfigurations.push("clientId");
+        }
+        if (!this.teamsfx.hasConfig("tenantId")) {
+            missingConfigurations.push("tenantId");
+        }
+        if (!this.teamsfx.hasConfig("applicationIdUri")) {
+            missingConfigurations.push("applicationIdUri");
+        }
+        if (missingConfigurations.length != 0) {
+            const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
+        }
+    }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
      * @param dc dialog context
@@ -1425,31 +1320,12 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      * @internal
      */
     getSignInResource(loginHint) {
-        var _a, _b, _c, _d, _e;
         internalLogger.verbose("Get sign in authentication configuration");
-        const missingConfigurations = [];
-        if (!((_a = config === null || config === void 0 ? void 0 : config.authentication) === null || _a === void 0 ? void 0 : _a.initiateLoginEndpoint)) {
-            missingConfigurations.push("initiateLoginEndpoint");
-        }
-        if (!((_b = config === null || config === void 0 ? void 0 : config.authentication) === null || _b === void 0 ? void 0 : _b.clientId)) {
-            missingConfigurations.push("clientId");
-        }
-        if (!((_c = config === null || config === void 0 ? void 0 : config.authentication) === null || _c === void 0 ? void 0 : _c.tenantId)) {
-            missingConfigurations.push("tenantId");
-        }
-        if (!((_d = config === null || config === void 0 ? void 0 : config.authentication) === null || _d === void 0 ? void 0 : _d.applicationIdUri)) {
-            missingConfigurations.push("applicationIdUri");
-        }
-        if (missingConfigurations.length != 0) {
-            const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
-            internalLogger.error(errorMsg);
-            throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
-        }
-        const signInLink = `${config.authentication.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${config.authentication.clientId}&tenantId=${config.authentication.tenantId}&loginHint=${loginHint}`;
+        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: uuid.v4(),
-            uri: ((_e = config.authentication) === null || _e === void 0 ? void 0 : _e.applicationIdUri.replace(/\/$/, "")) + "/access_as_user",
+            uri: this.teamsfx.getConfig("applicationIdUri").replace(/\/$/, "") + "/access_as_user",
         };
         internalLogger.verbose("Token exchange resource uri: " + tokenExchangeResource.uri);
         return {
@@ -1474,7 +1350,8 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
                 }
                 else {
                     const ssoToken = context.activity.value.token;
-                    const credential = new OnBehalfOfUserCredential(ssoToken);
+                    this.teamsfx.setSsoToken(ssoToken);
+                    const credential = this.teamsfx.getCredential();
                     let exchangedToken;
                     try {
                         exchangedToken = yield credential.getToken(this.settings.scopes);
@@ -1539,18 +1416,202 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
     }
 }
 
-exports.DefaultTediousConnectionConfiguration = DefaultTediousConnectionConfiguration;
+// Copyright (c) Microsoft Corporation.
+/**
+ * A class providing credential and configuration.
+ * @beta
+ */
+class TeamsFx {
+    /**
+     * Constructor of TeamsFx
+     *
+     * @param {IdentityType} identityType - Choose user or app identity
+     * @param customConfig - key/value pairs of customized configuration that overrides default ones.
+     *
+     * @throws {@link ErrorCode|IdentityTypeNotSupported} when setting app identity in browser.
+     *
+     * @beta
+     */
+    constructor(identityType, customConfig) {
+        this.identityType = identityType !== null && identityType !== void 0 ? identityType : exports.IdentityType.User;
+        this.configuration = new Map();
+        this.loadFromEnv();
+        if (customConfig) {
+            for (const key of Object.keys(customConfig)) {
+                const value = customConfig[key];
+                if (value) {
+                    this.configuration.set(key, value);
+                }
+            }
+        }
+    }
+    /**
+     * Identity type set by user.
+     *
+     * @returns identity type.
+     * @beta
+     */
+    getIdentityType() {
+        return this.identityType;
+    }
+    /**
+     * Credential instance according to identity type choice.
+     *
+     * @remarks If user identity is chose, will return {@link TeamsUserCredential}
+     * in browser environment and {@link OnBehalfOfUserCredential} in NodeJS. If app
+     * identity is chose, will return {@link AppCredential}.
+     *
+     * @returns instance implements TokenCredential interface.
+     * @beta
+     */
+    getCredential() {
+        if (this.identityType === exports.IdentityType.User) {
+            if (this.oboUserCredential) {
+                return this.oboUserCredential;
+            }
+            const errorMsg = "SSO token is required to user identity. Please use setSsoToken().";
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidParameter);
+        }
+        else {
+            if (!this.appCredential) {
+                this.appCredential = new AppCredential(Object.fromEntries(this.configuration));
+            }
+            return this.appCredential;
+        }
+    }
+    /**
+     * Get user information.
+     * @returns UserInfo object.
+     * @beta
+     */
+    getUserInfo() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (this.identityType !== exports.IdentityType.User) {
+                const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.identityType.toString(), "TeamsFx");
+                internalLogger.error(errorMsg);
+                throw new ErrorWithCode(errorMsg, exports.ErrorCode.IdentityTypeNotSupported);
+            }
+            return Promise.resolve(this.getCredential().getUserInfo());
+        });
+    }
+    /**
+     * Popup login page to get user's access token with specific scopes.
+     *
+     * @remarks
+     * Only works in Teams client APP. User will be redirected to the authorization page to login and consent.
+     *
+     * @example
+     * ```typescript
+     * await teamsfx.login(["https://graph.microsoft.com/User.Read"]); // single scope using string array
+     * await teamsfx.login("https://graph.microsoft.com/User.Read"); // single scopes using string
+     * await teamsfx.login(["https://graph.microsoft.com/User.Read", "Calendars.Read"]); // multiple scopes using string array
+     * await teamsfx.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
+     * ```
+     * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     *
+     * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
+     * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
+     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+     *
+     * @beta
+     */
+    login(scopes) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "login"), exports.ErrorCode.RuntimeNotSupported);
+        });
+    }
+    /**
+     * Set SSO token when using user identity in NodeJS.
+     * @param {string} ssoToken - used for on behalf of user flow.
+     * @returns self instance.
+     * @beta
+     */
+    setSsoToken(ssoToken) {
+        if (this.identityType !== exports.IdentityType.User) {
+            throw new Error();
+        }
+        this.oboUserCredential = new OnBehalfOfUserCredential(ssoToken, Object.fromEntries(this.configuration));
+        return this;
+    }
+    /**
+     * Usually used by service plugins to retrieve specific config
+     * @param {string} key - configuration key.
+     * @returns value in configuration.
+     * @beta
+     */
+    getConfig(key) {
+        const value = this.configuration.get(key);
+        if (!value) {
+            const errorMsg = `Cannot find ${key} in configuration`;
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.InternalError);
+        }
+        return value;
+    }
+    /**
+     * Check the value of specific key.
+     * @param {string} key - configuration key.
+     * @returns true if corresponding value is not empty string.
+     * @beta
+     */
+    hasConfig(key) {
+        const value = this.configuration.get(key);
+        return !!value;
+    }
+    /**
+     * Get all configurations.
+     * @returns key value mappings.
+     * @beta
+     */
+    getConfigs() {
+        const config = {};
+        for (const key of this.configuration.keys()) {
+            const value = this.configuration.get(key);
+            if (value) {
+                config[key] = value;
+            }
+        }
+        return config;
+    }
+    /**
+     * Load configuration from environment variables.
+     */
+    loadFromEnv() {
+        const env = process.env;
+        this.configuration.set("authorityHost", env.M365_AUTHORITY_HOST);
+        this.configuration.set("tenantId", env.M365_TENANT_ID);
+        this.configuration.set("clientId", env.M365_CLIENT_ID);
+        this.configuration.set("clientSecret", env.M365_CLIENT_SECRET);
+        this.configuration.set("initiateLoginEndpoint", env.INITIATE_LOGIN_ENDPOINT);
+        this.configuration.set("applicationIdUri", env.M365_APPLICATION_ID_URI);
+        this.configuration.set("apiEndpoint", env.API_ENDPOINT);
+        this.configuration.set("apiName", env.API_NAME);
+        this.configuration.set("sqlServerEndpoint", env.SQL_ENDPOINT);
+        this.configuration.set("sqlUsername", env.SQL_USER_NAME);
+        this.configuration.set("sqlPassword", env.SQL_PASSWORD);
+        this.configuration.set("sqlDatabaseName", env.SQL_DATABASE_NAME);
+        this.configuration.set("sqlIdentityId", env.IDENTITY_ID);
+        Object.keys(env).forEach((key) => {
+            const value = env[key];
+            if (key.startsWith("TEAMSFX_") && value) {
+                this.configuration.set(key.substring(8), value);
+            }
+        });
+    }
+}
+
+exports.AppCredential = AppCredential;
 exports.ErrorWithCode = ErrorWithCode;
-exports.M365TenantCredential = M365TenantCredential;
 exports.MsGraphAuthProvider = MsGraphAuthProvider;
 exports.OnBehalfOfUserCredential = OnBehalfOfUserCredential;
 exports.TeamsBotSsoPrompt = TeamsBotSsoPrompt;
+exports.TeamsFx = TeamsFx;
 exports.TeamsUserCredential = TeamsUserCredential;
 exports.createMicrosoftGraphClient = createMicrosoftGraphClient;
-exports.getAuthenticationConfiguration = getAuthenticationConfiguration;
 exports.getLogLevel = getLogLevel;
-exports.getResourceConfiguration = getResourceConfiguration;
-exports.loadConfiguration = loadConfiguration;
+exports.getTediousConnectionConfig = getTediousConnectionConfig;
 exports.setLogFunction = setLogFunction;
 exports.setLogLevel = setLogLevel;
 exports.setLogger = setLogger;