@microsoft/teamsfx 2.0.0-experimental.0 → 2.0.0-rc.0

package/dist/index.esm2017.mjs

@@ -3,20 +3,20 @@ import { ConfidentialClientApplication } from '@azure/msal-node';
 import { createHash } from 'crypto';
 import { Client } from '@microsoft/microsoft-graph-client';
 import { ManagedIdentityCredential } from '@azure/identity';
-import { ActivityTypes, Channels, TeamsInfo, CardFactory, ActionTypes, MessageFactory, StatusCodes, verifyStateOperationName, tokenExchangeOperationName, TurnContext, BotFrameworkAdapter } from 'botbuilder';
-import { Dialog } from 'botbuilder-dialogs';
+import { ActivityTypes, Channels, TeamsInfo, CardFactory, ActionTypes, MessageFactory, StatusCodes, verifyStateOperationName, tokenExchangeOperationName, TurnContext, TeamsActivityHandler, MemoryStorage, UserState, ConversationState, BotFrameworkAdapter } from 'botbuilder';
+import { Dialog, ComponentDialog, WaterfallDialog, DialogSet, DialogTurnStatus } from 'botbuilder-dialogs';
 import { v4 } from 'uuid';
 import axios from 'axios';
 import { Agent } from 'https';
 import * as path from 'path';
 import * as fs from 'fs';
+import { __rest } from 'tslib';
 import { AdaptiveCards } from '@microsoft/adaptivecards-tools';
 
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
  * Error code to trace the error types.
- * @beta
  */
 var ErrorCode;
 (function (ErrorCode) {
@@ -40,6 +40,30 @@ var ErrorCode;
      * Channel is not supported error.
      */
     ErrorCode["ChannelNotSupported"] = "ChannelNotSupported";
+    /**
+     * Failed to retrieve sso token
+     */
+    ErrorCode["FailedToRetrieveSsoToken"] = "FailedToRetrieveSsoToken";
+    /**
+     * Failed to process sso handler
+     */
+    ErrorCode["FailedToProcessSsoHandler"] = "FailedToProcessSsoHandler";
+    /**
+     * Cannot find command
+     */
+    ErrorCode["CannotFindCommand"] = "CannotFindCommand";
+    /**
+     * Failed to run sso step
+     */
+    ErrorCode["FailedToRunSsoStep"] = "FailedToRunSsoStep";
+    /**
+     * Failed to run dedup step
+     */
+    ErrorCode["FailedToRunDedupStep"] = "FailedToRunDedupStep";
+    /**
+     * Sso activity handler is undefined
+     */
+    ErrorCode["SsoActivityHandlerIsUndefined"] = "SsoActivityHandlerIsUndefined";
     /**
      * Runtime is not supported error.
      */
@@ -95,6 +119,15 @@ ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
 ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
 // ChannelNotSupported Error
 ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+ErrorMessage.FailedToProcessSsoHandler = "Failed to process sso handler: {0}";
+// FailedToRetrieveSsoToken Error
+ErrorMessage.FailedToRetrieveSsoToken = "Failed to retrieve sso token, user failed to finish the AAD consent flow.";
+// CannotFindCommand Error
+ErrorMessage.CannotFindCommand = "Cannot find command: {0}";
+ErrorMessage.FailedToRunSsoStep = "Failed to run dialog to retrieve sso token: {0}";
+ErrorMessage.FailedToRunDedupStep = "Failed to run dialog to remove duplicated messages: {0}";
+// SsoActivityHandlerIsUndefined Error
+ErrorMessage.SsoActivityHandlerIsNull = "Sso command can only be used or added when sso activity handler is not undefined";
 // IdentityTypeNotSupported Error
 ErrorMessage.IdentityTypeNotSupported = "{0} identity is not supported in {1}";
 // AuthorizationInfoError
@@ -105,10 +138,9 @@ ErrorMessage.EmptyParameter = "Parameter {0} is empty";
 ErrorMessage.DuplicateHttpsOptionProperty = "Axios HTTPS agent already defined value for property {0}";
 ErrorMessage.DuplicateApiKeyInHeader = "The request already defined api key in request header with name {0}.";
 ErrorMessage.DuplicateApiKeyInQueryParam = "The request already defined api key in query parameter with name {0}.";
+ErrorMessage.OnlySupportInQueryActivity = "The handleMessageExtensionQueryWithToken only support in handleTeamsMessagingExtensionQuery with composeExtension/query type.";
 /**
  * Error class with code and message thrown by the SDK.
- *
- * @beta
  */
 class ErrorWithCode extends Error {
     /**
@@ -116,8 +148,6 @@ class ErrorWithCode extends Error {
      *
      * @param {string} message - error message.
      * @param {ErrorCode} code - error code.
-     *
-     * @beta
      */
     constructor(message, code) {
         if (!code) {
@@ -135,8 +165,6 @@ class ErrorWithCode extends Error {
 // Licensed under the MIT license.
 /**
  * Log level.
- *
- * @beta
  */
 var LogLevel;
 (function (LogLevel) {
@@ -161,8 +189,6 @@ var LogLevel;
  * Update log level helper.
  *
  * @param { LogLevel } level - log level in configuration
- *
- * @beta
  */
 function setLogLevel(level) {
     internalLogger.level = level;
@@ -171,8 +197,6 @@ function setLogLevel(level) {
  * Get log level.
  *
  * @returns Log level
- *
- * @beta
  */
 function getLogLevel() {
     return internalLogger.level;
@@ -247,8 +271,6 @@ const internalLogger = new InternalLogger();
  *   error: console.error,
  * });
  * ```
- *
- * @beta
  */
 function setLogger(logger) {
     internalLogger.customLogger = logger;
@@ -266,8 +288,6 @@ function setLogger(logger) {
  *   }
  * });
  * ```
- *
- * @beta
  */
 function setLogFunction(logFunction) {
     internalLogger.customLogFunction = logFunction;
@@ -310,6 +330,7 @@ function getUserInfoFromSsoToken(ssoToken) {
     const userInfo = {
         displayName: tokenObject.name,
         objectId: tokenObject.oid,
+        tenantId: tokenObject.tid,
         preferredUserName: "",
     };
     if (tokenObject.ver === "2.0") {
@@ -431,23 +452,8 @@ function parseCertificate(certificateContent) {
  *
  * @remarks
  * Only works in in server side.
- *
- * @beta
  */
 class AppCredential {
-    /**
-     * Constructor of AppCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
-     */
     constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
         const config = this.loadAndValidateConfig(authConfig);
@@ -476,8 +482,6 @@ class AppCredential {
      *
      * @returns Access token with expected scopes.
      * Throw error if get access token failed.
-     *
-     * @beta
      */
     async getToken(scopes, options) {
         let accessToken;
@@ -517,7 +521,10 @@ class AppCredential {
      */
     loadAndValidateConfig(config) {
         internalLogger.verbose("Validate authentication configuration");
-        if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {
+        if (config.clientId &&
+            (config.clientSecret || config.certificateContent) &&
+            config.tenantId &&
+            config.authorityHost) {
             return config;
         }
         const missingValues = [];
@@ -530,6 +537,9 @@ class AppCredential {
         if (!config.tenantId) {
             missingValues.push("tenantId");
         }
+        if (!config.authorityHost) {
+            missingValues.push("authorityHost");
+        }
         const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingValues.join(", "), "undefined");
         internalLogger.error(errorMsg);
         throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
@@ -547,25 +557,8 @@ class AppCredential {
  *
  * @remarks
  * Can only be used in server side.
- *
- * @beta
  */
 class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
     constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
@@ -625,8 +618,6 @@ class OnBehalfOfUserCredential {
      * @remarks
      * If scopes is empty string or array, it returns SSO token.
      * If scopes is non-empty, it returns access token for target scope.
-     *
-     * @beta
      */
     async getToken(scopes, options) {
         validateScopesType(scopes);
@@ -677,8 +668,6 @@ class OnBehalfOfUserCredential {
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
      *
      * @returns Basic user info with user displayName, objectId and preferredUserName.
-     *
-     * @beta
      */
     getUserInfo() {
         internalLogger.info("Get basic user info from SSO token");
@@ -710,44 +699,39 @@ class OnBehalfOfUserCredential {
  *
  * @remarks
  * Can only be used within Teams.
- *
- * @beta
  */
 class TeamsUserCredential {
-    /**
-     * Constructor of TeamsUserCredential.
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
     constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
     /**
      * Popup login page to get user's access token with specific scopes.
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
-    async login(scopes) {
+    async login(scopes, resources) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
     /**
      * Get access token from credential.
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
     async getToken(scopes, options) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
     /**
      * Get basic user info from SSO token
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
-    getUserInfo() {
+    getUserInfo(resources) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), ErrorCode.RuntimeNotSupported);
     }
 }
@@ -756,24 +740,10 @@ class TeamsUserCredential {
 const defaultScope = "https://graph.microsoft.com/.default";
 /**
  * Microsoft Graph auth provider for Teams Framework
- *
- * @beta
  */
 class MsGraphAuthProvider {
-    /**
-     * Constructor of MsGraphAuthProvider.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns An instance of MsGraphAuthProvider.
-     *
-     * @beta
-     */
-    constructor(teamsfx, scopes) {
-        this.teamsfx = teamsfx;
+    constructor(credentialOrTeamsFx, scopes) {
+        this.credentialOrTeamsFx = credentialOrTeamsFx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -799,7 +769,15 @@ class MsGraphAuthProvider {
      */
     async getAccessToken() {
         internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-        const accessToken = await this.teamsfx.getCredential().getToken(this.scopes);
+        let accessToken;
+        if (this.credentialOrTeamsFx.getCredential) {
+            accessToken = await this.credentialOrTeamsFx
+                .getCredential()
+                .getToken(this.scopes);
+        }
+        else {
+            accessToken = await this.credentialOrTeamsFx.getToken(this.scopes);
+        }
         return new Promise((resolve, reject) => {
             if (accessToken) {
                 resolve(accessToken.token);
@@ -816,7 +794,6 @@ class MsGraphAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Get Microsoft graph client.
- *
  * @example
  * Get Microsoft graph client by TokenCredential
  * ```typescript
@@ -862,8 +839,6 @@ class MsGraphAuthProvider {
  * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
  *
  * @returns Graph client with specified scopes.
- *
- * @beta
  */
 function createMicrosoftGraphClient(teamsfx, scopes) {
     internalLogger.info("Create Microsoft Graph Client");
@@ -872,6 +847,66 @@ function createMicrosoftGraphClient(teamsfx, scopes) {
         authProvider,
     });
     return graphClient;
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Get Microsoft graph client.
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // In browser: TeamsUserCredential
+ * const authConfig: TeamsUserCredentialAuthConfig = {
+ *   clientId: "xxx",
+    initiateLoginEndpoint: "https://xxx/auth-start.html",
+ * };
+
+ * const credential = new TeamsUserCredential(authConfig);
+
+ * const scope = "User.Read";
+ * await credential.login(scope);
+
+ * const client = createMicrosoftGraphClientWithCredential(credential, scope);
+
+ * // In node: OnBehalfOfUserCredential
+ * const oboAuthConfig: OnBehalfOfCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+
+ * const oboCredential = new OnBehalfOfUserCredential(ssoToken, oboAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(oboCredential, scope);
+
+ * // In node: AppCredential
+ * const appAuthConfig: AppCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+ * const appCredential = new AppCredential(appAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(appCredential, scope);
+ *
+ * const profile = await client.api("/me").get();
+ * ```
+ *
+ * @param {TokenCredential} credential - Used to provide configuration and auth.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ */
+function createMicrosoftGraphClientWithCredential(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const graphClient = Client.initWithMiddleware({
+        authProvider,
+    });
+    return graphClient;
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -883,6 +918,8 @@ const defaultSQLScope = "https://database.windows.net/";
 /**
  * Generate connection configuration consumed by tedious.
  *
+ * @deprecated we recommend you compose your own Tedious configuration for better flexibility.
+ *
  * @param {TeamsFx} teamsfx - Used to provide configuration and auth
  * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
  *
@@ -891,8 +928,6 @@ const defaultSQLScope = "https://database.windows.net/";
  * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
  * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
  * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
- *
- * @beta
  */
 async function getTediousConnectionConfig(teamsfx, databaseName) {
     internalLogger.info("Get SQL configuration");
@@ -1047,8 +1082,6 @@ var TediousAuthenticationType;
 // Licensed under the MIT license.
 /**
  * Identity type to use in authentication.
- *
- * @beta
  */
 var IdentityType;
 (function (IdentityType) {
@@ -1066,8 +1099,6 @@ var IdentityType;
 const invokeResponseType = "invokeResponse";
 /**
  * Response body returned for a token exchange invoke activity.
- *
- * @beta
  */
 class TokenExchangeInvokeResponse {
     constructor(id, failureDetail) {
@@ -1122,28 +1153,22 @@ class TokenExchangeInvokeResponse {
  *      }
  * ]));
  * ```
- *
- * @beta
  */
 class TeamsBotSsoPrompt extends Dialog {
-    /**
-     * Constructor of TeamsBotSsoPrompt.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
-     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
-     * @param settings Settings used to configure the prompt.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    constructor(teamsfx, dialogId, settings) {
-        super(dialogId);
-        this.teamsfx = teamsfx;
-        this.settings = settings;
-        validateScopesType(settings.scopes);
-        this.loadAndValidateConfig();
+    constructor(authConfig, ...args) {
+        super(arguments.length === 3 ? args[0] : args[1]);
+        if (authConfig.getCredential) {
+            const teamsfx = authConfig;
+            this.authConfig = this.loadAndValidateConfig(teamsfx);
+            this.initiateLoginEndpoint = teamsfx.getConfig("initiateLoginEndpoint");
+            this.settings = args[1];
+        }
+        else {
+            this.initiateLoginEndpoint = args[0];
+            this.authConfig = authConfig;
+            this.settings = args[2];
+        }
+        validateScopesType(this.settings.scopes);
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1159,8 +1184,6 @@ class TeamsBotSsoPrompt extends Dialog {
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
      *
      * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
      */
     async beginDialog(dc) {
         var _a;
@@ -1208,8 +1231,6 @@ class TeamsBotSsoPrompt extends Dialog {
      *
      * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     async continueDialog(dc) {
         var _a;
@@ -1244,30 +1265,45 @@ class TeamsBotSsoPrompt extends Dialog {
             return Dialog.EndOfTurn;
         }
     }
-    loadAndValidateConfig() {
-        if (this.teamsfx.getIdentityType() !== IdentityType.User) {
-            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+    loadAndValidateConfig(teamsfx) {
+        if (teamsfx.getIdentityType() !== IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, ErrorCode.IdentityTypeNotSupported);
         }
         const missingConfigurations = [];
-        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+        if (!teamsfx.hasConfig("initiateLoginEndpoint")) {
             missingConfigurations.push("initiateLoginEndpoint");
         }
-        if (!this.teamsfx.hasConfig("clientId")) {
+        if (!teamsfx.hasConfig("clientId")) {
             missingConfigurations.push("clientId");
         }
-        if (!this.teamsfx.hasConfig("tenantId")) {
+        if (!teamsfx.hasConfig("tenantId")) {
             missingConfigurations.push("tenantId");
         }
-        if (!this.teamsfx.hasConfig("applicationIdUri")) {
-            missingConfigurations.push("applicationIdUri");
-        }
         if (missingConfigurations.length != 0) {
             const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, ErrorCode.InvalidConfiguration);
         }
+        let authConfig;
+        if (teamsfx.getConfig("clientSecret")) {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                clientSecret: teamsfx.getConfig("clientSecret"),
+            };
+        }
+        else {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                certificateContent: teamsfx.getConfig("certificateContent"),
+            };
+        }
+        return authConfig;
     }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
@@ -1309,13 +1345,11 @@ class TeamsBotSsoPrompt extends Dialog {
      */
     getSignInResource(loginHint) {
         internalLogger.verbose("Get sign in authentication configuration");
-        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
+        const signInLink = `${this.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.authConfig.clientId}&tenantId=${this.authConfig.tenantId}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: v4(),
-            uri: this.teamsfx.getConfig("applicationIdUri").replace(/\/$/, "") + "/access_as_user",
         };
-        internalLogger.verbose("Token exchange resource uri: " + tokenExchangeResource.uri);
         return {
             signInLink: signInLink,
             tokenExchangeResource: tokenExchangeResource,
@@ -1337,8 +1371,7 @@ class TeamsBotSsoPrompt extends Dialog {
             }
             else {
                 const ssoToken = context.activity.value.token;
-                this.teamsfx.setSsoToken(ssoToken);
-                const credential = this.teamsfx.getCredential();
+                const credential = new OnBehalfOfUserCredential(ssoToken, this.authConfig);
                 let exchangedToken;
                 try {
                     exchangedToken = await credential.getToken(this.settings.scopes);
@@ -1414,8 +1447,6 @@ class TeamsBotSsoPrompt extends Dialog {
  * ```typescript
  * const client = createApiClient("https://my-api-endpoint-base-url", new BasicAuthProvider("xxx","xxx"));
  * ```
- *
- * @beta
  */
 function createApiClient(apiEndpoint, authProvider) {
     // Add a request interceptor
@@ -1431,14 +1462,10 @@ function createApiClient(apiEndpoint, authProvider) {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Bearer Token authentication
- *
- * @beta
  */
 class BearerTokenAuthProvider {
     /**
      * @param { () => Promise<string> } getToken - Function that returns the content of bearer token used in http request
-     *
-     * @beta
      */
     constructor(getToken) {
         this.getToken = getToken;
@@ -1452,8 +1479,6 @@ class BearerTokenAuthProvider {
      * @returns Updated axios request config.
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when Authorization header already exists in request configuration.
-     *
-     * @beta
      */
     async AddAuthenticationInfo(config) {
         const token = await this.getToken();
@@ -1471,8 +1496,6 @@ class BearerTokenAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Basic authentication
- *
- * @beta
  */
 class BasicAuthProvider {
     /**
@@ -1482,8 +1505,6 @@ class BasicAuthProvider {
      *
      * @throws {@link ErrorCode|InvalidParameter} - when username or password is empty.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     constructor(userName, password) {
         if (!userName) {
@@ -1505,8 +1526,6 @@ class BasicAuthProvider {
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when Authorization header or auth property already exists in request configuration.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     async AddAuthenticationInfo(config) {
         if (config.headers && config.headers["Authorization"]) {
@@ -1526,8 +1545,6 @@ class BasicAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles API Key authentication
- *
- * @beta
  */
 class ApiKeyProvider {
     /**
@@ -1538,8 +1555,6 @@ class ApiKeyProvider {
      *
      * @throws {@link ErrorCode|InvalidParameter} - when key name or key value is empty.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     constructor(keyName, keyValue, keyLocation) {
         if (!keyName) {
@@ -1562,8 +1577,6 @@ class ApiKeyProvider {
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when API key already exists in request header or url query parameter.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     async AddAuthenticationInfo(config) {
         switch (this.keyLocation) {
@@ -1580,8 +1593,12 @@ class ApiKeyProvider {
                 if (!config.params) {
                     config.params = {};
                 }
-                const url = new URL(config.url, config.baseURL);
-                if (config.params[this.keyName] || url.searchParams.has(this.keyName)) {
+                let urlHasDefinedApiKey = false;
+                if (config.url) {
+                    const url = new URL(config.url, config.baseURL);
+                    urlHasDefinedApiKey = url.searchParams.has(this.keyName);
+                }
+                if (config.params[this.keyName] || urlHasDefinedApiKey) {
                     throw new ErrorWithCode(formatString(ErrorMessage.DuplicateApiKeyInQueryParam, this.keyName), ErrorCode.AuthorizationInfoAlreadyExists);
                 }
                 config.params[this.keyName] = this.keyValue;
@@ -1592,8 +1609,6 @@ class ApiKeyProvider {
 }
 /**
  * Define available location for API Key location
- *
- * @beta
  */
 var ApiKeyLocation;
 (function (ApiKeyLocation) {
@@ -1610,8 +1625,6 @@ var ApiKeyLocation;
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Certificate authentication
- *
- * @beta
  */
 class CertificateAuthProvider {
     /**
@@ -1619,8 +1632,6 @@ class CertificateAuthProvider {
      * @param { SecureContextOptions } certOption - information about the cert used in http requests
      *
      * @throws {@link ErrorCode|InvalidParameter} - when cert option is empty.
-     *
-     * @beta
      */
     constructor(certOption) {
         if (certOption && Object.keys(certOption).length !== 0) {
@@ -1639,8 +1650,6 @@ class CertificateAuthProvider {
      * @returns Updated axios request config.
      *
      * @throws {@link ErrorCode|InvalidParameter} - when custom httpsAgent in the request has duplicate properties with certOption provided in constructor.
-     *
-     * @beta
      */
     async AddAuthenticationInfo(config) {
         if (!config.httpsAgent) {
@@ -1724,7 +1733,6 @@ const ReservedKey = new Set([
 ]);
 /**
  * A class providing credential and configuration.
- * @beta
  */
 class TeamsFx {
     /**
@@ -1734,16 +1742,15 @@ class TeamsFx {
      * @param customConfig - key/value pairs of customized configuration that overrides default ones.
      *
      * @throws {@link ErrorCode|IdentityTypeNotSupported} when setting app identity in browser.
-     *
-     * @beta
      */
     constructor(identityType, customConfig) {
         this.identityType = identityType !== null && identityType !== void 0 ? identityType : IdentityType.User;
         this.configuration = new Map();
         this.loadFromEnv();
         if (customConfig) {
-            for (const key of Object.keys(customConfig)) {
-                const value = customConfig[key];
+            const myConfig = Object.assign({}, customConfig);
+            for (const key of Object.keys(myConfig)) {
+                const value = myConfig[key];
                 if (value) {
                     this.configuration.set(key, value);
                 }
@@ -1754,7 +1761,6 @@ class TeamsFx {
      * Identity type set by user.
      *
      * @returns identity type.
-     * @beta
      */
     getIdentityType() {
         return this.identityType;
@@ -1767,7 +1773,6 @@ class TeamsFx {
      * identity is chose, will return {@link AppCredential}.
      *
      * @returns instance implements TokenCredential interface.
-     * @beta
      */
     getCredential() {
         if (this.identityType === IdentityType.User) {
@@ -1787,10 +1792,10 @@ class TeamsFx {
     }
     /**
      * Get user information.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      * @returns UserInfo object.
-     * @beta
      */
-    async getUserInfo() {
+    async getUserInfo(resources) {
         if (this.identityType !== IdentityType.User) {
             const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.identityType.toString(), "TeamsFx");
             internalLogger.error(errorMsg);
@@ -1812,22 +1817,20 @@ class TeamsFx {
      * await teamsfx.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
      * ```
      * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      *
      * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
      * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
      */
-    async login(scopes) {
+    async login(scopes, resources) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "login"), ErrorCode.RuntimeNotSupported);
     }
     /**
      * Set SSO token when using user identity in NodeJS.
      * @param {string} ssoToken - used for on behalf of user flow.
      * @returns self instance.
-     * @beta
      */
     setSsoToken(ssoToken) {
         if (this.identityType !== IdentityType.User) {
@@ -1840,7 +1843,6 @@ class TeamsFx {
      * Usually used by service plugins to retrieve specific config
      * @param {string} key - configuration key.
      * @returns value in configuration.
-     * @beta
      */
     getConfig(key) {
         const value = this.configuration.get(key);
@@ -1855,7 +1857,6 @@ class TeamsFx {
      * Check the value of specific key.
      * @param {string} key - configuration key.
      * @returns true if corresponding value is not empty string.
-     * @beta
      */
     hasConfig(key) {
         const value = this.configuration.get(key);
@@ -1864,7 +1865,6 @@ class TeamsFx {
     /**
      * Get all configurations.
      * @returns key value mappings.
-     * @beta
      */
     getConfigs() {
         const config = {};
@@ -1906,162 +1906,379 @@ class TeamsFx {
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
- * @internal
+ * The target type where the notification will be sent to.
+ *
+ * @remarks
+ * - "Channel" means to a team channel. (By default, notification to a team will be sent to its "General" channel.)
+ * - "Group" means to a group chat.
+ * - "Person" means to a personal chat.
  */
-function cloneConversation(conversation) {
-    return JSON.parse(JSON.stringify(conversation));
-}
+var NotificationTargetType;
+(function (NotificationTargetType) {
+    /**
+     * The notification will be sent to a team channel.
+     * (By default, notification to a team will be sent to its "General" channel.)
+     */
+    NotificationTargetType["Channel"] = "Channel";
+    /**
+     * The notification will be sent to a group chat.
+     */
+    NotificationTargetType["Group"] = "Group";
+    /**
+     * The notification will be sent to a personal chat.
+     */
+    NotificationTargetType["Person"] = "Person";
+})(NotificationTargetType || (NotificationTargetType = {}));
+/**
+ * Options used to control how the response card will be sent to users.
+ */
+var AdaptiveCardResponse;
+(function (AdaptiveCardResponse) {
+    /**
+     * The response card will be replaced the current one for the interactor who trigger the action.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["ReplaceForInteractor"] = 0] = "ReplaceForInteractor";
+    /**
+     * The response card will be replaced the current one for all users in the chat.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["ReplaceForAll"] = 1] = "ReplaceForAll";
+    /**
+     * The response card will be sent as a new message for all users in the chat.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["NewForAll"] = 2] = "NewForAll";
+})(AdaptiveCardResponse || (AdaptiveCardResponse = {}));
+/**
+ * Status code for an `application/vnd.microsoft.error` invoke response.
+ */
+var InvokeResponseErrorCode;
+(function (InvokeResponseErrorCode) {
+    /**
+     * Invalid request.
+     */
+    InvokeResponseErrorCode[InvokeResponseErrorCode["BadRequest"] = 400] = "BadRequest";
+    /**
+     * Internal server error.
+     */
+    InvokeResponseErrorCode[InvokeResponseErrorCode["InternalServerError"] = 500] = "InternalServerError";
+})(InvokeResponseErrorCode || (InvokeResponseErrorCode = {}));
+
 /**
+ * Available response type for an adaptive card invoke response.
  * @internal
  */
-function getTargetType(conversationReference) {
-    var _a;
-    const conversationType = (_a = conversationReference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
-    if (conversationType === "personal") {
-        return "Person";
+var InvokeResponseType;
+(function (InvokeResponseType) {
+    InvokeResponseType["AdaptiveCard"] = "application/vnd.microsoft.card.adaptive";
+    InvokeResponseType["Message"] = "application/vnd.microsoft.activity.message";
+    InvokeResponseType["Error"] = "application/vnd.microsoft.error";
+})(InvokeResponseType || (InvokeResponseType = {}));
+/**
+ * Provides methods for formatting various invoke responses a bot can send to respond to an invoke request.
+ *
+ * @remarks
+ * All of these functions return an {@link InvokeResponse} object, which can be
+ * passed as input to generate a new `invokeResponse` activity.
+ *
+ * This example sends an invoke response that contains an adaptive card.
+ *
+ * ```typescript
+ *
+ * const myCard = {
+ *    type: "AdaptiveCard",
+ *    body: [
+ *     {
+ *       "type": "TextBlock",
+ *       "text": "This is a sample card"
+ *     }],
+ *     $schema: "http://adaptivecards.io/schemas/adaptive-card.json",
+ *     version: "1.4"
+ *  };
+ *
+ * const invokeResponse = InvokeResponseFactory.adaptiveCard(myCard);
+ * await context.sendActivity({
+ *    type: ActivityTypes.InvokeResponse,
+ *    value: invokeResponse,
+ *  });
+ * ```
+ */
+class InvokeResponseFactory {
+    /**
+     * Create an invoke response from a text message.
+     * The type of the invoke response is `application/vnd.microsoft.activity.message`
+     * indicates the request was successfully processed.
+     *
+     * @param message A text message included in a invoke response.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static textMessage(message) {
+        if (!message) {
+            throw new Error("The text message cannot be null or empty");
+        }
+        return {
+            status: StatusCodes.OK,
+            body: {
+                statusCode: StatusCodes.OK,
+                type: InvokeResponseType.Message,
+                value: message,
+            },
+        };
     }
-    else if (conversationType === "groupChat") {
-        return "Group";
+    /**
+     * Create an invoke response from an adaptive card.
+     *
+     * The type of the invoke response is `application/vnd.microsoft.card.adaptive` indicates
+     * the request was successfully processed, and the response includes an adaptive card
+     * that the client should display in place of the current one.
+     *
+     * @param card The adaptive card JSON payload.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static adaptiveCard(card) {
+        if (!card) {
+            throw new Error("The adaptive card content cannot be null or undefined");
+        }
+        return {
+            status: StatusCodes.OK,
+            body: {
+                statusCode: StatusCodes.OK,
+                type: InvokeResponseType.AdaptiveCard,
+                value: card,
+            },
+        };
     }
-    else if (conversationType === "channel") {
-        return "Channel";
+    /**
+     * Create an invoke response with error code and message.
+     *
+     * The type of the invoke response is `application/vnd.microsoft.error` indicates
+     * the request was failed to processed.
+     *
+     * @param errorCode The status code indicates error, available values:
+     *  - 400 (BadRequest): indicate the incoming request was invalid.
+     *  - 500 (InternalServerError): indicate an unexpected error occurred.
+     * @param errorMessage The error message.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static errorResponse(errorCode, errorMessage) {
+        return {
+            status: StatusCodes.OK,
+            body: {
+                statusCode: errorCode,
+                type: InvokeResponseType.Error,
+                value: {
+                    code: errorCode.toString(),
+                    message: errorMessage,
+                },
+            },
+        };
     }
-    else {
-        return undefined;
+    /**
+     * Create an invoke response with status code and response value.
+     * @param statusCode The status code.
+     * @param body The value of the response body.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static createInvokeResponse(statusCode, body) {
+        return {
+            status: statusCode,
+            body: body,
+        };
     }
-}
+}
+
 /**
  * @internal
  */
-function getTeamsBotInstallationId(context) {
-    var _a, _b, _c, _d;
-    return (_d = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id) !== null && _d !== void 0 ? _d : context.activity.conversation.id;
+class CardActionMiddleware {
+    constructor(handlers) {
+        this.actionHandlers = [];
+        this.defaultMessage = "Your response was sent to the app";
+        if (handlers && handlers.length > 0) {
+            this.actionHandlers.push(...handlers);
+        }
+    }
+    async onTurn(context, next) {
+        var _a, _b, _c;
+        if (context.activity.name === "adaptiveCard/action") {
+            const action = context.activity.value.action;
+            const actionVerb = action.verb;
+            for (const handler of this.actionHandlers) {
+                if (((_a = handler.triggerVerb) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === (actionVerb === null || actionVerb === void 0 ? void 0 : actionVerb.toLowerCase())) {
+                    let response;
+                    try {
+                        response = await handler.handleActionInvoked(context, action.data);
+                    }
+                    catch (error) {
+                        const errorResponse = InvokeResponseFactory.errorResponse(InvokeResponseErrorCode.InternalServerError, error.message);
+                        await this.sendInvokeResponse(context, errorResponse);
+                        throw error;
+                    }
+                    const responseType = (_b = response.body) === null || _b === void 0 ? void 0 : _b.type;
+                    switch (responseType) {
+                        case InvokeResponseType.AdaptiveCard:
+                            const card = (_c = response.body) === null || _c === void 0 ? void 0 : _c.value;
+                            if (!card) {
+                                const errorMessage = "Adaptive card content cannot be found in the response body";
+                                await this.sendInvokeResponse(context, InvokeResponseFactory.errorResponse(InvokeResponseErrorCode.InternalServerError, errorMessage));
+                                throw new Error(errorMessage);
+                            }
+                            if (card.refresh && handler.adaptiveCardResponse !== AdaptiveCardResponse.NewForAll) {
+                                // Card won't be refreshed with AdaptiveCardResponse.ReplaceForInteractor.
+                                // So set to AdaptiveCardResponse.ReplaceForAll here.
+                                handler.adaptiveCardResponse = AdaptiveCardResponse.ReplaceForAll;
+                            }
+                            const activity = MessageFactory.attachment(CardFactory.adaptiveCard(card));
+                            if (handler.adaptiveCardResponse === AdaptiveCardResponse.NewForAll) {
+                                await this.sendInvokeResponse(context, InvokeResponseFactory.textMessage(this.defaultMessage));
+                                await context.sendActivity(activity);
+                            }
+                            else if (handler.adaptiveCardResponse === AdaptiveCardResponse.ReplaceForAll) {
+                                activity.id = context.activity.replyToId;
+                                await context.updateActivity(activity);
+                                await this.sendInvokeResponse(context, response);
+                            }
+                            else {
+                                await this.sendInvokeResponse(context, response);
+                            }
+                            break;
+                        case InvokeResponseType.Message:
+                        case InvokeResponseType.Error:
+                        default:
+                            await this.sendInvokeResponse(context, response);
+                            break;
+                    }
+                    break;
+                }
+            }
+        }
+        await next();
+    }
+    async sendInvokeResponse(context, response) {
+        await context.sendActivity({
+            type: ActivityTypes.InvokeResponse,
+            value: response,
+        });
+    }
+}
+
+/**
+ * A card action bot to respond to adaptive card universal actions.
+ */
+class CardActionBot {
+    /**
+     * Creates a new instance of the `CardActionBot`.
+     *
+     * @param adapter The bound `BotFrameworkAdapter`.
+     * @param options - initialize options
+     */
+    constructor(adapter, options) {
+        this.middleware = new CardActionMiddleware(options === null || options === void 0 ? void 0 : options.actions);
+        this.adapter = adapter.use(this.middleware);
+    }
+    /**
+     * Registers a card action handler to the bot.
+     * @param actionHandler A card action handler to be registered.
+     */
+    registerHandler(actionHandler) {
+        if (actionHandler) {
+            this.middleware.actionHandlers.push(actionHandler);
+        }
+    }
+    /**
+     * Registers card action handlers to the bot.
+     * @param actionHandlers A set of card action handlers to be registered.
+     */
+    registerHandlers(actionHandlers) {
+        if (actionHandlers) {
+            this.middleware.actionHandlers.push(...actionHandlers);
+        }
+    }
 }
 
 // Copyright (c) Microsoft Corporation.
 /**
  * @internal
  */
-var ActivityType;
-(function (ActivityType) {
-    ActivityType[ActivityType["CurrentBotInstalled"] = 0] = "CurrentBotInstalled";
-    ActivityType[ActivityType["CurrentBotMessaged"] = 1] = "CurrentBotMessaged";
-    ActivityType[ActivityType["CurrentBotUninstalled"] = 2] = "CurrentBotUninstalled";
-    ActivityType[ActivityType["TeamDeleted"] = 3] = "TeamDeleted";
-    ActivityType[ActivityType["TeamRestored"] = 4] = "TeamRestored";
-    ActivityType[ActivityType["Unknown"] = 5] = "Unknown";
-})(ActivityType || (ActivityType = {}));
-/**
- * @internal
- */
-class NotificationMiddleware {
-    constructor(options) {
-        this.conversationReferenceStore = options.conversationReferenceStore;
-    }
-    async onTurn(context, next) {
-        const type = this.classifyActivity(context.activity);
-        switch (type) {
-            case ActivityType.CurrentBotInstalled:
-            case ActivityType.TeamRestored: {
-                const reference = TurnContext.getConversationReference(context.activity);
-                await this.conversationReferenceStore.set(reference);
-                break;
-            }
-            case ActivityType.CurrentBotMessaged: {
-                await this.tryAddMessagedReference(context);
-                break;
-            }
-            case ActivityType.CurrentBotUninstalled:
-            case ActivityType.TeamDeleted: {
-                const reference = TurnContext.getConversationReference(context.activity);
-                await this.conversationReferenceStore.delete(reference);
-                break;
-            }
-        }
-        await next();
-    }
-    classifyActivity(activity) {
-        var _a, _b;
-        const activityType = activity.type;
-        if (activityType === "installationUpdate") {
-            const action = (_a = activity.action) === null || _a === void 0 ? void 0 : _a.toLowerCase();
-            if (action === "add") {
-                return ActivityType.CurrentBotInstalled;
-            }
-            else {
-                return ActivityType.CurrentBotUninstalled;
-            }
-        }
-        else if (activityType === "conversationUpdate") {
-            const eventType = (_b = activity.channelData) === null || _b === void 0 ? void 0 : _b.eventType;
-            if (eventType === "teamDeleted") {
-                return ActivityType.TeamDeleted;
-            }
-            else if (eventType === "teamRestored") {
-                return ActivityType.TeamRestored;
-            }
-        }
-        else if (activityType === "message") {
-            return ActivityType.CurrentBotMessaged;
-        }
-        return ActivityType.Unknown;
-    }
-    async tryAddMessagedReference(context) {
-        var _a, _b, _c, _d;
-        const reference = TurnContext.getConversationReference(context.activity);
-        const conversationType = (_a = reference === null || reference === void 0 ? void 0 : reference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
-        if (conversationType === "personal" || conversationType === "groupChat") {
-            if (!(await this.conversationReferenceStore.check(reference))) {
-                await this.conversationReferenceStore.set(reference);
-            }
-        }
-        else if (conversationType === "channel") {
-            const teamId = (_d = (_c = (_b = context.activity) === null || _b === void 0 ? void 0 : _b.channelData) === null || _c === void 0 ? void 0 : _c.team) === null || _d === void 0 ? void 0 : _d.id;
-            if (teamId !== undefined) {
-                const teamReference = cloneConversation(reference);
-                teamReference.conversation.id = teamId;
-                if (!(await this.conversationReferenceStore.check(teamReference))) {
-                    await this.conversationReferenceStore.set(teamReference);
-                }
-            }
-        }
-    }
-}
 class CommandResponseMiddleware {
-    constructor(handlers) {
+    constructor(handlers, ssoHandlers, activityHandler) {
         this.commandHandlers = [];
-        if (handlers && handlers.length > 0) {
-            this.commandHandlers.push(...handlers);
+        this.ssoCommandHandlers = [];
+        handlers = handlers !== null && handlers !== void 0 ? handlers : [];
+        ssoHandlers = ssoHandlers !== null && ssoHandlers !== void 0 ? ssoHandlers : [];
+        this.hasSsoCommand = ssoHandlers.length > 0;
+        this.ssoActivityHandler = activityHandler;
+        if (this.hasSsoCommand && !this.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, ErrorCode.SsoActivityHandlerIsUndefined);
         }
+        this.commandHandlers.push(...handlers);
+        for (const ssoHandler of ssoHandlers) {
+            this.addSsoCommand(ssoHandler);
+        }
+    }
+    addSsoCommand(ssoHandler) {
+        var _a;
+        (_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.addCommand(async (context, tokenResponse, message) => {
+            const matchResult = this.shouldTrigger(ssoHandler.triggerPatterns, message.text);
+            message.matches = Array.isArray(matchResult) ? matchResult : void 0;
+            const response = await ssoHandler.handleCommandReceived(context, message, tokenResponse);
+            await this.processResponse(context, response);
+        }, ssoHandler.triggerPatterns);
+        this.ssoCommandHandlers.push(ssoHandler);
+        this.hasSsoCommand = true;
     }
     async onTurn(context, next) {
+        var _a, _b;
         if (context.activity.type === ActivityTypes.Message) {
             // Invoke corresponding command handler for the command response
             const commandText = this.getActivityText(context.activity);
-            const message = {
-                text: commandText,
-            };
+            let alreadyProcessed = false;
             for (const handler of this.commandHandlers) {
                 const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
                 // It is important to note that the command bot will stop processing handlers
                 // when the first command handler is matched.
                 if (!!matchResult) {
+                    const message = {
+                        text: commandText,
+                    };
                     message.matches = Array.isArray(matchResult) ? matchResult : void 0;
                     const response = await handler.handleCommandReceived(context, message);
-                    if (typeof response === "string") {
-                        await context.sendActivity(response);
-                    }
-                    else {
-                        const replyActivity = response;
-                        if (replyActivity) {
-                            await context.sendActivity(replyActivity);
-                        }
+                    await this.processResponse(context, response);
+                    alreadyProcessed = true;
+                    break;
+                }
+            }
+            if (!alreadyProcessed) {
+                for (const handler of this.ssoCommandHandlers) {
+                    const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
+                    if (!!matchResult) {
+                        await ((_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.run(context));
+                        break;
                     }
                 }
             }
         }
+        else {
+            if (this.hasSsoCommand) {
+                await ((_b = this.ssoActivityHandler) === null || _b === void 0 ? void 0 : _b.run(context));
+            }
+        }
         await next();
     }
+    async processResponse(context, response) {
+        if (typeof response === "string") {
+            await context.sendActivity(response);
+        }
+        else {
+            const replyActivity = response;
+            if (replyActivity) {
+                await context.sendActivity(replyActivity);
+            }
+        }
+    }
     matchPattern(pattern, text) {
         if (text) {
             if (typeof pattern === "string") {
@@ -2103,8 +2320,6 @@ class CommandResponseMiddleware {
  *
  * @remarks
  * Ensure each command should ONLY be registered with the command once, otherwise it'll cause unexpected behavior if you register the same command more than once.
- *
- * @beta
  */
 class CommandBot {
     /**
@@ -2112,19 +2327,16 @@ class CommandBot {
      *
      * @param adapter The bound `BotFrameworkAdapter`.
      * @param options - initialize options
-     *
-     * @beta
      */
-    constructor(adapter, options) {
-        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands);
+    constructor(adapter, options, ssoCommandActivityHandler, ssoConfig) {
+        this.ssoConfig = ssoConfig;
+        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands, options === null || options === void 0 ? void 0 : options.ssoCommands, ssoCommandActivityHandler);
         this.adapter = adapter.use(this.middleware);
     }
     /**
      * Registers a command into the command bot.
      *
-     * @param command The command to registered.
-     *
-     * @beta
+     * @param command The command to register.
      */
     registerCommand(command) {
         if (command) {
@@ -2134,15 +2346,174 @@ class CommandBot {
     /**
      * Registers commands into the command bot.
      *
-     * @param commands The command to registered.
-     *
-     * @beta
+     * @param commands The commands to register.
      */
     registerCommands(commands) {
         if (commands) {
             this.middleware.commandHandlers.push(...commands);
         }
     }
+    /**
+     * Registers a sso command into the command bot.
+     *
+     * @param command The command to register.
+     */
+    registerSsoCommand(ssoCommand) {
+        this.validateSsoActivityHandler();
+        this.middleware.addSsoCommand(ssoCommand);
+    }
+    /**
+     * Registers commands into the command bot.
+     *
+     * @param commands The commands to register.
+     */
+    registerSsoCommands(ssoCommands) {
+        if (ssoCommands.length > 0) {
+            this.validateSsoActivityHandler();
+            for (const ssoCommand of ssoCommands) {
+                this.middleware.addSsoCommand(ssoCommand);
+            }
+        }
+    }
+    validateSsoActivityHandler() {
+        if (!this.middleware.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, ErrorCode.SsoActivityHandlerIsUndefined);
+        }
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
+function cloneConversation(conversation) {
+    return JSON.parse(JSON.stringify(conversation));
+}
+/**
+ * @internal
+ */
+function getTargetType(conversationReference) {
+    var _a;
+    const conversationType = (_a = conversationReference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
+    if (conversationType === "personal") {
+        return NotificationTargetType.Person;
+    }
+    else if (conversationType === "groupChat") {
+        return NotificationTargetType.Group;
+    }
+    else if (conversationType === "channel") {
+        return NotificationTargetType.Channel;
+    }
+    else {
+        return undefined;
+    }
+}
+/**
+ * @internal
+ */
+function getTeamsBotInstallationId(context) {
+    var _a, _b, _c;
+    const teamId = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id;
+    if (teamId) {
+        return teamId;
+    }
+    // Fallback to use conversation id.
+    // the conversation id is equal to team id only when the bot app is installed into the General channel.
+    if (context.activity.conversation.name === undefined) {
+        return context.activity.conversation.id;
+    }
+    return undefined;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
+var ActivityType;
+(function (ActivityType) {
+    ActivityType[ActivityType["CurrentBotInstalled"] = 0] = "CurrentBotInstalled";
+    ActivityType[ActivityType["CurrentBotMessaged"] = 1] = "CurrentBotMessaged";
+    ActivityType[ActivityType["CurrentBotUninstalled"] = 2] = "CurrentBotUninstalled";
+    ActivityType[ActivityType["TeamDeleted"] = 3] = "TeamDeleted";
+    ActivityType[ActivityType["TeamRestored"] = 4] = "TeamRestored";
+    ActivityType[ActivityType["Unknown"] = 5] = "Unknown";
+})(ActivityType || (ActivityType = {}));
+/**
+ * @internal
+ */
+class NotificationMiddleware {
+    constructor(options) {
+        this.conversationReferenceStore = options.conversationReferenceStore;
+    }
+    async onTurn(context, next) {
+        const type = this.classifyActivity(context.activity);
+        switch (type) {
+            case ActivityType.CurrentBotInstalled:
+            case ActivityType.TeamRestored: {
+                const reference = TurnContext.getConversationReference(context.activity);
+                await this.conversationReferenceStore.set(reference);
+                break;
+            }
+            case ActivityType.CurrentBotMessaged: {
+                await this.tryAddMessagedReference(context);
+                break;
+            }
+            case ActivityType.CurrentBotUninstalled:
+            case ActivityType.TeamDeleted: {
+                const reference = TurnContext.getConversationReference(context.activity);
+                await this.conversationReferenceStore.delete(reference);
+                break;
+            }
+        }
+        await next();
+    }
+    classifyActivity(activity) {
+        var _a, _b;
+        const activityType = activity.type;
+        if (activityType === "installationUpdate") {
+            const action = (_a = activity.action) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+            if (action === "add") {
+                return ActivityType.CurrentBotInstalled;
+            }
+            else {
+                return ActivityType.CurrentBotUninstalled;
+            }
+        }
+        else if (activityType === "conversationUpdate") {
+            const eventType = (_b = activity.channelData) === null || _b === void 0 ? void 0 : _b.eventType;
+            if (eventType === "teamDeleted") {
+                return ActivityType.TeamDeleted;
+            }
+            else if (eventType === "teamRestored") {
+                return ActivityType.TeamRestored;
+            }
+        }
+        else if (activityType === "message") {
+            return ActivityType.CurrentBotMessaged;
+        }
+        return ActivityType.Unknown;
+    }
+    async tryAddMessagedReference(context) {
+        var _a, _b, _c, _d;
+        const reference = TurnContext.getConversationReference(context.activity);
+        const conversationType = (_a = reference === null || reference === void 0 ? void 0 : reference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
+        if (conversationType === "personal" || conversationType === "groupChat") {
+            if (!(await this.conversationReferenceStore.check(reference))) {
+                await this.conversationReferenceStore.set(reference);
+            }
+        }
+        else if (conversationType === "channel") {
+            const teamId = (_d = (_c = (_b = context.activity) === null || _b === void 0 ? void 0 : _b.channelData) === null || _c === void 0 ? void 0 : _c.team) === null || _d === void 0 ? void 0 : _d.id;
+            if (teamId !== undefined) {
+                const teamReference = cloneConversation(reference);
+                teamReference.conversation.id = teamId;
+                if (!(await this.conversationReferenceStore.check(teamReference))) {
+                    await this.conversationReferenceStore.set(teamReference);
+                }
+            }
+        }
+    }
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -2270,32 +2641,30 @@ class ConversationReferenceStore {
  *
  * @param target - the notification target.
  * @param text - the plain text message.
- * @returns A `Promise` representing the asynchronous operation.
- *
- * @beta
+ * @param onError - an optional error handler that can catch exceptions during message sending.
+ * If not defined, error will be handled by `BotAdapter.onTurnError`.
+ * @returns the response of sending message.
  */
-function sendMessage(target, text) {
-    return target.sendMessage(text);
+function sendMessage(target, text, onError) {
+    return target.sendMessage(text, onError);
 }
 /**
  * Send an adaptive card message to a notification target.
  *
  * @param target - the notification target.
  * @param card - the adaptive card raw JSON.
- * @returns A `Promise` representing the asynchronous operation.
- *
- * @beta
+ * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+ * If not defined, error will be handled by `BotAdapter.onTurnError`.
+ * @returns the response of sending adaptive card message.
  */
-function sendAdaptiveCard(target, card) {
-    return target.sendAdaptiveCard(card);
+function sendAdaptiveCard(target, card, onError) {
+    return target.sendAdaptiveCard(card, onError);
 }
 /**
  * A {@link NotificationTarget} that represents a team channel.
  *
  * @remarks
  * It's recommended to get channels from {@link TeamsBotInstallation.channels()}.
- *
- * @beta
  */
 class Channel {
     /**
@@ -2306,16 +2675,12 @@ class Channel {
      *
      * @param parent - The parent {@link TeamsBotInstallation} where this channel is created from.
      * @param info - Detailed channel information.
-     *
-     * @beta
      */
     constructor(parent, info) {
         /**
          * Notification target type. For channel it's always "Channel".
-         *
-         * @beta
          */
-        this.type = "Channel";
+        this.type = NotificationTargetType.Channel;
         this.parent = parent;
         this.info = info;
     }
@@ -2323,35 +2688,61 @@ class Channel {
      * Send a plain text message.
      *
      * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
      */
-    sendMessage(text) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
+    async sendMessage(text, onError) {
+        const response = {};
+        await this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
             const conversation = await this.newConversation(context);
             await this.parent.adapter.continueConversation(conversation, async (ctx) => {
-                await ctx.sendActivity(text);
+                try {
+                    const res = await ctx.sendActivity(text);
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        await onError(ctx, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
             });
         });
+        return response;
     }
     /**
      * Send an adaptive card message.
      *
      * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
      */
-    async sendAdaptiveCard(card) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
+    async sendAdaptiveCard(card, onError) {
+        const response = {};
+        await this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
             const conversation = await this.newConversation(context);
             await this.parent.adapter.continueConversation(conversation, async (ctx) => {
-                await ctx.sendActivity({
-                    attachments: [CardFactory.adaptiveCard(card)],
-                });
+                try {
+                    const res = await ctx.sendActivity({
+                        attachments: [CardFactory.adaptiveCard(card)],
+                    });
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        await onError(ctx, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
             });
         });
+        return response;
     }
     /**
      * @internal
@@ -2368,8 +2759,6 @@ class Channel {
  *
  * @remarks
  * It's recommended to get members from {@link TeamsBotInstallation.members()}.
- *
- * @beta
  */
 class Member {
     /**
@@ -2380,16 +2769,12 @@ class Member {
      *
      * @param parent - The parent {@link TeamsBotInstallation} where this member is created from.
      * @param account - Detailed member account information.
-     *
-     * @beta
      */
     constructor(parent, account) {
         /**
          * Notification target type. For member it's always "Person".
-         *
-         * @beta
          */
-        this.type = "Person";
+        this.type = NotificationTargetType.Person;
         this.parent = parent;
         this.account = account;
     }
@@ -2397,216 +2782,732 @@ class Member {
      * Send a plain text message.
      *
      * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
+     */
+    async sendMessage(text, onError) {
+        const response = {};
+        await this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
+            const conversation = await this.newConversation(context);
+            await this.parent.adapter.continueConversation(conversation, async (ctx) => {
+                try {
+                    const res = await ctx.sendActivity(text);
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        await onError(ctx, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            });
+        });
+        return response;
+    }
+    /**
+     * Send an adaptive card message.
      *
-     * @beta
+     * @param card - the adaptive card raw JSON.
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
      */
-    sendMessage(text) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
+    async sendAdaptiveCard(card, onError) {
+        const response = {};
+        await this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
             const conversation = await this.newConversation(context);
             await this.parent.adapter.continueConversation(conversation, async (ctx) => {
-                await ctx.sendActivity(text);
+                try {
+                    const res = await ctx.sendActivity({
+                        attachments: [CardFactory.adaptiveCard(card)],
+                    });
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        await onError(ctx, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
             });
         });
+        return response;
+    }
+    /**
+     * @internal
+     */
+    async newConversation(context) {
+        const reference = TurnContext.getConversationReference(context.activity);
+        const personalConversation = cloneConversation(reference);
+        const connectorClient = context.turnState.get(this.parent.adapter.ConnectorClientKey);
+        const conversation = await connectorClient.conversations.createConversation({
+            isGroup: false,
+            tenantId: context.activity.conversation.tenantId,
+            bot: context.activity.recipient,
+            members: [this.account],
+            channelData: {},
+        });
+        personalConversation.conversation.id = conversation.id;
+        return personalConversation;
+    }
+}
+/**
+ * A {@link NotificationTarget} that represents a bot installation. Teams Bot could be installed into
+ * - Personal chat
+ * - Group chat
+ * - Team (by default the `General` channel)
+ *
+ * @remarks
+ * It's recommended to get bot installations from {@link ConversationBot.installations()}.
+ */
+class TeamsBotInstallation {
+    /**
+     * Constructor
+     *
+     * @remarks
+     * It's recommended to get bot installations from {@link ConversationBot.installations()}, instead of using this constructor.
+     *
+     * @param adapter - the bound `BotFrameworkAdapter`.
+     * @param conversationReference - the bound `ConversationReference`.
+     */
+    constructor(adapter, conversationReference) {
+        this.adapter = adapter;
+        this.conversationReference = conversationReference;
+        this.type = getTargetType(conversationReference);
+    }
+    /**
+     * Send a plain text message.
+     *
+     * @param text - the plain text message.
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
+     */
+    async sendMessage(text, onError) {
+        const response = {};
+        await this.adapter.continueConversation(this.conversationReference, async (context) => {
+            try {
+                const res = await context.sendActivity(text);
+                response.id = res === null || res === void 0 ? void 0 : res.id;
+            }
+            catch (error) {
+                if (onError) {
+                    await onError(context, error);
+                }
+                else {
+                    throw error;
+                }
+            }
+        });
+        return response;
+    }
+    /**
+     * Send an adaptive card message.
+     *
+     * @param card - the adaptive card raw JSON.
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
+     */
+    async sendAdaptiveCard(card, onError) {
+        const response = {};
+        await this.adapter.continueConversation(this.conversationReference, async (context) => {
+            try {
+                const res = await context.sendActivity({
+                    attachments: [CardFactory.adaptiveCard(card)],
+                });
+                response.id = res === null || res === void 0 ? void 0 : res.id;
+            }
+            catch (error) {
+                if (onError) {
+                    await onError(context, error);
+                }
+                else {
+                    throw error;
+                }
+            }
+        });
+        return response;
+    }
+    /**
+     * Get channels from this bot installation.
+     *
+     * @returns an array of channels if bot is installed into a team, otherwise returns an empty array.
+     */
+    async channels() {
+        const channels = [];
+        if (this.type !== NotificationTargetType.Channel) {
+            return channels;
+        }
+        let teamsChannels = [];
+        await this.adapter.continueConversation(this.conversationReference, async (context) => {
+            const teamId = getTeamsBotInstallationId(context);
+            if (teamId !== undefined) {
+                teamsChannels = await TeamsInfo.getTeamChannels(context, teamId);
+            }
+        });
+        for (const channel of teamsChannels) {
+            channels.push(new Channel(this, channel));
+        }
+        return channels;
+    }
+    /**
+     * Get members from this bot installation.
+     *
+     * @returns an array of members from where the bot is installed.
+     */
+    async members() {
+        const members = [];
+        await this.adapter.continueConversation(this.conversationReference, async (context) => {
+            let continuationToken;
+            do {
+                const pagedMembers = await TeamsInfo.getPagedMembers(context, undefined, continuationToken);
+                continuationToken = pagedMembers.continuationToken;
+                for (const member of pagedMembers.members) {
+                    members.push(new Member(this, member));
+                }
+            } while (continuationToken !== undefined);
+        });
+        return members;
+    }
+    /**
+     * Get team details from this bot installation
+     *
+     * @returns the team details if bot is installed into a team, otherwise returns undefined.
+     */
+    async getTeamDetails() {
+        if (this.type !== NotificationTargetType.Channel) {
+            return undefined;
+        }
+        let teamDetails;
+        await this.adapter.continueConversation(this.conversationReference, async (context) => {
+            const teamId = getTeamsBotInstallationId(context);
+            if (teamId !== undefined) {
+                teamDetails = await TeamsInfo.getTeamDetails(context, teamId);
+            }
+        });
+        return teamDetails;
+    }
+}
+/**
+ * Provide utilities to send notification to varies targets (e.g., member, group, channel).
+ */
+class NotificationBot {
+    /**
+     * constructor of the notification bot.
+     *
+     * @remarks
+     * To ensure accuracy, it's recommended to initialize before handling any message.
+     *
+     * @param adapter - the bound `BotFrameworkAdapter`
+     * @param options - initialize options
+     */
+    constructor(adapter, options) {
+        var _a, _b;
+        const storage = (_a = options === null || options === void 0 ? void 0 : options.storage) !== null && _a !== void 0 ? _a : new LocalFileStorage(path.resolve(process.env.RUNNING_ON_AZURE === "1" ? (_b = process.env.TEMP) !== null && _b !== void 0 ? _b : "./" : "./"));
+        this.conversationReferenceStore = new ConversationReferenceStore(storage);
+        this.adapter = adapter.use(new NotificationMiddleware({
+            conversationReferenceStore: this.conversationReferenceStore,
+        }));
+    }
+    /**
+     * Get all targets where the bot is installed.
+     *
+     * @remarks
+     * The result is retrieving from the persisted storage.
+     *
+     * @returns - an array of {@link TeamsBotInstallation}.
+     */
+    async installations() {
+        if (this.conversationReferenceStore === undefined || this.adapter === undefined) {
+            throw new Error("NotificationBot has not been initialized.");
+        }
+        const references = await this.conversationReferenceStore.getAll();
+        const targets = [];
+        for (const reference of references) {
+            // validate connection
+            let valid = true;
+            await this.adapter.continueConversation(reference, async (context) => {
+                try {
+                    // try get member to see if the installation is still valid
+                    await TeamsInfo.getPagedMembers(context, 1);
+                }
+                catch (error) {
+                    if (error.code === "BotNotInConversationRoster") {
+                        valid = false;
+                    }
+                }
+            });
+            if (valid) {
+                targets.push(new TeamsBotInstallation(this.adapter, reference));
+            }
+            else {
+                await this.conversationReferenceStore.delete(reference);
+            }
+        }
+        return targets;
+    }
+    /**
+     * Returns the first {@link Member} where predicate is true, and undefined otherwise.
+     *
+     * @param predicate find calls predicate once for each member of the installation,
+     * until it finds one where predicate returns true. If such a member is found, find
+     * immediately returns that member. Otherwise, find returns undefined.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns the first {@link Member} where predicate is true, and undefined otherwise.
+     */
+    async findMember(predicate, scope) {
+        for (const target of await this.installations()) {
+            if (this.matchSearchScope(target, scope)) {
+                for (const member of await target.members()) {
+                    if (await predicate(member)) {
+                        return member;
+                    }
+                }
+            }
+        }
+        return;
+    }
+    /**
+     * Returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise undefined will be returned.)
+     *
+     * @param predicate find calls predicate once for each channel of the installation,
+     * until it finds one where predicate returns true. If such a channel is found, find
+     * immediately returns that channel. Otherwise, find returns undefined.
+     * @returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     */
+    async findChannel(predicate) {
+        for (const target of await this.installations()) {
+            if (target.type === NotificationTargetType.Channel) {
+                const teamDetails = await target.getTeamDetails();
+                for (const channel of await target.channels()) {
+                    if (await predicate(channel, teamDetails)) {
+                        return channel;
+                    }
+                }
+            }
+        }
+        return;
+    }
+    /**
+     * Returns all {@link Member} where predicate is true, and empty array otherwise.
+     *
+     * @param predicate find calls predicate for each member of the installation.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns an array of {@link Member} where predicate is true, and empty array otherwise.
+     */
+    async findAllMembers(predicate, scope) {
+        const members = [];
+        for (const target of await this.installations()) {
+            if (this.matchSearchScope(target, scope)) {
+                for (const member of await target.members()) {
+                    if (await predicate(member)) {
+                        members.push(member);
+                    }
+                }
+            }
+        }
+        return members;
+    }
+    /**
+     * Returns all {@link Channel} where predicate is true, and empty array otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise empty array will be returned.)
+     *
+     * @param predicate find calls predicate for each channel of the installation.
+     * @returns an array of {@link Channel} where predicate is true, and empty array otherwise.
+     */
+    async findAllChannels(predicate) {
+        const channels = [];
+        for (const target of await this.installations()) {
+            if (target.type === NotificationTargetType.Channel) {
+                const teamDetails = await target.getTeamDetails();
+                for (const channel of await target.channels()) {
+                    if (await predicate(channel, teamDetails)) {
+                        channels.push(channel);
+                    }
+                }
+            }
+        }
+        return channels;
+    }
+    matchSearchScope(target, scope) {
+        scope = scope !== null && scope !== void 0 ? scope : SearchScope.All;
+        return ((target.type === NotificationTargetType.Channel && (scope & SearchScope.Channel) !== 0) ||
+            (target.type === NotificationTargetType.Group && (scope & SearchScope.Group) !== 0) ||
+            (target.type === NotificationTargetType.Person && (scope & SearchScope.Person) !== 0));
+    }
+}
+/**
+ * The search scope when calling {@link NotificationBot.findMember} and {@link NotificationBot.findAllMembers}.
+ * The search scope is a flagged enum and it can be combined with `|`.
+ * For example, to search from personal chat and group chat, use `SearchScope.Person | SearchScope.Group`.
+ */
+var SearchScope;
+(function (SearchScope) {
+    /**
+     * Search members from the installations in personal chat only.
+     */
+    SearchScope[SearchScope["Person"] = 1] = "Person";
+    /**
+     * Search members from the installations in group chat only.
+     */
+    SearchScope[SearchScope["Group"] = 2] = "Group";
+    /**
+     * Search members from the installations in Teams channel only.
+     */
+    SearchScope[SearchScope["Channel"] = 4] = "Channel";
+    /**
+     * Search members from all installations including personal chat, group chat and Teams channel.
+     */
+    SearchScope[SearchScope["All"] = 7] = "All";
+})(SearchScope || (SearchScope = {}));
+
+// Copyright (c) Microsoft Corporation.
+let DIALOG_NAME = "BotSsoExecutionDialog";
+let TEAMS_SSO_PROMPT_ID = "TeamsFxSsoPrompt";
+let COMMAND_ROUTE_DIALOG = "CommandRouteDialog";
+/**
+ * Sso execution dialog, use to handle sso command
+ */
+class BotSsoExecutionDialog extends ComponentDialog {
+    constructor(dedupStorage, ssoPromptSettings, authConfig, ...args) {
+        var _a;
+        super((_a = (authConfig.getCredential ? args[0] : args[1])) !== null && _a !== void 0 ? _a : DIALOG_NAME);
+        this.dedupStorageKeys = [];
+        // Map to store the commandId and triggerPatterns, key: commandId, value: triggerPatterns
+        this.commandMapping = new Map();
+        const dialogName = authConfig.getCredential ? args[0] : args[1];
+        if (dialogName) {
+            DIALOG_NAME = dialogName;
+            TEAMS_SSO_PROMPT_ID = dialogName + TEAMS_SSO_PROMPT_ID;
+            COMMAND_ROUTE_DIALOG = dialogName + COMMAND_ROUTE_DIALOG;
+        }
+        let ssoDialog;
+        if (authConfig.getCredential) {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        else {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, args[0], TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        this.addDialog(ssoDialog);
+        this.initialDialogId = COMMAND_ROUTE_DIALOG;
+        this.dedupStorage = dedupStorage;
+        this.dedupStorageKeys = [];
+        const commandRouteDialog = new WaterfallDialog(COMMAND_ROUTE_DIALOG, [
+            this.commandRouteStep.bind(this),
+        ]);
+        this.addDialog(commandRouteDialog);
+    }
+    /**
+     * Add TeamsFxBotSsoCommandHandler instance
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
+     */
+    addCommand(handler, triggerPatterns) {
+        const commandId = this.getCommandHash(triggerPatterns);
+        const dialog = new WaterfallDialog(commandId, [
+            this.ssoStep.bind(this),
+            this.dedupStep.bind(this),
+            async (stepContext) => {
+                const tokenResponse = stepContext.result.tokenResponse;
+                const context = stepContext.context;
+                const message = stepContext.result.message;
+                try {
+                    if (tokenResponse) {
+                        await handler(context, tokenResponse, message);
+                    }
+                    else {
+                        throw new Error(ErrorMessage.FailedToRetrieveSsoToken);
+                    }
+                    return await stepContext.endDialog();
+                }
+                catch (error) {
+                    const errorMsg = formatString(ErrorMessage.FailedToProcessSsoHandler, error.message);
+                    internalLogger.error(errorMsg);
+                    return await stepContext.endDialog(new ErrorWithCode(errorMsg, ErrorCode.FailedToProcessSsoHandler));
+                }
+            },
+        ]);
+        this.commandMapping.set(commandId, triggerPatterns);
+        this.addDialog(dialog);
+    }
+    getCommandHash(patterns) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        const patternStr = expressions.join();
+        const patternStrWithoutSpecialChar = patternStr.replace(/[^a-zA-Z0-9]/g, "");
+        const hash = createHash("sha256").update(patternStr).digest("hex").toLowerCase();
+        return patternStrWithoutSpecialChar + hash;
+    }
+    /**
+     * The run method handles the incoming activity (in the form of a DialogContext) and passes it through the dialog system.
+     *
+     * @param context The context object for the current turn.
+     * @param accessor The instance of StatePropertyAccessor for dialog system.
+     */
+    async run(context, accessor) {
+        const dialogSet = new DialogSet(accessor);
+        dialogSet.add(this);
+        const dialogContext = await dialogSet.createContext(context);
+        this.ensureMsTeamsChannel(dialogContext);
+        const results = await dialogContext.continueDialog();
+        if (results && results.status === DialogTurnStatus.empty) {
+            await dialogContext.beginDialog(this.id);
+        }
+        else if (results &&
+            results.status === DialogTurnStatus.complete &&
+            results.result instanceof Error) {
+            throw results.result;
+        }
+    }
+    getActivityText(activity) {
+        let text = activity.text;
+        const removedMentionText = TurnContext.removeRecipientMention(activity);
+        if (removedMentionText) {
+            text = removedMentionText
+                .toLowerCase()
+                .replace(/\n|\r\n/g, "")
+                .trim();
+        }
+        return text;
+    }
+    async commandRouteStep(stepContext) {
+        const turnContext = stepContext.context;
+        const text = this.getActivityText(turnContext.activity);
+        const commandId = this.getMatchesCommandId(text);
+        if (commandId) {
+            return await stepContext.beginDialog(commandId);
+        }
+        const errorMsg = formatString(ErrorMessage.CannotFindCommand, turnContext.activity.text);
+        internalLogger.error(errorMsg);
+        throw new ErrorWithCode(errorMsg, ErrorCode.CannotFindCommand);
+    }
+    async ssoStep(stepContext) {
+        try {
+            const turnContext = stepContext.context;
+            const text = this.getActivityText(turnContext.activity);
+            const message = {
+                text,
+            };
+            stepContext.options.commandMessage = message;
+            return await stepContext.beginDialog(TEAMS_SSO_PROMPT_ID);
+        }
+        catch (error) {
+            const errorMsg = formatString(ErrorMessage.FailedToRunSsoStep, error.message);
+            internalLogger.error(errorMsg);
+            return await stepContext.endDialog(new ErrorWithCode(errorMsg, ErrorCode.FailedToRunSsoStep));
+        }
+    }
+    async dedupStep(stepContext) {
+        const tokenResponse = stepContext.result;
+        if (!tokenResponse) {
+            internalLogger.error(ErrorMessage.FailedToRetrieveSsoToken);
+            return await stepContext.endDialog(new ErrorWithCode(ErrorMessage.FailedToRetrieveSsoToken, ErrorCode.FailedToRunSsoStep));
+        }
+        try {
+            // Only dedup after ssoStep to make sure that all Teams client would receive the login request
+            if (tokenResponse && (await this.shouldDedup(stepContext.context))) {
+                return Dialog.EndOfTurn;
+            }
+            return await stepContext.next({
+                tokenResponse,
+                message: stepContext.options.commandMessage,
+            });
+        }
+        catch (error) {
+            const errorMsg = formatString(ErrorMessage.FailedToRunDedupStep, error.message);
+            internalLogger.error(errorMsg);
+            return await stepContext.endDialog(new ErrorWithCode(errorMsg, ErrorCode.FailedToRunDedupStep));
+        }
+    }
+    /**
+     * Called when the component is ending.
+     *
+     * @param context Context for the current turn of conversation.
+     */
+    async onEndDialog(context) {
+        const conversationId = context.activity.conversation.id;
+        const currentDedupKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) > 0);
+        await this.dedupStorage.delete(currentDedupKeys);
+        this.dedupStorageKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) < 0);
+    }
+    /**
+     * If a user is signed into multiple Teams clients, the Bot might receive a "signin/tokenExchange" from each client.
+     * Each token exchange request for a specific user login will have an identical activity.value.Id.
+     * Only one of these token exchange requests should be processed by the bot. For a distributed bot in production,
+     * this requires a distributed storage to ensure only one token exchange is processed.
+     * @param context Context for the current turn of conversation.
+     * @returns boolean value indicate whether the message should be removed
+     */
+    async shouldDedup(context) {
+        const storeItem = {
+            eTag: context.activity.value.id,
+        };
+        const key = this.getStorageKey(context);
+        const storeItems = { [key]: storeItem };
+        try {
+            await this.dedupStorage.write(storeItems);
+            this.dedupStorageKeys.push(key);
+        }
+        catch (err) {
+            if (err instanceof Error && err.message.indexOf("eTag conflict")) {
+                return true;
+            }
+            throw err;
+        }
+        return false;
+    }
+    getStorageKey(context) {
+        if (!context || !context.activity || !context.activity.conversation) {
+            throw new Error("Invalid context, can not get storage key!");
+        }
+        const activity = context.activity;
+        const channelId = activity.channelId;
+        const conversationId = activity.conversation.id;
+        if (activity.type !== ActivityTypes.Invoke || activity.name !== tokenExchangeOperationName) {
+            throw new Error("TokenExchangeState can only be used with Invokes of signin/tokenExchange.");
+        }
+        const value = activity.value;
+        if (!value || !value.id) {
+            throw new Error("Invalid signin/tokenExchange. Missing activity.value.id.");
+        }
+        return `${channelId}/${conversationId}/${value.id}`;
+    }
+    matchPattern(pattern, text) {
+        if (text) {
+            if (typeof pattern === "string") {
+                const regExp = new RegExp(pattern, "i");
+                return regExp.test(text);
+            }
+            if (pattern instanceof RegExp) {
+                const matches = text.match(pattern);
+                return matches !== null && matches !== void 0 ? matches : false;
+            }
+        }
+        return false;
+    }
+    isPatternMatched(patterns, text) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        for (const ex of expressions) {
+            const matches = this.matchPattern(ex, text);
+            return !!matches;
+        }
+        return false;
     }
-    /**
-     * Send an adaptive card message.
-     *
-     * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
-     */
-    async sendAdaptiveCard(card) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, async (context) => {
-            const conversation = await this.newConversation(context);
-            await this.parent.adapter.continueConversation(conversation, async (ctx) => {
-                await ctx.sendActivity({
-                    attachments: [CardFactory.adaptiveCard(card)],
-                });
-            });
-        });
+    getMatchesCommandId(text) {
+        for (const command of this.commandMapping) {
+            const pattern = command[1];
+            if (this.isPatternMatched(pattern, text)) {
+                return command[0];
+            }
+        }
+        return undefined;
     }
     /**
+     * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
+     * @param dc dialog context
+     * @throws {@link ErrorCode|ChannelNotSupported} if bot channel is not MS Teams
      * @internal
      */
-    async newConversation(context) {
-        const reference = TurnContext.getConversationReference(context.activity);
-        const personalConversation = cloneConversation(reference);
-        const connectorClient = context.turnState.get(this.parent.adapter.ConnectorClientKey);
-        const conversation = await connectorClient.conversations.createConversation({
-            isGroup: false,
-            tenantId: context.activity.conversation.tenantId,
-            bot: context.activity.recipient,
-            members: [this.account],
-            channelData: {},
-        });
-        personalConversation.conversation.id = conversation.id;
-        return personalConversation;
+    ensureMsTeamsChannel(dc) {
+        if (dc.context.activity.channelId != Channels.Msteams) {
+            const errorMsg = formatString(ErrorMessage.OnlyMSTeamsChannelSupported, "SSO execution dialog");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, ErrorCode.ChannelNotSupported);
+        }
     }
-}
+}
+
+// Copyright (c) Microsoft Corporation.
 /**
- * A {@link NotificationTarget} that represents a bot installation. Teams Bot could be installed into
- * - Personal chat
- * - Group chat
- * - Team (by default the `General` channel)
- *
- * @remarks
- * It's recommended to get bot installations from {@link ConversationBot.installations()}.
- *
- * @beta
+ * Default SSO execution activity handler
  */
-class TeamsBotInstallation {
+class DefaultBotSsoExecutionActivityHandler extends TeamsActivityHandler {
     /**
-     * Constructor
+     * Creates a new instance of the DefaultBotSsoExecutionActivityHandler.
+     * @param ssoConfig configuration for SSO command bot
      *
      * @remarks
-     * It's recommended to get bot installations from {@link ConversationBot.installations()}, instead of using this constructor.
-     *
-     * @param adapter - the bound `BotFrameworkAdapter`.
-     * @param conversationReference - the bound `ConversationReference`.
-     *
-     * @beta
-     */
-    constructor(adapter, conversationReference) {
-        this.adapter = adapter;
-        this.conversationReference = conversationReference;
-        this.type = getTargetType(conversationReference);
-    }
-    /**
-     * Send a plain text message.
-     *
-     * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
-     */
-    sendMessage(text) {
-        return this.adapter.continueConversation(this.conversationReference, async (context) => {
-            await context.sendActivity(text);
+     * In the constructor, it uses BotSsoConfig parameter which from {@link ConversationBot} options to initialize {@link BotSsoExecutionDialog}.
+     * It also need to register an event handler for the message event which trigger {@link BotSsoExecutionDialog} instance.
+     */
+    constructor(ssoConfig) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+        super();
+        const memoryStorage = new MemoryStorage();
+        const userState = (_b = (_a = ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.userState) !== null && _b !== void 0 ? _b : new UserState(memoryStorage);
+        const conversationState = (_d = (_c = ssoConfig.dialog) === null || _c === void 0 ? void 0 : _c.conversationState) !== null && _d !== void 0 ? _d : new ConversationState(memoryStorage);
+        const dedupStorage = (_f = (_e = ssoConfig.dialog) === null || _e === void 0 ? void 0 : _e.dedupStorage) !== null && _f !== void 0 ? _f : memoryStorage;
+        const _l = ssoConfig.aad, { scopes } = _l, customConfig = __rest(_l, ["scopes"]);
+        const settings = {
+            scopes: scopes,
+            timeout: (_h = (_g = ssoConfig.dialog) === null || _g === void 0 ? void 0 : _g.ssoPromptConfig) === null || _h === void 0 ? void 0 : _h.timeout,
+            endOnInvalidMessage: (_k = (_j = ssoConfig.dialog) === null || _j === void 0 ? void 0 : _j.ssoPromptConfig) === null || _k === void 0 ? void 0 : _k.endOnInvalidMessage,
+        };
+        const teamsfx = new TeamsFx(IdentityType.User, Object.assign({}, customConfig));
+        this.ssoExecutionDialog = new BotSsoExecutionDialog(dedupStorage, settings, teamsfx);
+        this.conversationState = conversationState;
+        this.dialogState = conversationState.createProperty("DialogState");
+        this.userState = userState;
+        this.onMessage(async (context, next) => {
+            await this.ssoExecutionDialog.run(context, this.dialogState);
+            await next();
         });
     }
     /**
-     * Send an adaptive card message.
-     *
-     * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
+     * Add TeamsFxBotSsoCommandHandler instance to SSO execution dialog
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
      *
-     * @beta
+     * @remarks
+     * This function is used to add SSO command to {@link BotSsoExecutionDialog} instance.
      */
-    sendAdaptiveCard(card) {
-        return this.adapter.continueConversation(this.conversationReference, async (context) => {
-            await context.sendActivity({
-                attachments: [CardFactory.adaptiveCard(card)],
-            });
-        });
+    addCommand(handler, triggerPatterns) {
+        this.ssoExecutionDialog.addCommand(handler, triggerPatterns);
     }
     /**
-     * Get channels from this bot installation.
-     *
-     * @returns an array of channels if bot is installed into a team, otherwise returns an empty array.
-     *
-     * @beta
+     * Called to initiate the event emission process.
+     * @param context The context object for the current turn.
      */
-    async channels() {
-        let teamsChannels = [];
-        await this.adapter.continueConversation(this.conversationReference, async (context) => {
-            const teamId = getTeamsBotInstallationId(context);
-            if (teamId !== undefined) {
-                teamsChannels = await TeamsInfo.getTeamChannels(context, teamId);
-            }
-        });
-        const channels = [];
-        for (const channel of teamsChannels) {
-            channels.push(new Channel(this, channel));
+    async run(context) {
+        try {
+            await super.run(context);
+        }
+        finally {
+            await this.conversationState.saveChanges(context, false);
+            await this.userState.saveChanges(context, false);
         }
-        return channels;
-    }
-    /**
-     * Get members from this bot installation.
-     *
-     * @returns an array of members from where the bot is installed.
-     *
-     * @beta
-     */
-    async members() {
-        const members = [];
-        await this.adapter.continueConversation(this.conversationReference, async (context) => {
-            let continuationToken;
-            do {
-                const pagedMembers = await TeamsInfo.getPagedMembers(context, undefined, continuationToken);
-                continuationToken = pagedMembers.continuationToken;
-                for (const member of pagedMembers.members) {
-                    members.push(new Member(this, member));
-                }
-            } while (continuationToken !== undefined);
-        });
-        return members;
     }
-}
-/**
- * Provide utilities to send notification to varies targets (e.g., member, group, channel).
- *
- * @beta
- */
-class NotificationBot {
     /**
-     * constructor of the notification bot.
+     * Receives invoke activities with Activity name of 'signin/verifyState'.
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query.
+     * @returns A promise that represents the work queued.
      *
      * @remarks
-     * To ensure accuracy, it's recommended to initialize before handling any message.
-     *
-     * @param adapter - the bound `BotFrameworkAdapter`
-     * @param options - initialize options
-     *
-     * @beta
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
      */
-    constructor(adapter, options) {
-        var _a, _b;
-        const storage = (_a = options === null || options === void 0 ? void 0 : options.storage) !== null && _a !== void 0 ? _a : new LocalFileStorage(path.resolve(process.env.RUNNING_ON_AZURE === "1" ? (_b = process.env.TEMP) !== null && _b !== void 0 ? _b : "./" : "./"));
-        this.conversationReferenceStore = new ConversationReferenceStore(storage);
-        this.adapter = adapter.use(new NotificationMiddleware({
-            conversationReferenceStore: this.conversationReferenceStore,
-        }));
+    async handleTeamsSigninVerifyState(context, query) {
+        await this.ssoExecutionDialog.run(context, this.dialogState);
     }
     /**
-     * Get all targets where the bot is installed.
-     *
-     * @remarks
-     * The result is retrieving from the persisted storage.
-     *
-     * @returns - an array of {@link TeamsBotInstallation}.
+     * Receives invoke activities with Activity name of 'signin/tokenExchange'
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query
+     * @returns A promise that represents the work queued.
      *
-     * @beta
+     * @remark
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
      */
-    async installations() {
-        if (this.conversationReferenceStore === undefined || this.adapter === undefined) {
-            throw new Error("NotificationBot has not been initialized.");
-        }
-        const references = await this.conversationReferenceStore.getAll();
-        const targets = [];
-        for (const reference of references) {
-            // validate connection
-            let valid = true;
-            await this.adapter.continueConversation(reference, async (context) => {
-                try {
-                    // try get member to see if the installation is still valid
-                    await TeamsInfo.getPagedMembers(context, 1);
-                }
-                catch (error) {
-                    if (error.code === "BotNotInConversationRoster") {
-                        valid = false;
-                    }
-                }
-            });
-            if (valid) {
-                targets.push(new TeamsBotInstallation(this.adapter, reference));
-            }
-            else {
-                await this.conversationReferenceStore.delete(reference);
-            }
-        }
-        return targets;
+    async handleTeamsSigninTokenExchange(context, query) {
+        await this.ssoExecutionDialog.run(context, this.dialogState);
     }
 }
 
@@ -2661,8 +3562,6 @@ class NotificationBot {
  * For command and response, ensure each command should ONLY be registered with the command once, otherwise it'll cause unexpected behavior if you register the same command more than once.
  *
  * For notification, set `notification.storage` in {@link ConversationOptions} to use your own storage implementation.
- *
- * @beta
  */
 class ConversationBot {
     /**
@@ -2672,23 +3571,34 @@ class ConversationBot {
      * It's recommended to create your own adapter and storage for production environment instead of the default one.
      *
      * @param options - initialize options
-     *
-     * @beta
      */
     constructor(options) {
-        var _a, _b;
+        var _a, _b, _c, _d;
         if (options.adapter) {
             this.adapter = options.adapter;
         }
         else {
             this.adapter = this.createDefaultAdapter(options.adapterConfig);
         }
-        if ((_a = options.command) === null || _a === void 0 ? void 0 : _a.enabled) {
-            this.command = new CommandBot(this.adapter, options.command);
+        let ssoCommandActivityHandler;
+        if (options === null || options === void 0 ? void 0 : options.ssoConfig) {
+            if ((_a = options.ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.CustomBotSsoExecutionActivityHandler) {
+                ssoCommandActivityHandler =
+                    new options.ssoConfig.dialog.CustomBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
+            else {
+                ssoCommandActivityHandler = new DefaultBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
+        }
+        if ((_b = options.command) === null || _b === void 0 ? void 0 : _b.enabled) {
+            this.command = new CommandBot(this.adapter, options.command, ssoCommandActivityHandler, options.ssoConfig);
         }
-        if ((_b = options.notification) === null || _b === void 0 ? void 0 : _b.enabled) {
+        if ((_c = options.notification) === null || _c === void 0 ? void 0 : _c.enabled) {
             this.notification = new NotificationBot(this.adapter, options.notification);
         }
+        if ((_d = options.cardAction) === null || _d === void 0 ? void 0 : _d.enabled) {
+            this.cardAction = new CardActionBot(this.adapter, options.cardAction);
+        }
     }
     createDefaultAdapter(adapterConfig) {
         const adapter = adapterConfig === undefined
@@ -2729,8 +3639,6 @@ class ConversationBot {
      *   });
      * });
      * ```
-     *
-     * @beta
      */
     async requestHandler(req, res, logic) {
         if (logic === undefined) {
@@ -2781,8 +3689,6 @@ class MessageBuilder {
      *   description: "sample card description"
      * });
      * ```
-     *
-     * @beta
      */
     static attachAdaptiveCard(cardTemplate, data) {
         return {
@@ -2794,8 +3700,6 @@ class MessageBuilder {
      *
      * @param card The adaptive card content.
      * @returns A bot message activity attached with an adaptive card.
-     *
-     * @beta
      */
     static attachAdaptiveCardWithoutData(card) {
         return {
@@ -2821,8 +3725,6 @@ class MessageBuilder {
      *      ['action']
      * );
      * ```
-     *
-     * @beta
      */
     static attachHeroCard(title, images, buttons, other) {
         return MessageBuilder.attachContent(CardFactory.heroCard(title, images, buttons, other));
@@ -2838,8 +3740,6 @@ class MessageBuilder {
      *
      * @remarks
      * For channels that don't natively support sign-in cards, an alternative message is rendered.
-     *
-     * @beta
      */
     static attachSigninCard(title, url, text) {
         return MessageBuilder.attachContent(CardFactory.signinCard(title, url, text));
@@ -2849,8 +3749,6 @@ class MessageBuilder {
      *
      * @param card A description of the Office 365 connector card.
      * @returns A bot message activity attached with an Office 365 connector card.
-     *
-     * @beta
      */
     static attachO365ConnectorCard(card) {
         return MessageBuilder.attachContent(CardFactory.o365ConnectorCard(card));
@@ -2859,8 +3757,6 @@ class MessageBuilder {
      * Build a message activity attached with a receipt card.
      * @param card A description of the receipt card.
      * @returns A message activity attached with a receipt card.
-     *
-     * @beta
      */
     static AttachReceiptCard(card) {
         return MessageBuilder.attachContent(CardFactory.receiptCard(card));
@@ -2873,8 +3769,6 @@ class MessageBuilder {
      *      is converted to an `imBack` button with a title and value set to the value of the string.
      * @param other Optional. Any additional properties to include on the card.
      * @returns A message activity attached with a thumbnail card
-     *
-     * @beta
      */
     static attachThumbnailCard(title, images, buttons, other) {
         return MessageBuilder.attachContent(CardFactory.thumbnailCard(title, images, buttons, other));
@@ -2883,8 +3777,6 @@ class MessageBuilder {
      * Add an attachement to a bot activity.
      * @param attachement The attachment object to attach.
      * @returns A message activity with an attachment.
-     *
-     * @beta
      */
     static attachContent(attachement) {
         return {
@@ -2893,5 +3785,208 @@ class MessageBuilder {
     }
 }
 
-export { ApiKeyLocation, ApiKeyProvider, AppCredential, BasicAuthProvider, BearerTokenAuthProvider, CertificateAuthProvider, Channel, CommandBot, ConversationBot, ErrorCode, ErrorWithCode, IdentityType, LogLevel, Member, MessageBuilder, MsGraphAuthProvider, NotificationBot, OnBehalfOfUserCredential, TeamsBotInstallation, TeamsBotSsoPrompt, TeamsFx, TeamsUserCredential, createApiClient, createMicrosoftGraphClient, createPemCertOption, createPfxCertOption, getLogLevel, getTediousConnectionConfig, sendAdaptiveCard, sendMessage, setLogFunction, setLogLevel, setLogger };
+// Copyright (c) Microsoft Corporation.
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${initiateLoginEndpoint}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${authConfig.clientId}&tenantId=${authConfig.tenantId}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtension(teamsfx, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${teamsfx.getConfig("clientId")}&tenantId=${teamsfx.getConfig("tenantId")}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function executionWithTokenAndConfig(context, authConfig, initiateLoginEndpoint, scopes, logic) {
+    const valueObj = context.activity.value;
+    if (!valueObj.authentication || !valueObj.authentication.token) {
+        internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+        return getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes);
+    }
+    try {
+        const credential = new OnBehalfOfUserCredential(valueObj.authentication.token, authConfig);
+        const token = await credential.getToken(scopes);
+        const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+        const tokenRes = {
+            ssoToken: valueObj.authentication.token,
+            ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+            token: token.token,
+            expiration: token.expiresOnTimestamp.toString(),
+            connectionName: "",
+        };
+        if (logic) {
+            return await logic(tokenRes);
+        }
+    }
+    catch (err) {
+        if (err instanceof ErrorWithCode && err.code === ErrorCode.UiRequiredError) {
+            internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+            const response = { status: 412 };
+            await context.sendActivity({ value: response, type: ActivityTypes.InvokeResponse });
+            return;
+        }
+        throw err;
+    }
+}
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function executionWithToken(context, config, scopes, logic) {
+    const valueObj = context.activity.value;
+    if (!valueObj.authentication || !valueObj.authentication.token) {
+        internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+        return getSignInResponseForMessageExtension(new TeamsFx(IdentityType.User, config), scopes);
+    }
+    try {
+        const teamsfx = new TeamsFx(IdentityType.User, config).setSsoToken(valueObj.authentication.token);
+        const token = await teamsfx.getCredential().getToken(scopes);
+        const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+        const tokenRes = {
+            ssoToken: valueObj.authentication.token,
+            ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+            token: token.token,
+            expiration: token.expiresOnTimestamp.toString(),
+            connectionName: "",
+        };
+        if (logic) {
+            return await logic(tokenRes);
+        }
+    }
+    catch (err) {
+        if (err instanceof ErrorWithCode && err.code === ErrorCode.UiRequiredError) {
+            internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+            const response = { status: 412 };
+            await context.sendActivity({ value: response, type: ActivityTypes.InvokeResponse });
+            return;
+        }
+        throw err;
+    }
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function handleMessageExtensionQueryWithToken(context, config, scopes, logic) {
+    if (context.activity.name != "composeExtension/query") {
+        internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+        throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), ErrorCode.FailedOperation);
+    }
+    return await executionWithToken(context, config !== null && config !== void 0 ? config : {}, scopes, logic);
+}
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} config - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+async function handleMessageExtensionQueryWithSSO(context, config, initiateLoginEndpoint, scopes, logic) {
+    if (context.activity.name != "composeExtension/query") {
+        internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+        throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), ErrorCode.FailedOperation);
+    }
+    return await executionWithTokenAndConfig(context, config !== null && config !== void 0 ? config : {}, initiateLoginEndpoint, scopes, logic);
+}
+
+export { AdaptiveCardResponse, ApiKeyLocation, ApiKeyProvider, AppCredential, BasicAuthProvider, BearerTokenAuthProvider, BotSsoExecutionDialog, CardActionBot, CertificateAuthProvider, Channel, CommandBot, ConversationBot, ErrorCode, ErrorWithCode, IdentityType, InvokeResponseErrorCode, InvokeResponseFactory, LogLevel, Member, MessageBuilder, MsGraphAuthProvider, NotificationBot, NotificationTargetType, OnBehalfOfUserCredential, SearchScope, TeamsBotInstallation, TeamsBotSsoPrompt, TeamsFx, TeamsUserCredential, createApiClient, createMicrosoftGraphClient, createMicrosoftGraphClientWithCredential, createPemCertOption, createPfxCertOption, getLogLevel, getTediousConnectionConfig, handleMessageExtensionQueryWithSSO, handleMessageExtensionQueryWithToken, sendAdaptiveCard, sendMessage, setLogFunction, setLogLevel, setLogger };
 //# sourceMappingURL=index.esm2017.mjs.map