@microsoft/teamsfx 2.0.0-alpha.c10b77e4b.0 → 2.0.0-alpha.ee8f842c6.0

package/dist/index.esm2017.mjs

@@ -454,17 +454,6 @@ function parseCertificate(certificateContent) {
  * Only works in in server side.
  */
 class AppCredential {
-    /**
-     * Constructor of AppCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     */
     constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
         const config = this.loadAndValidateConfig(authConfig);
@@ -570,19 +559,6 @@ class AppCredential {
  * Can only be used in server side.
  */
 class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     */
     constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
@@ -725,11 +701,6 @@ class OnBehalfOfUserCredential {
  * Can only be used within Teams.
  */
 class TeamsUserCredential {
-    /**
-     * Constructor of TeamsUserCredential.
-     * @remarks
-     * Can only be used within Teams.
-     */
     constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
@@ -771,18 +742,8 @@ const defaultScope = "https://graph.microsoft.com/.default";
  * Microsoft Graph auth provider for Teams Framework
  */
 class MsGraphAuthProvider {
-    /**
-     * Constructor of MsGraphAuthProvider.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns An instance of MsGraphAuthProvider.
-     */
-    constructor(teamsfx, scopes) {
-        this.teamsfx = teamsfx;
+    constructor(credentialOrTeamsFx, scopes) {
+        this.credentialOrTeamsFx = credentialOrTeamsFx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -808,7 +769,15 @@ class MsGraphAuthProvider {
      */
     async getAccessToken() {
         internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-        const accessToken = await this.teamsfx.getCredential().getToken(this.scopes);
+        let accessToken;
+        if (this.credentialOrTeamsFx.getCredential) {
+            accessToken = await this.credentialOrTeamsFx
+                .getCredential()
+                .getToken(this.scopes);
+        }
+        else {
+            accessToken = await this.credentialOrTeamsFx.getToken(this.scopes);
+        }
         return new Promise((resolve, reject) => {
             if (accessToken) {
                 resolve(accessToken.token);
@@ -825,7 +794,6 @@ class MsGraphAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Get Microsoft graph client.
- *
  * @example
  * Get Microsoft graph client by TokenCredential
  * ```typescript
@@ -879,6 +847,66 @@ function createMicrosoftGraphClient(teamsfx, scopes) {
         authProvider,
     });
     return graphClient;
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Get Microsoft graph client.
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // In browser: TeamsUserCredential
+ * const authConfig: TeamsUserCredentialAuthConfig = {
+ *   clientId: "xxx",
+    initiateLoginEndpoint: "https://xxx/auth-start.html",
+ * };
+
+ * const credential = new TeamsUserCredential(authConfig);
+
+ * const scope = "User.Read";
+ * await credential.login(scope);
+
+ * const client = createMicrosoftGraphClientWithCredential(credential, scope);
+
+ * // In node: OnBehalfOfUserCredential
+ * const oboAuthConfig: OnBehalfOfCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+
+ * const oboCredential = new OnBehalfOfUserCredential(ssoToken, oboAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(oboCredential, scope);
+
+ * // In node: AppCredential
+ * const appAuthConfig: AppCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+ * const appCredential = new AppCredential(appAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(appCredential, scope);
+ *
+ * const profile = await client.api("/me").get();
+ * ```
+ *
+ * @param {TokenCredential} credential - Used to provide configuration and auth.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ */
+function createMicrosoftGraphClientWithCredential(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const graphClient = Client.initWithMiddleware({
+        authProvider,
+    });
+    return graphClient;
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -1127,22 +1155,20 @@ class TokenExchangeInvokeResponse {
  * ```
  */
 class TeamsBotSsoPrompt extends Dialog {
-    /**
-     * Constructor of TeamsBotSsoPrompt.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
-     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
-     * @param settings Settings used to configure the prompt.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     */
-    constructor(teamsfx, dialogId, settings) {
-        super(dialogId);
-        this.teamsfx = teamsfx;
-        this.settings = settings;
-        validateScopesType(settings.scopes);
-        this.loadAndValidateConfig();
+    constructor(authConfig, ...args) {
+        super(arguments.length === 3 ? args[0] : args[1]);
+        if (authConfig.getCredential) {
+            const teamsfx = authConfig;
+            this.authConfig = this.loadAndValidateConfig(teamsfx);
+            this.initiateLoginEndpoint = teamsfx.getConfig("initiateLoginEndpoint");
+            this.settings = args[1];
+        }
+        else {
+            this.initiateLoginEndpoint = args[0];
+            this.authConfig = authConfig;
+            this.settings = args[2];
+        }
+        validateScopesType(this.settings.scopes);
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1239,20 +1265,20 @@ class TeamsBotSsoPrompt extends Dialog {
             return Dialog.EndOfTurn;
         }
     }
-    loadAndValidateConfig() {
-        if (this.teamsfx.getIdentityType() !== IdentityType.User) {
-            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+    loadAndValidateConfig(teamsfx) {
+        if (teamsfx.getIdentityType() !== IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, ErrorCode.IdentityTypeNotSupported);
         }
         const missingConfigurations = [];
-        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+        if (!teamsfx.hasConfig("initiateLoginEndpoint")) {
             missingConfigurations.push("initiateLoginEndpoint");
         }
-        if (!this.teamsfx.hasConfig("clientId")) {
+        if (!teamsfx.hasConfig("clientId")) {
             missingConfigurations.push("clientId");
         }
-        if (!this.teamsfx.hasConfig("tenantId")) {
+        if (!teamsfx.hasConfig("tenantId")) {
             missingConfigurations.push("tenantId");
         }
         if (missingConfigurations.length != 0) {
@@ -1260,6 +1286,24 @@ class TeamsBotSsoPrompt extends Dialog {
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
         }
+        let authConfig;
+        if (teamsfx.getConfig("clientSecret")) {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                clientSecret: teamsfx.getConfig("clientSecret"),
+            };
+        }
+        else {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                certificateContent: teamsfx.getConfig("certificateContent"),
+            };
+        }
+        return authConfig;
     }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
@@ -1301,7 +1345,7 @@ class TeamsBotSsoPrompt extends Dialog {
      */
     getSignInResource(loginHint) {
         internalLogger.verbose("Get sign in authentication configuration");
-        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
+        const signInLink = `${this.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.authConfig.clientId}&tenantId=${this.authConfig.tenantId}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: v4(),
@@ -1327,8 +1371,7 @@ class TeamsBotSsoPrompt extends Dialog {
             }
             else {
                 const ssoToken = context.activity.value.token;
-                this.teamsfx.setSsoToken(ssoToken);
-                const credential = this.teamsfx.getCredential();
+                const credential = new OnBehalfOfUserCredential(ssoToken, this.authConfig);
                 let exchangedToken;
                 try {
                     exchangedToken = await credential.getToken(this.settings.scopes);
@@ -3135,27 +3178,29 @@ let COMMAND_ROUTE_DIALOG = "CommandRouteDialog";
  * Sso execution dialog, use to handle sso command
  */
 class BotSsoExecutionDialog extends ComponentDialog {
-    /**
-     * Creates a new instance of the BotSsoExecutionDialog.
-     * @param dedupStorage Helper storage to remove duplicated messages
-     * @param settings The list of scopes for which the token will have access
-     * @param teamsfx {@link TeamsFx} instance for authentication
-     */
-    constructor(dedupStorage, ssoPromptSettings, teamsfx, dialogName) {
-        super(dialogName !== null && dialogName !== void 0 ? dialogName : DIALOG_NAME);
+    constructor(dedupStorage, ssoPromptSettings, authConfig, ...args) {
+        var _a;
+        super((_a = (authConfig.getCredential ? args[0] : args[1])) !== null && _a !== void 0 ? _a : DIALOG_NAME);
         this.dedupStorageKeys = [];
         // Map to store the commandId and triggerPatterns, key: commandId, value: triggerPatterns
         this.commandMapping = new Map();
+        const dialogName = authConfig.getCredential ? args[0] : args[1];
         if (dialogName) {
             DIALOG_NAME = dialogName;
             TEAMS_SSO_PROMPT_ID = dialogName + TEAMS_SSO_PROMPT_ID;
             COMMAND_ROUTE_DIALOG = dialogName + COMMAND_ROUTE_DIALOG;
         }
+        let ssoDialog;
+        if (authConfig.getCredential) {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        else {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, args[0], TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        this.addDialog(ssoDialog);
         this.initialDialogId = COMMAND_ROUTE_DIALOG;
         this.dedupStorage = dedupStorage;
         this.dedupStorageKeys = [];
-        const ssoDialog = new TeamsBotSsoPrompt(teamsfx, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
-        this.addDialog(ssoDialog);
         const commandRouteDialog = new WaterfallDialog(COMMAND_ROUTE_DIALOG, [
             this.commandRouteStep.bind(this),
         ]);
@@ -3741,6 +3786,34 @@ class MessageBuilder {
 }
 
 // Copyright (c) Microsoft Corporation.
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${initiateLoginEndpoint}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${authConfig.clientId}&tenantId=${authConfig.tenantId}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
 /**
  * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
  * This method only work on MessageExtension with Query now.
@@ -3768,6 +3841,54 @@ function getSignInResponseForMessageExtension(teamsfx, scopes) {
         },
     };
 }
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function executionWithTokenAndConfig(context, authConfig, initiateLoginEndpoint, scopes, logic) {
+    const valueObj = context.activity.value;
+    if (!valueObj.authentication || !valueObj.authentication.token) {
+        internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+        return getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes);
+    }
+    try {
+        const credential = new OnBehalfOfUserCredential(valueObj.authentication.token, authConfig);
+        const token = await credential.getToken(scopes);
+        const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+        const tokenRes = {
+            ssoToken: valueObj.authentication.token,
+            ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+            token: token.token,
+            expiration: token.expiresOnTimestamp.toString(),
+            connectionName: "",
+        };
+        if (logic) {
+            return await logic(tokenRes);
+        }
+    }
+    catch (err) {
+        if (err instanceof ErrorWithCode && err.code === ErrorCode.UiRequiredError) {
+            internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+            const response = { status: 412 };
+            await context.sendActivity({ value: response, type: ActivityTypes.InvokeResponse });
+            return;
+        }
+        throw err;
+    }
+}
 /**
  * execution in message extension with SSO token.
  *
@@ -3815,9 +3936,11 @@ async function executionWithToken(context, config, scopes, logic) {
         throw err;
     }
 }
+// eslint-disable-next-line no-secrets/no-secrets
 /**
  * Users execute query in message extension with SSO or access token.
  *
+ *
  * @param {TurnContext} context - The context object for the current turn.
  * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
  * @param {string| string[]} scopes - The list of scopes for which the token will have access.
@@ -3838,7 +3961,32 @@ async function handleMessageExtensionQueryWithToken(context, config, scopes, log
         throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), ErrorCode.FailedOperation);
     }
     return await executionWithToken(context, config !== null && config !== void 0 ? config : {}, scopes, logic);
+}
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} config - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function handleMessageExtensionQueryWithSSO(context, config, initiateLoginEndpoint, scopes, logic) {
+    if (context.activity.name != "composeExtension/query") {
+        internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+        throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), ErrorCode.FailedOperation);
+    }
+    return await executionWithTokenAndConfig(context, config !== null && config !== void 0 ? config : {}, initiateLoginEndpoint, scopes, logic);
 }
 
-export { AdaptiveCardResponse, ApiKeyLocation, ApiKeyProvider, AppCredential, BasicAuthProvider, BearerTokenAuthProvider, BotSsoExecutionDialog, CardActionBot, CertificateAuthProvider, Channel, CommandBot, ConversationBot, ErrorCode, ErrorWithCode, IdentityType, InvokeResponseErrorCode, InvokeResponseFactory, LogLevel, Member, MessageBuilder, MsGraphAuthProvider, NotificationBot, NotificationTargetType, OnBehalfOfUserCredential, SearchScope, TeamsBotInstallation, TeamsBotSsoPrompt, TeamsFx, TeamsUserCredential, createApiClient, createMicrosoftGraphClient, createPemCertOption, createPfxCertOption, getLogLevel, getTediousConnectionConfig, handleMessageExtensionQueryWithToken, sendAdaptiveCard, sendMessage, setLogFunction, setLogLevel, setLogger };
+export { AdaptiveCardResponse, ApiKeyLocation, ApiKeyProvider, AppCredential, BasicAuthProvider, BearerTokenAuthProvider, BotSsoExecutionDialog, CardActionBot, CertificateAuthProvider, Channel, CommandBot, ConversationBot, ErrorCode, ErrorWithCode, IdentityType, InvokeResponseErrorCode, InvokeResponseFactory, LogLevel, Member, MessageBuilder, MsGraphAuthProvider, NotificationBot, NotificationTargetType, OnBehalfOfUserCredential, SearchScope, TeamsBotInstallation, TeamsBotSsoPrompt, TeamsFx, TeamsUserCredential, createApiClient, createMicrosoftGraphClient, createMicrosoftGraphClientWithCredential, createPemCertOption, createPfxCertOption, getLogLevel, getTediousConnectionConfig, handleMessageExtensionQueryWithSSO, handleMessageExtensionQueryWithToken, sendAdaptiveCard, sendMessage, setLogFunction, setLogLevel, setLogger };
 //# sourceMappingURL=index.esm2017.mjs.map