@microsoft/teamsfx 1.1.2-alpha.fe09f4739.0 → 1.2.0-rc.0

package/dist/index.node.cjs.js

@@ -69,6 +69,30 @@ exports.ErrorCode = void 0;
      * Channel is not supported error.
      */
     ErrorCode["ChannelNotSupported"] = "ChannelNotSupported";
+    /**
+     * Failed to retrieve sso token
+     */
+    ErrorCode["FailedToRetrieveSsoToken"] = "FailedToRetrieveSsoToken";
+    /**
+     * Failed to process sso handler
+     */
+    ErrorCode["FailedToProcessSsoHandler"] = "FailedToProcessSsoHandler";
+    /**
+     * Cannot find command
+     */
+    ErrorCode["CannotFindCommand"] = "CannotFindCommand";
+    /**
+     * Failed to run sso step
+     */
+    ErrorCode["FailedToRunSsoStep"] = "FailedToRunSsoStep";
+    /**
+     * Failed to run dedup step
+     */
+    ErrorCode["FailedToRunDedupStep"] = "FailedToRunDedupStep";
+    /**
+     * Sso activity handler is undefined
+     */
+    ErrorCode["SsoActivityHandlerIsUndefined"] = "SsoActivityHandlerIsUndefined";
     /**
      * Runtime is not supported error.
      */
@@ -124,6 +148,15 @@ ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
 ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
 // ChannelNotSupported Error
 ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+ErrorMessage.FailedToProcessSsoHandler = "Failed to process sso handler: {0}";
+// FailedToRetrieveSsoToken Error
+ErrorMessage.FailedToRetrieveSsoToken = "Failed to retrieve sso token, user failed to finish the AAD consent flow.";
+// CannotFindCommand Error
+ErrorMessage.CannotFindCommand = "Cannot find command: {0}";
+ErrorMessage.FailedToRunSsoStep = "Failed to run dialog to retrieve sso token: {0}";
+ErrorMessage.FailedToRunDedupStep = "Failed to run dialog to remove duplicated messages: {0}";
+// SsoActivityHandlerIsUndefined Error
+ErrorMessage.SsoActivityHandlerIsNull = "Sso command can only be used or added when sso activity handler is not undefined";
 // IdentityTypeNotSupported Error
 ErrorMessage.IdentityTypeNotSupported = "{0} identity is not supported in {1}";
 // AuthorizationInfoError
@@ -134,6 +167,7 @@ ErrorMessage.EmptyParameter = "Parameter {0} is empty";
 ErrorMessage.DuplicateHttpsOptionProperty = "Axios HTTPS agent already defined value for property {0}";
 ErrorMessage.DuplicateApiKeyInHeader = "The request already defined api key in request header with name {0}.";
 ErrorMessage.DuplicateApiKeyInQueryParam = "The request already defined api key in query parameter with name {0}.";
+ErrorMessage.OnlySupportInQueryActivity = "The handleMessageExtensionQueryWithToken only support in handleTeamsMessagingExtensionQuery with composeExtension/query type.";
 /**
  * Error class with code and message thrown by the SDK.
  */
@@ -728,10 +762,13 @@ class TeamsUserCredential {
     }
     /**
      * Popup login page to get user's access token with specific scopes.
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
      */
-    login(scopes) {
+    login(scopes, resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
         });
@@ -748,10 +785,13 @@ class TeamsUserCredential {
     }
     /**
      * Get basic user info from SSO token
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
      */
-    getUserInfo() {
+    getUserInfo(resources) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
     }
 }
@@ -1767,9 +1807,10 @@ class TeamsFx {
     }
     /**
      * Get user information.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      * @returns UserInfo object.
      */
-    getUserInfo() {
+    getUserInfo(resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             if (this.identityType !== exports.IdentityType.User) {
                 const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.identityType.toString(), "TeamsFx");
@@ -1793,13 +1834,14 @@ class TeamsFx {
      * await teamsfx.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
      * ```
      * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      *
      * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
      * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
      */
-    login(scopes) {
+    login(scopes, resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "login"), exports.ErrorCode.RuntimeNotSupported);
         });
@@ -2184,43 +2226,86 @@ class CardActionBot {
  * @internal
  */
 class CommandResponseMiddleware {
-    constructor(handlers) {
+    constructor(handlers, ssoHandlers, activityHandler) {
         this.commandHandlers = [];
-        if (handlers && handlers.length > 0) {
-            this.commandHandlers.push(...handlers);
+        this.ssoCommandHandlers = [];
+        handlers = handlers !== null && handlers !== void 0 ? handlers : [];
+        ssoHandlers = ssoHandlers !== null && ssoHandlers !== void 0 ? ssoHandlers : [];
+        this.hasSsoCommand = ssoHandlers.length > 0;
+        this.ssoActivityHandler = activityHandler;
+        if (this.hasSsoCommand && !this.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, exports.ErrorCode.SsoActivityHandlerIsUndefined);
+        }
+        this.commandHandlers.push(...handlers);
+        for (const ssoHandler of ssoHandlers) {
+            this.addSsoCommand(ssoHandler);
         }
     }
+    addSsoCommand(ssoHandler) {
+        var _a;
+        (_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.addCommand((context, tokenResponse, message) => tslib.__awaiter(this, void 0, void 0, function* () {
+            const matchResult = this.shouldTrigger(ssoHandler.triggerPatterns, message.text);
+            message.matches = Array.isArray(matchResult) ? matchResult : void 0;
+            const response = yield ssoHandler.handleCommandReceived(context, message, tokenResponse);
+            yield this.processResponse(context, response);
+        }), ssoHandler.triggerPatterns);
+        this.ssoCommandHandlers.push(ssoHandler);
+        this.hasSsoCommand = true;
+    }
     onTurn(context, next) {
+        var _a, _b;
         return tslib.__awaiter(this, void 0, void 0, function* () {
             if (context.activity.type === botbuilder.ActivityTypes.Message) {
                 // Invoke corresponding command handler for the command response
                 const commandText = this.getActivityText(context.activity);
-                const message = {
-                    text: commandText,
-                };
+                let alreadyProcessed = false;
                 for (const handler of this.commandHandlers) {
                     const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
                     // It is important to note that the command bot will stop processing handlers
                     // when the first command handler is matched.
                     if (!!matchResult) {
+                        const message = {
+                            text: commandText,
+                        };
                         message.matches = Array.isArray(matchResult) ? matchResult : void 0;
                         const response = yield handler.handleCommandReceived(context, message);
-                        if (typeof response === "string") {
-                            yield context.sendActivity(response);
-                        }
-                        else {
-                            const replyActivity = response;
-                            if (replyActivity) {
-                                yield context.sendActivity(replyActivity);
-                            }
-                        }
+                        yield this.processResponse(context, response);
+                        alreadyProcessed = true;
                         break;
                     }
                 }
+                if (!alreadyProcessed) {
+                    for (const handler of this.ssoCommandHandlers) {
+                        const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
+                        if (!!matchResult) {
+                            yield ((_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.run(context));
+                            break;
+                        }
+                    }
+                }
+            }
+            else {
+                if (this.hasSsoCommand) {
+                    yield ((_b = this.ssoActivityHandler) === null || _b === void 0 ? void 0 : _b.run(context));
+                }
             }
             yield next();
         });
     }
+    processResponse(context, response) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (typeof response === "string") {
+                yield context.sendActivity(response);
+            }
+            else {
+                const replyActivity = response;
+                if (replyActivity) {
+                    yield context.sendActivity(replyActivity);
+                }
+            }
+        });
+    }
     matchPattern(pattern, text) {
         if (text) {
             if (typeof pattern === "string") {
@@ -2270,14 +2355,15 @@ class CommandBot {
      * @param adapter The bound `BotFrameworkAdapter`.
      * @param options - initialize options
      */
-    constructor(adapter, options) {
-        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands);
+    constructor(adapter, options, ssoCommandActivityHandler, ssoConfig) {
+        this.ssoConfig = ssoConfig;
+        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands, options === null || options === void 0 ? void 0 : options.ssoCommands, ssoCommandActivityHandler);
         this.adapter = adapter.use(this.middleware);
     }
     /**
      * Registers a command into the command bot.
      *
-     * @param command The command to registered.
+     * @param command The command to register.
      */
     registerCommand(command) {
         if (command) {
@@ -2287,13 +2373,41 @@ class CommandBot {
     /**
      * Registers commands into the command bot.
      *
-     * @param commands The command to registered.
+     * @param commands The commands to register.
      */
     registerCommands(commands) {
         if (commands) {
             this.middleware.commandHandlers.push(...commands);
         }
     }
+    /**
+     * Registers a sso command into the command bot.
+     *
+     * @param command The command to register.
+     */
+    registerSsoCommand(ssoCommand) {
+        this.validateSsoActivityHandler();
+        this.middleware.addSsoCommand(ssoCommand);
+    }
+    /**
+     * Registers commands into the command bot.
+     *
+     * @param commands The commands to register.
+     */
+    registerSsoCommands(ssoCommands) {
+        if (ssoCommands.length > 0) {
+            this.validateSsoActivityHandler();
+            for (const ssoCommand of ssoCommands) {
+                this.middleware.addSsoCommand(ssoCommand);
+            }
+        }
+    }
+    validateSsoActivityHandler() {
+        if (!this.middleware.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, exports.ErrorCode.SsoActivityHandlerIsUndefined);
+        }
+    }
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -2801,6 +2915,10 @@ class TeamsBotInstallation {
      */
     channels() {
         return tslib.__awaiter(this, void 0, void 0, function* () {
+            const channels = [];
+            if (this.type !== exports.NotificationTargetType.Channel) {
+                return channels;
+            }
             let teamsChannels = [];
             yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
                 const teamId = getTeamsBotInstallationId(context);
@@ -2808,7 +2926,6 @@ class TeamsBotInstallation {
                     teamsChannels = yield botbuilder.TeamsInfo.getTeamChannels(context, teamId);
                 }
             }));
-            const channels = [];
             for (const channel of teamsChannels) {
                 channels.push(new Channel(this, channel));
             }
@@ -2836,6 +2953,26 @@ class TeamsBotInstallation {
             return members;
         });
     }
+    /**
+     * Get team details from this bot installation
+     *
+     * @returns the team details if bot is installed into a team, otherwise returns undefined.
+     */
+    getTeamDetails() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (this.type !== exports.NotificationTargetType.Channel) {
+                return undefined;
+            }
+            let teamDetails;
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const teamId = getTeamsBotInstallationId(context);
+                if (teamId !== undefined) {
+                    teamDetails = yield botbuilder.TeamsInfo.getTeamDetails(context, teamId);
+                }
+            }));
+            return teamDetails;
+        });
+    }
 }
 /**
  * Provide utilities to send notification to varies targets (e.g., member, group, channel).
@@ -2897,6 +3034,488 @@ class NotificationBot {
             return targets;
         });
     }
+    /**
+     * Returns the first {@link Member} where predicate is true, and undefined otherwise.
+     *
+     * @param predicate find calls predicate once for each member of the installation,
+     * until it finds one where predicate returns true. If such a member is found, find
+     * immediately returns that member. Otherwise, find returns undefined.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns the first {@link Member} where predicate is true, and undefined otherwise.
+     */
+    findMember(predicate, scope) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            for (const target of yield this.installations()) {
+                if (this.matchSearchScope(target, scope)) {
+                    for (const member of yield target.members()) {
+                        if (yield predicate(member)) {
+                            return member;
+                        }
+                    }
+                }
+            }
+            return;
+        });
+    }
+    /**
+     * Returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     *
+     * @param predicate find calls predicate once for each channel of the installation,
+     * until it finds one where predicate returns true. If such a channel is found, find
+     * immediately returns that channel. Otherwise, find returns undefined.
+     * @returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     */
+    findChannel(predicate) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            for (const target of yield this.installations()) {
+                if (target.type === exports.NotificationTargetType.Channel) {
+                    const teamDetails = yield target.getTeamDetails();
+                    for (const channel of yield target.channels()) {
+                        if (yield predicate(channel, teamDetails)) {
+                            return channel;
+                        }
+                    }
+                }
+            }
+            return;
+        });
+    }
+    /**
+     * Returns all {@link Member} where predicate is true, and empty array otherwise.
+     *
+     * @param predicate find calls predicate for each member of the installation.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns an array of {@link Member} where predicate is true, and empty array otherwise.
+     */
+    findAllMembers(predicate, scope) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const members = [];
+            for (const target of yield this.installations()) {
+                if (this.matchSearchScope(target, scope)) {
+                    for (const member of yield target.members()) {
+                        if (yield predicate(member)) {
+                            members.push(member);
+                        }
+                    }
+                }
+            }
+            return members;
+        });
+    }
+    /**
+     * Returns all {@link Channel} where predicate is true, and empty array otherwise.
+     *
+     * @param predicate find calls predicate for each channel of the installation.
+     * @returns an array of {@link Channel} where predicate is true, and empty array otherwise.
+     */
+    findAllChannels(predicate) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const channels = [];
+            for (const target of yield this.installations()) {
+                if (target.type === exports.NotificationTargetType.Channel) {
+                    const teamDetails = yield target.getTeamDetails();
+                    for (const channel of yield target.channels()) {
+                        if (yield predicate(channel, teamDetails)) {
+                            channels.push(channel);
+                        }
+                    }
+                }
+            }
+            return channels;
+        });
+    }
+    matchSearchScope(target, scope) {
+        scope = scope !== null && scope !== void 0 ? scope : exports.SearchScope.All;
+        return ((target.type === exports.NotificationTargetType.Channel && (scope & exports.SearchScope.Channel) !== 0) ||
+            (target.type === exports.NotificationTargetType.Group && (scope & exports.SearchScope.Group) !== 0) ||
+            (target.type === exports.NotificationTargetType.Person && (scope & exports.SearchScope.Person) !== 0));
+    }
+}
+/**
+ * The search scope when calling {@link NotificationBot.findMember} and {@link NotificationBot.findAllMembers}.
+ * The search scope is a flagged enum and it can be combined with `|`.
+ * For example, to search from personal chat and group chat, use `SearchScope.Person | SearchScope.Group`.
+ */
+exports.SearchScope = void 0;
+(function (SearchScope) {
+    /**
+     * Search members from the installations in personal chat only.
+     */
+    SearchScope[SearchScope["Person"] = 1] = "Person";
+    /**
+     * Search members from the installations in group chat only.
+     */
+    SearchScope[SearchScope["Group"] = 2] = "Group";
+    /**
+     * Search members from the installations in Teams channel only.
+     */
+    SearchScope[SearchScope["Channel"] = 4] = "Channel";
+    /**
+     * Search members from all installations including personal chat, group chat and Teams channel.
+     */
+    SearchScope[SearchScope["All"] = 7] = "All";
+})(exports.SearchScope || (exports.SearchScope = {}));
+
+// Copyright (c) Microsoft Corporation.
+let DIALOG_NAME = "BotSsoExecutionDialog";
+let TEAMS_SSO_PROMPT_ID = "TeamsFxSsoPrompt";
+let COMMAND_ROUTE_DIALOG = "CommandRouteDialog";
+/**
+ * Sso execution dialog, use to handle sso command
+ */
+class BotSsoExecutionDialog extends botbuilderDialogs.ComponentDialog {
+    /**
+     * Creates a new instance of the BotSsoExecutionDialog.
+     * @param dedupStorage Helper storage to remove duplicated messages
+     * @param settings The list of scopes for which the token will have access
+     * @param teamsfx {@link TeamsFx} instance for authentication
+     */
+    constructor(dedupStorage, ssoPromptSettings, teamsfx, dialogName) {
+        super(dialogName !== null && dialogName !== void 0 ? dialogName : DIALOG_NAME);
+        this.dedupStorageKeys = [];
+        // Map to store the commandId and triggerPatterns, key: commandId, value: triggerPatterns
+        this.commandMapping = new Map();
+        if (dialogName) {
+            DIALOG_NAME = dialogName;
+            TEAMS_SSO_PROMPT_ID = dialogName + TEAMS_SSO_PROMPT_ID;
+            COMMAND_ROUTE_DIALOG = dialogName + COMMAND_ROUTE_DIALOG;
+        }
+        this.initialDialogId = COMMAND_ROUTE_DIALOG;
+        this.dedupStorage = dedupStorage;
+        this.dedupStorageKeys = [];
+        const ssoDialog = new TeamsBotSsoPrompt(teamsfx, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        this.addDialog(ssoDialog);
+        const commandRouteDialog = new botbuilderDialogs.WaterfallDialog(COMMAND_ROUTE_DIALOG, [
+            this.commandRouteStep.bind(this),
+        ]);
+        this.addDialog(commandRouteDialog);
+    }
+    /**
+     * Add TeamsFxBotSsoCommandHandler instance
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
+     */
+    addCommand(handler, triggerPatterns) {
+        const commandId = this.getCommandHash(triggerPatterns);
+        const dialog = new botbuilderDialogs.WaterfallDialog(commandId, [
+            this.ssoStep.bind(this),
+            this.dedupStep.bind(this),
+            (stepContext) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const tokenResponse = stepContext.result.tokenResponse;
+                const context = stepContext.context;
+                const message = stepContext.result.message;
+                try {
+                    if (tokenResponse) {
+                        yield handler(context, tokenResponse, message);
+                    }
+                    else {
+                        throw new Error(ErrorMessage.FailedToRetrieveSsoToken);
+                    }
+                    return yield stepContext.endDialog();
+                }
+                catch (error) {
+                    const errorMsg = formatString(ErrorMessage.FailedToProcessSsoHandler, error.message);
+                    internalLogger.error(errorMsg);
+                    return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToProcessSsoHandler));
+                }
+            }),
+        ]);
+        this.commandMapping.set(commandId, triggerPatterns);
+        this.addDialog(dialog);
+    }
+    getCommandHash(patterns) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        const patternStr = expressions.join();
+        const patternStrWithoutSpecialChar = patternStr.replace(/[^a-zA-Z0-9]/g, "");
+        const hash = crypto.createHash("sha256").update(patternStr).digest("hex").toLowerCase();
+        return patternStrWithoutSpecialChar + hash;
+    }
+    /**
+     * The run method handles the incoming activity (in the form of a DialogContext) and passes it through the dialog system.
+     *
+     * @param context The context object for the current turn.
+     * @param accessor The instance of StatePropertyAccessor for dialog system.
+     */
+    run(context, accessor) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const dialogSet = new botbuilderDialogs.DialogSet(accessor);
+            dialogSet.add(this);
+            const dialogContext = yield dialogSet.createContext(context);
+            this.ensureMsTeamsChannel(dialogContext);
+            const results = yield dialogContext.continueDialog();
+            if (results && results.status === botbuilderDialogs.DialogTurnStatus.empty) {
+                yield dialogContext.beginDialog(this.id);
+            }
+            else if (results &&
+                results.status === botbuilderDialogs.DialogTurnStatus.complete &&
+                results.result instanceof Error) {
+                throw results.result;
+            }
+        });
+    }
+    getActivityText(activity) {
+        let text = activity.text;
+        const removedMentionText = botbuilder.TurnContext.removeRecipientMention(activity);
+        if (removedMentionText) {
+            text = removedMentionText
+                .toLowerCase()
+                .replace(/\n|\r\n/g, "")
+                .trim();
+        }
+        return text;
+    }
+    commandRouteStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const turnContext = stepContext.context;
+            const text = this.getActivityText(turnContext.activity);
+            const commandId = this.getMatchesCommandId(text);
+            if (commandId) {
+                return yield stepContext.beginDialog(commandId);
+            }
+            const errorMsg = formatString(ErrorMessage.CannotFindCommand, turnContext.activity.text);
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.CannotFindCommand);
+        });
+    }
+    ssoStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            try {
+                const turnContext = stepContext.context;
+                const text = this.getActivityText(turnContext.activity);
+                const message = {
+                    text,
+                };
+                stepContext.options.commandMessage = message;
+                return yield stepContext.beginDialog(TEAMS_SSO_PROMPT_ID);
+            }
+            catch (error) {
+                const errorMsg = formatString(ErrorMessage.FailedToRunSsoStep, error.message);
+                internalLogger.error(errorMsg);
+                return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToRunSsoStep));
+            }
+        });
+    }
+    dedupStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const tokenResponse = stepContext.result;
+            if (!tokenResponse) {
+                internalLogger.error(ErrorMessage.FailedToRetrieveSsoToken);
+                return yield stepContext.endDialog(new ErrorWithCode(ErrorMessage.FailedToRetrieveSsoToken, exports.ErrorCode.FailedToRunSsoStep));
+            }
+            try {
+                // Only dedup after ssoStep to make sure that all Teams client would receive the login request
+                if (tokenResponse && (yield this.shouldDedup(stepContext.context))) {
+                    return botbuilderDialogs.Dialog.EndOfTurn;
+                }
+                return yield stepContext.next({
+                    tokenResponse,
+                    message: stepContext.options.commandMessage,
+                });
+            }
+            catch (error) {
+                const errorMsg = formatString(ErrorMessage.FailedToRunDedupStep, error.message);
+                internalLogger.error(errorMsg);
+                return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToRunDedupStep));
+            }
+        });
+    }
+    /**
+     * Called when the component is ending.
+     *
+     * @param context Context for the current turn of conversation.
+     */
+    onEndDialog(context) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const conversationId = context.activity.conversation.id;
+            const currentDedupKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) > 0);
+            yield this.dedupStorage.delete(currentDedupKeys);
+            this.dedupStorageKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) < 0);
+        });
+    }
+    /**
+     * If a user is signed into multiple Teams clients, the Bot might receive a "signin/tokenExchange" from each client.
+     * Each token exchange request for a specific user login will have an identical activity.value.Id.
+     * Only one of these token exchange requests should be processed by the bot. For a distributed bot in production,
+     * this requires a distributed storage to ensure only one token exchange is processed.
+     * @param context Context for the current turn of conversation.
+     * @returns boolean value indicate whether the message should be removed
+     */
+    shouldDedup(context) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const storeItem = {
+                eTag: context.activity.value.id,
+            };
+            const key = this.getStorageKey(context);
+            const storeItems = { [key]: storeItem };
+            try {
+                yield this.dedupStorage.write(storeItems);
+                this.dedupStorageKeys.push(key);
+            }
+            catch (err) {
+                if (err instanceof Error && err.message.indexOf("eTag conflict")) {
+                    return true;
+                }
+                throw err;
+            }
+            return false;
+        });
+    }
+    getStorageKey(context) {
+        if (!context || !context.activity || !context.activity.conversation) {
+            throw new Error("Invalid context, can not get storage key!");
+        }
+        const activity = context.activity;
+        const channelId = activity.channelId;
+        const conversationId = activity.conversation.id;
+        if (activity.type !== botbuilder.ActivityTypes.Invoke || activity.name !== botbuilder.tokenExchangeOperationName) {
+            throw new Error("TokenExchangeState can only be used with Invokes of signin/tokenExchange.");
+        }
+        const value = activity.value;
+        if (!value || !value.id) {
+            throw new Error("Invalid signin/tokenExchange. Missing activity.value.id.");
+        }
+        return `${channelId}/${conversationId}/${value.id}`;
+    }
+    matchPattern(pattern, text) {
+        if (text) {
+            if (typeof pattern === "string") {
+                const regExp = new RegExp(pattern, "i");
+                return regExp.test(text);
+            }
+            if (pattern instanceof RegExp) {
+                const matches = text.match(pattern);
+                return matches !== null && matches !== void 0 ? matches : false;
+            }
+        }
+        return false;
+    }
+    isPatternMatched(patterns, text) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        for (const ex of expressions) {
+            const matches = this.matchPattern(ex, text);
+            return !!matches;
+        }
+        return false;
+    }
+    getMatchesCommandId(text) {
+        for (const command of this.commandMapping) {
+            const pattern = command[1];
+            if (this.isPatternMatched(pattern, text)) {
+                return command[0];
+            }
+        }
+        return undefined;
+    }
+    /**
+     * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
+     * @param dc dialog context
+     * @throws {@link ErrorCode|ChannelNotSupported} if bot channel is not MS Teams
+     * @internal
+     */
+    ensureMsTeamsChannel(dc) {
+        if (dc.context.activity.channelId != botbuilder.Channels.Msteams) {
+            const errorMsg = formatString(ErrorMessage.OnlyMSTeamsChannelSupported, "SSO execution dialog");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.ChannelNotSupported);
+        }
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * Default SSO execution activity handler
+ */
+class DefaultBotSsoExecutionActivityHandler extends botbuilder.TeamsActivityHandler {
+    /**
+     * Creates a new instance of the DefaultBotSsoExecutionActivityHandler.
+     * @param ssoConfig configuration for SSO command bot
+     *
+     * @remarks
+     * In the constructor, it uses BotSsoConfig parameter which from {@link ConversationBot} options to initialize {@link BotSsoExecutionDialog}.
+     * It also need to register an event handler for the message event which trigger {@link BotSsoExecutionDialog} instance.
+     */
+    constructor(ssoConfig) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+        super();
+        const memoryStorage = new botbuilder.MemoryStorage();
+        const userState = (_b = (_a = ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.userState) !== null && _b !== void 0 ? _b : new botbuilder.UserState(memoryStorage);
+        const conversationState = (_d = (_c = ssoConfig.dialog) === null || _c === void 0 ? void 0 : _c.conversationState) !== null && _d !== void 0 ? _d : new botbuilder.ConversationState(memoryStorage);
+        const dedupStorage = (_f = (_e = ssoConfig.dialog) === null || _e === void 0 ? void 0 : _e.dedupStorage) !== null && _f !== void 0 ? _f : memoryStorage;
+        const _l = ssoConfig.aad, { scopes } = _l, customConfig = tslib.__rest(_l, ["scopes"]);
+        const settings = {
+            scopes: scopes,
+            timeout: (_h = (_g = ssoConfig.dialog) === null || _g === void 0 ? void 0 : _g.ssoPromptConfig) === null || _h === void 0 ? void 0 : _h.timeout,
+            endOnInvalidMessage: (_k = (_j = ssoConfig.dialog) === null || _j === void 0 ? void 0 : _j.ssoPromptConfig) === null || _k === void 0 ? void 0 : _k.endOnInvalidMessage,
+        };
+        const teamsfx = new TeamsFx(exports.IdentityType.User, Object.assign({}, customConfig));
+        this.ssoExecutionDialog = new BotSsoExecutionDialog(dedupStorage, settings, teamsfx);
+        this.conversationState = conversationState;
+        this.dialogState = conversationState.createProperty("DialogState");
+        this.userState = userState;
+        this.onMessage((context, next) => tslib.__awaiter(this, void 0, void 0, function* () {
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
+            yield next();
+        }));
+    }
+    /**
+     * Add TeamsFxBotSsoCommandHandler instance to SSO execution dialog
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
+     *
+     * @remarks
+     * This function is used to add SSO command to {@link BotSsoExecutionDialog} instance.
+     */
+    addCommand(handler, triggerPatterns) {
+        this.ssoExecutionDialog.addCommand(handler, triggerPatterns);
+    }
+    /**
+     * Called to initiate the event emission process.
+     * @param context The context object for the current turn.
+     */
+    run(context) {
+        const _super = Object.create(null, {
+            run: { get: () => super.run }
+        });
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            try {
+                yield _super.run.call(this, context);
+            }
+            finally {
+                yield this.conversationState.saveChanges(context, false);
+                yield this.userState.saveChanges(context, false);
+            }
+        });
+    }
+    /**
+     * Receives invoke activities with Activity name of 'signin/verifyState'.
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query.
+     * @returns A promise that represents the work queued.
+     *
+     * @remarks
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
+     */
+    handleTeamsSigninVerifyState(context, query) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
+        });
+    }
+    /**
+     * Receives invoke activities with Activity name of 'signin/tokenExchange'
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query
+     * @returns A promise that represents the work queued.
+     *
+     * @remark
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
+     */
+    handleTeamsSigninTokenExchange(context, query) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
+        });
+    }
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -2961,20 +3580,30 @@ class ConversationBot {
      * @param options - initialize options
      */
     constructor(options) {
-        var _a, _b, _c;
+        var _a, _b, _c, _d;
         if (options.adapter) {
             this.adapter = options.adapter;
         }
         else {
             this.adapter = this.createDefaultAdapter(options.adapterConfig);
         }
-        if ((_a = options.command) === null || _a === void 0 ? void 0 : _a.enabled) {
-            this.command = new CommandBot(this.adapter, options.command);
+        let ssoCommandActivityHandler;
+        if (options === null || options === void 0 ? void 0 : options.ssoConfig) {
+            if ((_a = options.ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.CustomBotSsoExecutionActivityHandler) {
+                ssoCommandActivityHandler =
+                    new options.ssoConfig.dialog.CustomBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
+            else {
+                ssoCommandActivityHandler = new DefaultBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
         }
-        if ((_b = options.notification) === null || _b === void 0 ? void 0 : _b.enabled) {
+        if ((_b = options.command) === null || _b === void 0 ? void 0 : _b.enabled) {
+            this.command = new CommandBot(this.adapter, options.command, ssoCommandActivityHandler, options.ssoConfig);
+        }
+        if ((_c = options.notification) === null || _c === void 0 ? void 0 : _c.enabled) {
             this.notification = new NotificationBot(this.adapter, options.notification);
         }
-        if ((_c = options.cardAction) === null || _c === void 0 ? void 0 : _c.enabled) {
+        if ((_d = options.cardAction) === null || _d === void 0 ? void 0 : _d.enabled) {
             this.cardAction = new CardActionBot(this.adapter, options.cardAction);
         }
     }
@@ -3165,10 +3794,115 @@ class MessageBuilder {
     }
 }
 
+// Copyright (c) Microsoft Corporation.
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtension(teamsfx, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${teamsfx.getConfig("clientId")}&tenantId=${teamsfx.getConfig("tenantId")}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function executionWithToken(context, config, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        const valueObj = context.activity.value;
+        if (!valueObj.authentication || !valueObj.authentication.token) {
+            internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+            return getSignInResponseForMessageExtension(new TeamsFx(exports.IdentityType.User, config), scopes);
+        }
+        try {
+            const teamsfx = new TeamsFx(exports.IdentityType.User, config).setSsoToken(valueObj.authentication.token);
+            const token = yield teamsfx.getCredential().getToken(scopes);
+            const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+            const tokenRes = {
+                ssoToken: valueObj.authentication.token,
+                ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+                token: token.token,
+                expiration: token.expiresOnTimestamp.toString(),
+                connectionName: "",
+            };
+            if (logic) {
+                return yield logic(tokenRes);
+            }
+        }
+        catch (err) {
+            if (err instanceof ErrorWithCode && err.code === exports.ErrorCode.UiRequiredError) {
+                internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+                const response = { status: 412 };
+                yield context.sendActivity({ value: response, type: botbuilder.ActivityTypes.InvokeResponse });
+                return;
+            }
+            throw err;
+        }
+    });
+}
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function handleMessageExtensionQueryWithToken(context, config, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        if (context.activity.name != "composeExtension/query") {
+            internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+            throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), exports.ErrorCode.FailedOperation);
+        }
+        return yield executionWithToken(context, config !== null && config !== void 0 ? config : {}, scopes, logic);
+    });
+}
+
 exports.ApiKeyProvider = ApiKeyProvider;
 exports.AppCredential = AppCredential;
 exports.BasicAuthProvider = BasicAuthProvider;
 exports.BearerTokenAuthProvider = BearerTokenAuthProvider;
+exports.BotSsoExecutionDialog = BotSsoExecutionDialog;
 exports.CardActionBot = CardActionBot;
 exports.CertificateAuthProvider = CertificateAuthProvider;
 exports.Channel = Channel;
@@ -3191,6 +3925,7 @@ exports.createPemCertOption = createPemCertOption;
 exports.createPfxCertOption = createPfxCertOption;
 exports.getLogLevel = getLogLevel;
 exports.getTediousConnectionConfig = getTediousConnectionConfig;
+exports.handleMessageExtensionQueryWithToken = handleMessageExtensionQueryWithToken;
 exports.sendAdaptiveCard = sendAdaptiveCard;
 exports.sendMessage = sendMessage;
 exports.setLogFunction = setLogFunction;