@microsoft/teamsfx 2.0.0-experimental.0 → 2.0.0

package/dist/index.node.cjs.js

@@ -46,7 +46,6 @@ var fs__namespace = /*#__PURE__*/_interopNamespace(fs);
 // Licensed under the MIT license.
 /**
  * Error code to trace the error types.
- * @beta
  */
 exports.ErrorCode = void 0;
 (function (ErrorCode) {
@@ -70,6 +69,30 @@ exports.ErrorCode = void 0;
      * Channel is not supported error.
      */
     ErrorCode["ChannelNotSupported"] = "ChannelNotSupported";
+    /**
+     * Failed to retrieve sso token
+     */
+    ErrorCode["FailedToRetrieveSsoToken"] = "FailedToRetrieveSsoToken";
+    /**
+     * Failed to process sso handler
+     */
+    ErrorCode["FailedToProcessSsoHandler"] = "FailedToProcessSsoHandler";
+    /**
+     * Cannot find command
+     */
+    ErrorCode["CannotFindCommand"] = "CannotFindCommand";
+    /**
+     * Failed to run sso step
+     */
+    ErrorCode["FailedToRunSsoStep"] = "FailedToRunSsoStep";
+    /**
+     * Failed to run dedup step
+     */
+    ErrorCode["FailedToRunDedupStep"] = "FailedToRunDedupStep";
+    /**
+     * Sso activity handler is undefined
+     */
+    ErrorCode["SsoActivityHandlerIsUndefined"] = "SsoActivityHandlerIsUndefined";
     /**
      * Runtime is not supported error.
      */
@@ -125,6 +148,15 @@ ErrorMessage.NodejsRuntimeNotSupported = "{0} is not supported in Node.";
 ErrorMessage.FailToAcquireTokenOnBehalfOfUser = "Failed to acquire access token on behalf of user: {0}";
 // ChannelNotSupported Error
 ErrorMessage.OnlyMSTeamsChannelSupported = "{0} is only supported in MS Teams Channel";
+ErrorMessage.FailedToProcessSsoHandler = "Failed to process sso handler: {0}";
+// FailedToRetrieveSsoToken Error
+ErrorMessage.FailedToRetrieveSsoToken = "Failed to retrieve sso token, user failed to finish the AAD consent flow.";
+// CannotFindCommand Error
+ErrorMessage.CannotFindCommand = "Cannot find command: {0}";
+ErrorMessage.FailedToRunSsoStep = "Failed to run dialog to retrieve sso token: {0}";
+ErrorMessage.FailedToRunDedupStep = "Failed to run dialog to remove duplicated messages: {0}";
+// SsoActivityHandlerIsUndefined Error
+ErrorMessage.SsoActivityHandlerIsNull = "Sso command can only be used or added when sso activity handler is not undefined";
 // IdentityTypeNotSupported Error
 ErrorMessage.IdentityTypeNotSupported = "{0} identity is not supported in {1}";
 // AuthorizationInfoError
@@ -135,10 +167,9 @@ ErrorMessage.EmptyParameter = "Parameter {0} is empty";
 ErrorMessage.DuplicateHttpsOptionProperty = "Axios HTTPS agent already defined value for property {0}";
 ErrorMessage.DuplicateApiKeyInHeader = "The request already defined api key in request header with name {0}.";
 ErrorMessage.DuplicateApiKeyInQueryParam = "The request already defined api key in query parameter with name {0}.";
+ErrorMessage.OnlySupportInQueryActivity = "The handleMessageExtensionQueryWithToken only support in handleTeamsMessagingExtensionQuery with composeExtension/query type.";
 /**
  * Error class with code and message thrown by the SDK.
- *
- * @beta
  */
 class ErrorWithCode extends Error {
     /**
@@ -146,8 +177,6 @@ class ErrorWithCode extends Error {
      *
      * @param {string} message - error message.
      * @param {ErrorCode} code - error code.
-     *
-     * @beta
      */
     constructor(message, code) {
         if (!code) {
@@ -165,8 +194,6 @@ class ErrorWithCode extends Error {
 // Licensed under the MIT license.
 /**
  * Log level.
- *
- * @beta
  */
 exports.LogLevel = void 0;
 (function (LogLevel) {
@@ -191,8 +218,6 @@ exports.LogLevel = void 0;
  * Update log level helper.
  *
  * @param { LogLevel } level - log level in configuration
- *
- * @beta
  */
 function setLogLevel(level) {
     internalLogger.level = level;
@@ -201,8 +226,6 @@ function setLogLevel(level) {
  * Get log level.
  *
  * @returns Log level
- *
- * @beta
  */
 function getLogLevel() {
     return internalLogger.level;
@@ -277,8 +300,6 @@ const internalLogger = new InternalLogger();
  *   error: console.error,
  * });
  * ```
- *
- * @beta
  */
 function setLogger(logger) {
     internalLogger.customLogger = logger;
@@ -296,8 +317,6 @@ function setLogger(logger) {
  *   }
  * });
  * ```
- *
- * @beta
  */
 function setLogFunction(logFunction) {
     internalLogger.customLogFunction = logFunction;
@@ -340,6 +359,7 @@ function getUserInfoFromSsoToken(ssoToken) {
     const userInfo = {
         displayName: tokenObject.name,
         objectId: tokenObject.oid,
+        tenantId: tokenObject.tid,
         preferredUserName: "",
     };
     if (tokenObject.ver === "2.0") {
@@ -461,23 +481,8 @@ function parseCertificate(certificateContent) {
  *
  * @remarks
  * Only works in in server side.
- *
- * @beta
  */
 class AppCredential {
-    /**
-     * Constructor of AppCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
-     */
     constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
         const config = this.loadAndValidateConfig(authConfig);
@@ -506,8 +511,6 @@ class AppCredential {
      *
      * @returns Access token with expected scopes.
      * Throw error if get access token failed.
-     *
-     * @beta
      */
     getToken(scopes, options) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -549,7 +552,10 @@ class AppCredential {
      */
     loadAndValidateConfig(config) {
         internalLogger.verbose("Validate authentication configuration");
-        if (config.clientId && (config.clientSecret || config.certificateContent) && config.tenantId) {
+        if (config.clientId &&
+            (config.clientSecret || config.certificateContent) &&
+            config.tenantId &&
+            config.authorityHost) {
             return config;
         }
         const missingValues = [];
@@ -562,6 +568,9 @@ class AppCredential {
         if (!config.tenantId) {
             missingValues.push("tenantId");
         }
+        if (!config.authorityHost) {
+            missingValues.push("authorityHost");
+        }
         const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingValues.join(", "), "undefined");
         internalLogger.error(errorMsg);
         throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
@@ -579,25 +588,8 @@ class AppCredential {
  *
  * @remarks
  * Can only be used in server side.
- *
- * @beta
  */
 class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
     constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
@@ -657,8 +649,6 @@ class OnBehalfOfUserCredential {
      * @remarks
      * If scopes is empty string or array, it returns SSO token.
      * If scopes is non-empty, it returns access token for target scope.
-     *
-     * @beta
      */
     getToken(scopes, options) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -711,8 +701,6 @@ class OnBehalfOfUserCredential {
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
      *
      * @returns Basic user info with user displayName, objectId and preferredUserName.
-     *
-     * @beta
      */
     getUserInfo() {
         internalLogger.info("Get basic user info from SSO token");
@@ -744,26 +732,20 @@ class OnBehalfOfUserCredential {
  *
  * @remarks
  * Can only be used within Teams.
- *
- * @beta
  */
 class TeamsUserCredential {
-    /**
-     * Constructor of TeamsUserCredential.
-     * @remarks
-     * Can only be used within Teams.
-     * @beta
-     */
     constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
     }
     /**
      * Popup login page to get user's access token with specific scopes.
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
-    login(scopes) {
+    login(scopes, resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
         });
@@ -772,7 +754,6 @@ class TeamsUserCredential {
      * Get access token from credential.
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
     getToken(scopes, options) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -781,11 +762,13 @@ class TeamsUserCredential {
     }
     /**
      * Get basic user info from SSO token
+     *
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
+     *
      * @remarks
      * Can only be used within Teams.
-     * @beta
      */
-    getUserInfo() {
+    getUserInfo(resources) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
     }
 }
@@ -794,24 +777,10 @@ class TeamsUserCredential {
 const defaultScope = "https://graph.microsoft.com/.default";
 /**
  * Microsoft Graph auth provider for Teams Framework
- *
- * @beta
  */
 class MsGraphAuthProvider {
-    /**
-     * Constructor of MsGraphAuthProvider.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns An instance of MsGraphAuthProvider.
-     *
-     * @beta
-     */
-    constructor(teamsfx, scopes) {
-        this.teamsfx = teamsfx;
+    constructor(credentialOrTeamsFx, scopes) {
+        this.credentialOrTeamsFx = credentialOrTeamsFx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -838,7 +807,15 @@ class MsGraphAuthProvider {
     getAccessToken() {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-            const accessToken = yield this.teamsfx.getCredential().getToken(this.scopes);
+            let accessToken;
+            if (this.credentialOrTeamsFx.getCredential) {
+                accessToken = yield this.credentialOrTeamsFx
+                    .getCredential()
+                    .getToken(this.scopes);
+            }
+            else {
+                accessToken = yield this.credentialOrTeamsFx.getToken(this.scopes);
+            }
             return new Promise((resolve, reject) => {
                 if (accessToken) {
                     resolve(accessToken.token);
@@ -856,7 +833,6 @@ class MsGraphAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Get Microsoft graph client.
- *
  * @example
  * Get Microsoft graph client by TokenCredential
  * ```typescript
@@ -902,8 +878,6 @@ class MsGraphAuthProvider {
  * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
  *
  * @returns Graph client with specified scopes.
- *
- * @beta
  */
 function createMicrosoftGraphClient(teamsfx, scopes) {
     internalLogger.info("Create Microsoft Graph Client");
@@ -912,6 +886,66 @@ function createMicrosoftGraphClient(teamsfx, scopes) {
         authProvider,
     });
     return graphClient;
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Get Microsoft graph client.
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // In browser: TeamsUserCredential
+ * const authConfig: TeamsUserCredentialAuthConfig = {
+ *   clientId: "xxx",
+    initiateLoginEndpoint: "https://xxx/auth-start.html",
+ * };
+
+ * const credential = new TeamsUserCredential(authConfig);
+
+ * const scope = "User.Read";
+ * await credential.login(scope);
+
+ * const client = createMicrosoftGraphClientWithCredential(credential, scope);
+
+ * // In node: OnBehalfOfUserCredential
+ * const oboAuthConfig: OnBehalfOfCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+
+ * const oboCredential = new OnBehalfOfUserCredential(ssoToken, oboAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(oboCredential, scope);
+
+ * // In node: AppCredential
+ * const appAuthConfig: AppCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+ * const appCredential = new AppCredential(appAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(appCredential, scope);
+ *
+ * const profile = await client.api("/me").get();
+ * ```
+ *
+ * @param {TokenCredential} credential - Used to provide configuration and auth.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ */
+function createMicrosoftGraphClientWithCredential(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const graphClient = microsoftGraphClient.Client.initWithMiddleware({
+        authProvider,
+    });
+    return graphClient;
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -923,6 +957,8 @@ const defaultSQLScope = "https://database.windows.net/";
 /**
  * Generate connection configuration consumed by tedious.
  *
+ * @deprecated we recommend you compose your own Tedious configuration for better flexibility.
+ *
  * @param {TeamsFx} teamsfx - Used to provide configuration and auth
  * @param { string? } databaseName - specify database name to override default one if there are multiple databases.
  *
@@ -931,8 +967,6 @@ const defaultSQLScope = "https://database.windows.net/";
  * @throws {@link ErrorCode|InvalidConfiguration} when SQL config resource configuration is invalid.
  * @throws {@link ErrorCode|InternalError} when get user MSI token failed or MSI token is invalid.
  * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
- *
- * @beta
  */
 function getTediousConnectionConfig(teamsfx, databaseName) {
     return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -1091,8 +1125,6 @@ var TediousAuthenticationType;
 // Licensed under the MIT license.
 /**
  * Identity type to use in authentication.
- *
- * @beta
  */
 exports.IdentityType = void 0;
 (function (IdentityType) {
@@ -1110,8 +1142,6 @@ exports.IdentityType = void 0;
 const invokeResponseType = "invokeResponse";
 /**
  * Response body returned for a token exchange invoke activity.
- *
- * @beta
  */
 class TokenExchangeInvokeResponse {
     constructor(id, failureDetail) {
@@ -1166,28 +1196,22 @@ class TokenExchangeInvokeResponse {
  *      }
  * ]));
  * ```
- *
- * @beta
  */
 class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
-    /**
-     * Constructor of TeamsBotSsoPrompt.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
-     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
-     * @param settings Settings used to configure the prompt.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
-     */
-    constructor(teamsfx, dialogId, settings) {
-        super(dialogId);
-        this.teamsfx = teamsfx;
-        this.settings = settings;
-        validateScopesType(settings.scopes);
-        this.loadAndValidateConfig();
+    constructor(authConfig, ...args) {
+        super(arguments.length === 3 ? args[0] : args[1]);
+        if (authConfig.getCredential) {
+            const teamsfx = authConfig;
+            this.authConfig = this.loadAndValidateConfig(teamsfx);
+            this.initiateLoginEndpoint = teamsfx.getConfig("initiateLoginEndpoint");
+            this.settings = args[1];
+        }
+        else {
+            this.initiateLoginEndpoint = args[0];
+            this.authConfig = authConfig;
+            this.settings = args[2];
+        }
+        validateScopesType(this.settings.scopes);
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1203,8 +1227,6 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
      *
      * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
      */
     beginDialog(dc) {
         var _a;
@@ -1254,8 +1276,6 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      *
      * @throws {@link ErrorCode|ChannelNotSupported} when bot channel is not MS Teams.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     continueDialog(dc) {
         var _a;
@@ -1292,30 +1312,45 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
             }
         });
     }
-    loadAndValidateConfig() {
-        if (this.teamsfx.getIdentityType() !== exports.IdentityType.User) {
-            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+    loadAndValidateConfig(teamsfx) {
+        if (teamsfx.getIdentityType() !== exports.IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, exports.ErrorCode.IdentityTypeNotSupported);
         }
         const missingConfigurations = [];
-        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+        if (!teamsfx.hasConfig("initiateLoginEndpoint")) {
             missingConfigurations.push("initiateLoginEndpoint");
         }
-        if (!this.teamsfx.hasConfig("clientId")) {
+        if (!teamsfx.hasConfig("clientId")) {
             missingConfigurations.push("clientId");
         }
-        if (!this.teamsfx.hasConfig("tenantId")) {
+        if (!teamsfx.hasConfig("tenantId")) {
             missingConfigurations.push("tenantId");
         }
-        if (!this.teamsfx.hasConfig("applicationIdUri")) {
-            missingConfigurations.push("applicationIdUri");
-        }
         if (missingConfigurations.length != 0) {
             const errorMsg = formatString(ErrorMessage.InvalidConfiguration, missingConfigurations.join(", "), "undefined");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
         }
+        let authConfig;
+        if (teamsfx.getConfig("clientSecret")) {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                clientSecret: teamsfx.getConfig("clientSecret"),
+            };
+        }
+        else {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                certificateContent: teamsfx.getConfig("certificateContent"),
+            };
+        }
+        return authConfig;
     }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
@@ -1359,13 +1394,11 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      */
     getSignInResource(loginHint) {
         internalLogger.verbose("Get sign in authentication configuration");
-        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
+        const signInLink = `${this.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.authConfig.clientId}&tenantId=${this.authConfig.tenantId}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: uuid.v4(),
-            uri: this.teamsfx.getConfig("applicationIdUri").replace(/\/$/, "") + "/access_as_user",
         };
-        internalLogger.verbose("Token exchange resource uri: " + tokenExchangeResource.uri);
         return {
             signInLink: signInLink,
             tokenExchangeResource: tokenExchangeResource,
@@ -1388,8 +1421,7 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
                 }
                 else {
                     const ssoToken = context.activity.value.token;
-                    this.teamsfx.setSsoToken(ssoToken);
-                    const credential = this.teamsfx.getCredential();
+                    const credential = new OnBehalfOfUserCredential(ssoToken, this.authConfig);
                     let exchangedToken;
                     try {
                         exchangedToken = yield credential.getToken(this.settings.scopes);
@@ -1466,8 +1498,6 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
  * ```typescript
  * const client = createApiClient("https://my-api-endpoint-base-url", new BasicAuthProvider("xxx","xxx"));
  * ```
- *
- * @beta
  */
 function createApiClient(apiEndpoint, authProvider) {
     // Add a request interceptor
@@ -1485,14 +1515,10 @@ function createApiClient(apiEndpoint, authProvider) {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Bearer Token authentication
- *
- * @beta
  */
 class BearerTokenAuthProvider {
     /**
      * @param { () => Promise<string> } getToken - Function that returns the content of bearer token used in http request
-     *
-     * @beta
      */
     constructor(getToken) {
         this.getToken = getToken;
@@ -1506,8 +1532,6 @@ class BearerTokenAuthProvider {
      * @returns Updated axios request config.
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when Authorization header already exists in request configuration.
-     *
-     * @beta
      */
     AddAuthenticationInfo(config) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -1527,8 +1551,6 @@ class BearerTokenAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Basic authentication
- *
- * @beta
  */
 class BasicAuthProvider {
     /**
@@ -1538,8 +1560,6 @@ class BasicAuthProvider {
      *
      * @throws {@link ErrorCode|InvalidParameter} - when username or password is empty.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     constructor(userName, password) {
         if (!userName) {
@@ -1561,8 +1581,6 @@ class BasicAuthProvider {
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when Authorization header or auth property already exists in request configuration.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     AddAuthenticationInfo(config) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -1584,8 +1602,6 @@ class BasicAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles API Key authentication
- *
- * @beta
  */
 class ApiKeyProvider {
     /**
@@ -1596,8 +1612,6 @@ class ApiKeyProvider {
      *
      * @throws {@link ErrorCode|InvalidParameter} - when key name or key value is empty.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     constructor(keyName, keyValue, keyLocation) {
         if (!keyName) {
@@ -1620,8 +1634,6 @@ class ApiKeyProvider {
      *
      * @throws {@link ErrorCode|AuthorizationInfoAlreadyExists} - when API key already exists in request header or url query parameter.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     *
-     * @beta
      */
     AddAuthenticationInfo(config) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -1639,8 +1651,12 @@ class ApiKeyProvider {
                     if (!config.params) {
                         config.params = {};
                     }
-                    const url = new URL(config.url, config.baseURL);
-                    if (config.params[this.keyName] || url.searchParams.has(this.keyName)) {
+                    let urlHasDefinedApiKey = false;
+                    if (config.url) {
+                        const url = new URL(config.url, config.baseURL);
+                        urlHasDefinedApiKey = url.searchParams.has(this.keyName);
+                    }
+                    if (config.params[this.keyName] || urlHasDefinedApiKey) {
                         throw new ErrorWithCode(formatString(ErrorMessage.DuplicateApiKeyInQueryParam, this.keyName), exports.ErrorCode.AuthorizationInfoAlreadyExists);
                     }
                     config.params[this.keyName] = this.keyValue;
@@ -1652,8 +1668,6 @@ class ApiKeyProvider {
 }
 /**
  * Define available location for API Key location
- *
- * @beta
  */
 exports.ApiKeyLocation = void 0;
 (function (ApiKeyLocation) {
@@ -1670,8 +1684,6 @@ exports.ApiKeyLocation = void 0;
 // Copyright (c) Microsoft Corporation.
 /**
  * Provider that handles Certificate authentication
- *
- * @beta
  */
 class CertificateAuthProvider {
     /**
@@ -1679,8 +1691,6 @@ class CertificateAuthProvider {
      * @param { SecureContextOptions } certOption - information about the cert used in http requests
      *
      * @throws {@link ErrorCode|InvalidParameter} - when cert option is empty.
-     *
-     * @beta
      */
     constructor(certOption) {
         if (certOption && Object.keys(certOption).length !== 0) {
@@ -1699,8 +1709,6 @@ class CertificateAuthProvider {
      * @returns Updated axios request config.
      *
      * @throws {@link ErrorCode|InvalidParameter} - when custom httpsAgent in the request has duplicate properties with certOption provided in constructor.
-     *
-     * @beta
      */
     AddAuthenticationInfo(config) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -1786,7 +1794,6 @@ const ReservedKey = new Set([
 ]);
 /**
  * A class providing credential and configuration.
- * @beta
  */
 class TeamsFx {
     /**
@@ -1796,16 +1803,15 @@ class TeamsFx {
      * @param customConfig - key/value pairs of customized configuration that overrides default ones.
      *
      * @throws {@link ErrorCode|IdentityTypeNotSupported} when setting app identity in browser.
-     *
-     * @beta
      */
     constructor(identityType, customConfig) {
         this.identityType = identityType !== null && identityType !== void 0 ? identityType : exports.IdentityType.User;
         this.configuration = new Map();
         this.loadFromEnv();
         if (customConfig) {
-            for (const key of Object.keys(customConfig)) {
-                const value = customConfig[key];
+            const myConfig = Object.assign({}, customConfig);
+            for (const key of Object.keys(myConfig)) {
+                const value = myConfig[key];
                 if (value) {
                     this.configuration.set(key, value);
                 }
@@ -1816,7 +1822,6 @@ class TeamsFx {
      * Identity type set by user.
      *
      * @returns identity type.
-     * @beta
      */
     getIdentityType() {
         return this.identityType;
@@ -1829,7 +1834,6 @@ class TeamsFx {
      * identity is chose, will return {@link AppCredential}.
      *
      * @returns instance implements TokenCredential interface.
-     * @beta
      */
     getCredential() {
         if (this.identityType === exports.IdentityType.User) {
@@ -1849,10 +1853,10 @@ class TeamsFx {
     }
     /**
      * Get user information.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      * @returns UserInfo object.
-     * @beta
      */
-    getUserInfo() {
+    getUserInfo(resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             if (this.identityType !== exports.IdentityType.User) {
                 const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.identityType.toString(), "TeamsFx");
@@ -1876,15 +1880,14 @@ class TeamsFx {
      * await teamsfx.login("https://graph.microsoft.com/User.Read Calendars.Read"); // multiple scopes using string
      * ```
      * @param scopes - The list of scopes for which the token will have access, before that, we will request user to consent.
+     * @param {string[]} resources - The optional list of resources for full trust Teams apps.
      *
      * @throws {@link ErrorCode|InternalError} when failed to login with unknown error.
      * @throws {@link ErrorCode|ConsentFailed} when user canceled or failed to consent.
      * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
      * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     *
-     * @beta
      */
-    login(scopes) {
+    login(scopes, resources) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "login"), exports.ErrorCode.RuntimeNotSupported);
         });
@@ -1893,7 +1896,6 @@ class TeamsFx {
      * Set SSO token when using user identity in NodeJS.
      * @param {string} ssoToken - used for on behalf of user flow.
      * @returns self instance.
-     * @beta
      */
     setSsoToken(ssoToken) {
         if (this.identityType !== exports.IdentityType.User) {
@@ -1906,7 +1908,6 @@ class TeamsFx {
      * Usually used by service plugins to retrieve specific config
      * @param {string} key - configuration key.
      * @returns value in configuration.
-     * @beta
      */
     getConfig(key) {
         const value = this.configuration.get(key);
@@ -1921,7 +1922,6 @@ class TeamsFx {
      * Check the value of specific key.
      * @param {string} key - configuration key.
      * @returns true if corresponding value is not empty string.
-     * @beta
      */
     hasConfig(key) {
         const value = this.configuration.get(key);
@@ -1930,7 +1930,6 @@ class TeamsFx {
     /**
      * Get all configurations.
      * @returns key value mappings.
-     * @beta
      */
     getConfigs() {
         const config = {};
@@ -1972,168 +1971,387 @@ class TeamsFx {
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 /**
- * @internal
+ * The target type where the notification will be sent to.
+ *
+ * @remarks
+ * - "Channel" means to a team channel. (By default, notification to a team will be sent to its "General" channel.)
+ * - "Group" means to a group chat.
+ * - "Person" means to a personal chat.
  */
-function cloneConversation(conversation) {
-    return JSON.parse(JSON.stringify(conversation));
-}
+exports.NotificationTargetType = void 0;
+(function (NotificationTargetType) {
+    /**
+     * The notification will be sent to a team channel.
+     * (By default, notification to a team will be sent to its "General" channel.)
+     */
+    NotificationTargetType["Channel"] = "Channel";
+    /**
+     * The notification will be sent to a group chat.
+     */
+    NotificationTargetType["Group"] = "Group";
+    /**
+     * The notification will be sent to a personal chat.
+     */
+    NotificationTargetType["Person"] = "Person";
+})(exports.NotificationTargetType || (exports.NotificationTargetType = {}));
+/**
+ * Options used to control how the response card will be sent to users.
+ */
+exports.AdaptiveCardResponse = void 0;
+(function (AdaptiveCardResponse) {
+    /**
+     * The response card will be replaced the current one for the interactor who trigger the action.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["ReplaceForInteractor"] = 0] = "ReplaceForInteractor";
+    /**
+     * The response card will be replaced the current one for all users in the chat.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["ReplaceForAll"] = 1] = "ReplaceForAll";
+    /**
+     * The response card will be sent as a new message for all users in the chat.
+     */
+    AdaptiveCardResponse[AdaptiveCardResponse["NewForAll"] = 2] = "NewForAll";
+})(exports.AdaptiveCardResponse || (exports.AdaptiveCardResponse = {}));
+/**
+ * Status code for an `application/vnd.microsoft.error` invoke response.
+ */
+exports.InvokeResponseErrorCode = void 0;
+(function (InvokeResponseErrorCode) {
+    /**
+     * Invalid request.
+     */
+    InvokeResponseErrorCode[InvokeResponseErrorCode["BadRequest"] = 400] = "BadRequest";
+    /**
+     * Internal server error.
+     */
+    InvokeResponseErrorCode[InvokeResponseErrorCode["InternalServerError"] = 500] = "InternalServerError";
+})(exports.InvokeResponseErrorCode || (exports.InvokeResponseErrorCode = {}));
+
 /**
+ * Available response type for an adaptive card invoke response.
  * @internal
  */
-function getTargetType(conversationReference) {
-    var _a;
-    const conversationType = (_a = conversationReference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
-    if (conversationType === "personal") {
-        return "Person";
+var InvokeResponseType;
+(function (InvokeResponseType) {
+    InvokeResponseType["AdaptiveCard"] = "application/vnd.microsoft.card.adaptive";
+    InvokeResponseType["Message"] = "application/vnd.microsoft.activity.message";
+    InvokeResponseType["Error"] = "application/vnd.microsoft.error";
+})(InvokeResponseType || (InvokeResponseType = {}));
+/**
+ * Provides methods for formatting various invoke responses a bot can send to respond to an invoke request.
+ *
+ * @remarks
+ * All of these functions return an {@link InvokeResponse} object, which can be
+ * passed as input to generate a new `invokeResponse` activity.
+ *
+ * This example sends an invoke response that contains an adaptive card.
+ *
+ * ```typescript
+ *
+ * const myCard = {
+ *    type: "AdaptiveCard",
+ *    body: [
+ *     {
+ *       "type": "TextBlock",
+ *       "text": "This is a sample card"
+ *     }],
+ *     $schema: "http://adaptivecards.io/schemas/adaptive-card.json",
+ *     version: "1.4"
+ *  };
+ *
+ * const invokeResponse = InvokeResponseFactory.adaptiveCard(myCard);
+ * await context.sendActivity({
+ *    type: ActivityTypes.InvokeResponse,
+ *    value: invokeResponse,
+ *  });
+ * ```
+ */
+class InvokeResponseFactory {
+    /**
+     * Create an invoke response from a text message.
+     * The type of the invoke response is `application/vnd.microsoft.activity.message`
+     * indicates the request was successfully processed.
+     *
+     * @param message A text message included in a invoke response.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static textMessage(message) {
+        if (!message) {
+            throw new Error("The text message cannot be null or empty");
+        }
+        return {
+            status: botbuilder.StatusCodes.OK,
+            body: {
+                statusCode: botbuilder.StatusCodes.OK,
+                type: InvokeResponseType.Message,
+                value: message,
+            },
+        };
     }
-    else if (conversationType === "groupChat") {
-        return "Group";
+    /**
+     * Create an invoke response from an adaptive card.
+     *
+     * The type of the invoke response is `application/vnd.microsoft.card.adaptive` indicates
+     * the request was successfully processed, and the response includes an adaptive card
+     * that the client should display in place of the current one.
+     *
+     * @param card The adaptive card JSON payload.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static adaptiveCard(card) {
+        if (!card) {
+            throw new Error("The adaptive card content cannot be null or undefined");
+        }
+        return {
+            status: botbuilder.StatusCodes.OK,
+            body: {
+                statusCode: botbuilder.StatusCodes.OK,
+                type: InvokeResponseType.AdaptiveCard,
+                value: card,
+            },
+        };
     }
-    else if (conversationType === "channel") {
-        return "Channel";
+    /**
+     * Create an invoke response with error code and message.
+     *
+     * The type of the invoke response is `application/vnd.microsoft.error` indicates
+     * the request was failed to processed.
+     *
+     * @param errorCode The status code indicates error, available values:
+     *  - 400 (BadRequest): indicate the incoming request was invalid.
+     *  - 500 (InternalServerError): indicate an unexpected error occurred.
+     * @param errorMessage The error message.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static errorResponse(errorCode, errorMessage) {
+        return {
+            status: botbuilder.StatusCodes.OK,
+            body: {
+                statusCode: errorCode,
+                type: InvokeResponseType.Error,
+                value: {
+                    code: errorCode.toString(),
+                    message: errorMessage,
+                },
+            },
+        };
     }
-    else {
-        return undefined;
+    /**
+     * Create an invoke response with status code and response value.
+     * @param statusCode The status code.
+     * @param body The value of the response body.
+     *
+     * @returns {InvokeResponse} An InvokeResponse object.
+     */
+    static createInvokeResponse(statusCode, body) {
+        return {
+            status: statusCode,
+            body: body,
+        };
     }
-}
-/**
- * @internal
- */
-function getTeamsBotInstallationId(context) {
-    var _a, _b, _c, _d;
-    return (_d = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id) !== null && _d !== void 0 ? _d : context.activity.conversation.id;
 }
 
-// Copyright (c) Microsoft Corporation.
-/**
- * @internal
- */
-var ActivityType;
-(function (ActivityType) {
-    ActivityType[ActivityType["CurrentBotInstalled"] = 0] = "CurrentBotInstalled";
-    ActivityType[ActivityType["CurrentBotMessaged"] = 1] = "CurrentBotMessaged";
-    ActivityType[ActivityType["CurrentBotUninstalled"] = 2] = "CurrentBotUninstalled";
-    ActivityType[ActivityType["TeamDeleted"] = 3] = "TeamDeleted";
-    ActivityType[ActivityType["TeamRestored"] = 4] = "TeamRestored";
-    ActivityType[ActivityType["Unknown"] = 5] = "Unknown";
-})(ActivityType || (ActivityType = {}));
 /**
  * @internal
  */
-class NotificationMiddleware {
-    constructor(options) {
-        this.conversationReferenceStore = options.conversationReferenceStore;
+class CardActionMiddleware {
+    constructor(handlers) {
+        this.actionHandlers = [];
+        this.defaultMessage = "Your response was sent to the app";
+        if (handlers && handlers.length > 0) {
+            this.actionHandlers.push(...handlers);
+        }
     }
     onTurn(context, next) {
+        var _a, _b, _c;
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            const type = this.classifyActivity(context.activity);
-            switch (type) {
-                case ActivityType.CurrentBotInstalled:
-                case ActivityType.TeamRestored: {
-                    const reference = botbuilder.TurnContext.getConversationReference(context.activity);
-                    yield this.conversationReferenceStore.set(reference);
-                    break;
-                }
-                case ActivityType.CurrentBotMessaged: {
-                    yield this.tryAddMessagedReference(context);
-                    break;
-                }
-                case ActivityType.CurrentBotUninstalled:
-                case ActivityType.TeamDeleted: {
-                    const reference = botbuilder.TurnContext.getConversationReference(context.activity);
-                    yield this.conversationReferenceStore.delete(reference);
-                    break;
+            if (context.activity.name === "adaptiveCard/action") {
+                const action = context.activity.value.action;
+                const actionVerb = action.verb;
+                for (const handler of this.actionHandlers) {
+                    if (((_a = handler.triggerVerb) === null || _a === void 0 ? void 0 : _a.toLowerCase()) === (actionVerb === null || actionVerb === void 0 ? void 0 : actionVerb.toLowerCase())) {
+                        let response;
+                        try {
+                            response = yield handler.handleActionInvoked(context, action.data);
+                        }
+                        catch (error) {
+                            const errorResponse = InvokeResponseFactory.errorResponse(exports.InvokeResponseErrorCode.InternalServerError, error.message);
+                            yield this.sendInvokeResponse(context, errorResponse);
+                            throw error;
+                        }
+                        const responseType = (_b = response.body) === null || _b === void 0 ? void 0 : _b.type;
+                        switch (responseType) {
+                            case InvokeResponseType.AdaptiveCard:
+                                const card = (_c = response.body) === null || _c === void 0 ? void 0 : _c.value;
+                                if (!card) {
+                                    const errorMessage = "Adaptive card content cannot be found in the response body";
+                                    yield this.sendInvokeResponse(context, InvokeResponseFactory.errorResponse(exports.InvokeResponseErrorCode.InternalServerError, errorMessage));
+                                    throw new Error(errorMessage);
+                                }
+                                if (card.refresh && handler.adaptiveCardResponse !== exports.AdaptiveCardResponse.NewForAll) {
+                                    // Card won't be refreshed with AdaptiveCardResponse.ReplaceForInteractor.
+                                    // So set to AdaptiveCardResponse.ReplaceForAll here.
+                                    handler.adaptiveCardResponse = exports.AdaptiveCardResponse.ReplaceForAll;
+                                }
+                                const activity = botbuilder.MessageFactory.attachment(botbuilder.CardFactory.adaptiveCard(card));
+                                if (handler.adaptiveCardResponse === exports.AdaptiveCardResponse.NewForAll) {
+                                    yield this.sendInvokeResponse(context, InvokeResponseFactory.textMessage(this.defaultMessage));
+                                    yield context.sendActivity(activity);
+                                }
+                                else if (handler.adaptiveCardResponse === exports.AdaptiveCardResponse.ReplaceForAll) {
+                                    activity.id = context.activity.replyToId;
+                                    yield context.updateActivity(activity);
+                                    yield this.sendInvokeResponse(context, response);
+                                }
+                                else {
+                                    yield this.sendInvokeResponse(context, response);
+                                }
+                                break;
+                            case InvokeResponseType.Message:
+                            case InvokeResponseType.Error:
+                            default:
+                                yield this.sendInvokeResponse(context, response);
+                                break;
+                        }
+                        break;
+                    }
                 }
             }
             yield next();
         });
     }
-    classifyActivity(activity) {
-        var _a, _b;
-        const activityType = activity.type;
-        if (activityType === "installationUpdate") {
-            const action = (_a = activity.action) === null || _a === void 0 ? void 0 : _a.toLowerCase();
-            if (action === "add") {
-                return ActivityType.CurrentBotInstalled;
-            }
-            else {
-                return ActivityType.CurrentBotUninstalled;
-            }
-        }
-        else if (activityType === "conversationUpdate") {
-            const eventType = (_b = activity.channelData) === null || _b === void 0 ? void 0 : _b.eventType;
-            if (eventType === "teamDeleted") {
-                return ActivityType.TeamDeleted;
-            }
-            else if (eventType === "teamRestored") {
-                return ActivityType.TeamRestored;
-            }
-        }
-        else if (activityType === "message") {
-            return ActivityType.CurrentBotMessaged;
-        }
-        return ActivityType.Unknown;
-    }
-    tryAddMessagedReference(context) {
-        var _a, _b, _c, _d;
+    sendInvokeResponse(context, response) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            const reference = botbuilder.TurnContext.getConversationReference(context.activity);
-            const conversationType = (_a = reference === null || reference === void 0 ? void 0 : reference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
-            if (conversationType === "personal" || conversationType === "groupChat") {
-                if (!(yield this.conversationReferenceStore.check(reference))) {
-                    yield this.conversationReferenceStore.set(reference);
-                }
-            }
-            else if (conversationType === "channel") {
-                const teamId = (_d = (_c = (_b = context.activity) === null || _b === void 0 ? void 0 : _b.channelData) === null || _c === void 0 ? void 0 : _c.team) === null || _d === void 0 ? void 0 : _d.id;
-                if (teamId !== undefined) {
-                    const teamReference = cloneConversation(reference);
-                    teamReference.conversation.id = teamId;
-                    if (!(yield this.conversationReferenceStore.check(teamReference))) {
-                        yield this.conversationReferenceStore.set(teamReference);
-                    }
-                }
-            }
+            yield context.sendActivity({
+                type: botbuilder.ActivityTypes.InvokeResponse,
+                value: response,
+            });
         });
     }
-}
+}
+
+/**
+ * A card action bot to respond to adaptive card universal actions.
+ */
+class CardActionBot {
+    /**
+     * Creates a new instance of the `CardActionBot`.
+     *
+     * @param adapter The bound `BotFrameworkAdapter`.
+     * @param options - initialize options
+     */
+    constructor(adapter, options) {
+        this.middleware = new CardActionMiddleware(options === null || options === void 0 ? void 0 : options.actions);
+        this.adapter = adapter.use(this.middleware);
+    }
+    /**
+     * Registers a card action handler to the bot.
+     * @param actionHandler A card action handler to be registered.
+     */
+    registerHandler(actionHandler) {
+        if (actionHandler) {
+            this.middleware.actionHandlers.push(actionHandler);
+        }
+    }
+    /**
+     * Registers card action handlers to the bot.
+     * @param actionHandlers A set of card action handlers to be registered.
+     */
+    registerHandlers(actionHandlers) {
+        if (actionHandlers) {
+            this.middleware.actionHandlers.push(...actionHandlers);
+        }
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
 class CommandResponseMiddleware {
-    constructor(handlers) {
+    constructor(handlers, ssoHandlers, activityHandler) {
         this.commandHandlers = [];
-        if (handlers && handlers.length > 0) {
-            this.commandHandlers.push(...handlers);
+        this.ssoCommandHandlers = [];
+        handlers = handlers !== null && handlers !== void 0 ? handlers : [];
+        ssoHandlers = ssoHandlers !== null && ssoHandlers !== void 0 ? ssoHandlers : [];
+        this.hasSsoCommand = ssoHandlers.length > 0;
+        this.ssoActivityHandler = activityHandler;
+        if (this.hasSsoCommand && !this.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, exports.ErrorCode.SsoActivityHandlerIsUndefined);
+        }
+        this.commandHandlers.push(...handlers);
+        for (const ssoHandler of ssoHandlers) {
+            this.addSsoCommand(ssoHandler);
         }
     }
+    addSsoCommand(ssoHandler) {
+        var _a;
+        (_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.addCommand((context, tokenResponse, message) => tslib.__awaiter(this, void 0, void 0, function* () {
+            const matchResult = this.shouldTrigger(ssoHandler.triggerPatterns, message.text);
+            message.matches = Array.isArray(matchResult) ? matchResult : void 0;
+            const response = yield ssoHandler.handleCommandReceived(context, message, tokenResponse);
+            yield this.processResponse(context, response);
+        }), ssoHandler.triggerPatterns);
+        this.ssoCommandHandlers.push(ssoHandler);
+        this.hasSsoCommand = true;
+    }
     onTurn(context, next) {
+        var _a, _b;
         return tslib.__awaiter(this, void 0, void 0, function* () {
             if (context.activity.type === botbuilder.ActivityTypes.Message) {
                 // Invoke corresponding command handler for the command response
                 const commandText = this.getActivityText(context.activity);
-                const message = {
-                    text: commandText,
-                };
+                let alreadyProcessed = false;
                 for (const handler of this.commandHandlers) {
                     const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
                     // It is important to note that the command bot will stop processing handlers
                     // when the first command handler is matched.
                     if (!!matchResult) {
+                        const message = {
+                            text: commandText,
+                        };
                         message.matches = Array.isArray(matchResult) ? matchResult : void 0;
                         const response = yield handler.handleCommandReceived(context, message);
-                        if (typeof response === "string") {
-                            yield context.sendActivity(response);
-                        }
-                        else {
-                            const replyActivity = response;
-                            if (replyActivity) {
-                                yield context.sendActivity(replyActivity);
-                            }
+                        yield this.processResponse(context, response);
+                        alreadyProcessed = true;
+                        break;
+                    }
+                }
+                if (!alreadyProcessed) {
+                    for (const handler of this.ssoCommandHandlers) {
+                        const matchResult = this.shouldTrigger(handler.triggerPatterns, commandText);
+                        if (!!matchResult) {
+                            yield ((_a = this.ssoActivityHandler) === null || _a === void 0 ? void 0 : _a.run(context));
+                            break;
                         }
                     }
                 }
             }
+            else {
+                if (this.hasSsoCommand) {
+                    yield ((_b = this.ssoActivityHandler) === null || _b === void 0 ? void 0 : _b.run(context));
+                }
+            }
             yield next();
         });
     }
+    processResponse(context, response) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (typeof response === "string") {
+                yield context.sendActivity(response);
+            }
+            else {
+                const replyActivity = response;
+                if (replyActivity) {
+                    yield context.sendActivity(replyActivity);
+                }
+            }
+        });
+    }
     matchPattern(pattern, text) {
         if (text) {
             if (typeof pattern === "string") {
@@ -2175,8 +2393,6 @@ class CommandResponseMiddleware {
  *
  * @remarks
  * Ensure each command should ONLY be registered with the command once, otherwise it'll cause unexpected behavior if you register the same command more than once.
- *
- * @beta
  */
 class CommandBot {
     /**
@@ -2184,19 +2400,16 @@ class CommandBot {
      *
      * @param adapter The bound `BotFrameworkAdapter`.
      * @param options - initialize options
-     *
-     * @beta
      */
-    constructor(adapter, options) {
-        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands);
+    constructor(adapter, options, ssoCommandActivityHandler, ssoConfig) {
+        this.ssoConfig = ssoConfig;
+        this.middleware = new CommandResponseMiddleware(options === null || options === void 0 ? void 0 : options.commands, options === null || options === void 0 ? void 0 : options.ssoCommands, ssoCommandActivityHandler);
         this.adapter = adapter.use(this.middleware);
     }
     /**
      * Registers a command into the command bot.
      *
-     * @param command The command to registered.
-     *
-     * @beta
+     * @param command The command to register.
      */
     registerCommand(command) {
         if (command) {
@@ -2206,15 +2419,178 @@ class CommandBot {
     /**
      * Registers commands into the command bot.
      *
-     * @param commands The command to registered.
-     *
-     * @beta
+     * @param commands The commands to register.
      */
     registerCommands(commands) {
         if (commands) {
             this.middleware.commandHandlers.push(...commands);
         }
     }
+    /**
+     * Registers a sso command into the command bot.
+     *
+     * @param command The command to register.
+     */
+    registerSsoCommand(ssoCommand) {
+        this.validateSsoActivityHandler();
+        this.middleware.addSsoCommand(ssoCommand);
+    }
+    /**
+     * Registers commands into the command bot.
+     *
+     * @param commands The commands to register.
+     */
+    registerSsoCommands(ssoCommands) {
+        if (ssoCommands.length > 0) {
+            this.validateSsoActivityHandler();
+            for (const ssoCommand of ssoCommands) {
+                this.middleware.addSsoCommand(ssoCommand);
+            }
+        }
+    }
+    validateSsoActivityHandler() {
+        if (!this.middleware.ssoActivityHandler) {
+            internalLogger.error(ErrorMessage.SsoActivityHandlerIsNull);
+            throw new ErrorWithCode(ErrorMessage.SsoActivityHandlerIsNull, exports.ErrorCode.SsoActivityHandlerIsUndefined);
+        }
+    }
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
+function cloneConversation(conversation) {
+    return JSON.parse(JSON.stringify(conversation));
+}
+/**
+ * @internal
+ */
+function getTargetType(conversationReference) {
+    var _a;
+    const conversationType = (_a = conversationReference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
+    if (conversationType === "personal") {
+        return exports.NotificationTargetType.Person;
+    }
+    else if (conversationType === "groupChat") {
+        return exports.NotificationTargetType.Group;
+    }
+    else if (conversationType === "channel") {
+        return exports.NotificationTargetType.Channel;
+    }
+    else {
+        return undefined;
+    }
+}
+/**
+ * @internal
+ */
+function getTeamsBotInstallationId(context) {
+    var _a, _b, _c;
+    const teamId = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id;
+    if (teamId) {
+        return teamId;
+    }
+    // Fallback to use conversation id.
+    // the conversation id is equal to team id only when the bot app is installed into the General channel.
+    if (context.activity.conversation.name === undefined) {
+        return context.activity.conversation.id;
+    }
+    return undefined;
+}
+
+// Copyright (c) Microsoft Corporation.
+/**
+ * @internal
+ */
+var ActivityType;
+(function (ActivityType) {
+    ActivityType[ActivityType["CurrentBotInstalled"] = 0] = "CurrentBotInstalled";
+    ActivityType[ActivityType["CurrentBotMessaged"] = 1] = "CurrentBotMessaged";
+    ActivityType[ActivityType["CurrentBotUninstalled"] = 2] = "CurrentBotUninstalled";
+    ActivityType[ActivityType["TeamDeleted"] = 3] = "TeamDeleted";
+    ActivityType[ActivityType["TeamRestored"] = 4] = "TeamRestored";
+    ActivityType[ActivityType["Unknown"] = 5] = "Unknown";
+})(ActivityType || (ActivityType = {}));
+/**
+ * @internal
+ */
+class NotificationMiddleware {
+    constructor(options) {
+        this.conversationReferenceStore = options.conversationReferenceStore;
+    }
+    onTurn(context, next) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const type = this.classifyActivity(context.activity);
+            switch (type) {
+                case ActivityType.CurrentBotInstalled:
+                case ActivityType.TeamRestored: {
+                    const reference = botbuilder.TurnContext.getConversationReference(context.activity);
+                    yield this.conversationReferenceStore.set(reference);
+                    break;
+                }
+                case ActivityType.CurrentBotMessaged: {
+                    yield this.tryAddMessagedReference(context);
+                    break;
+                }
+                case ActivityType.CurrentBotUninstalled:
+                case ActivityType.TeamDeleted: {
+                    const reference = botbuilder.TurnContext.getConversationReference(context.activity);
+                    yield this.conversationReferenceStore.delete(reference);
+                    break;
+                }
+            }
+            yield next();
+        });
+    }
+    classifyActivity(activity) {
+        var _a, _b;
+        const activityType = activity.type;
+        if (activityType === "installationUpdate") {
+            const action = (_a = activity.action) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+            if (action === "add") {
+                return ActivityType.CurrentBotInstalled;
+            }
+            else {
+                return ActivityType.CurrentBotUninstalled;
+            }
+        }
+        else if (activityType === "conversationUpdate") {
+            const eventType = (_b = activity.channelData) === null || _b === void 0 ? void 0 : _b.eventType;
+            if (eventType === "teamDeleted") {
+                return ActivityType.TeamDeleted;
+            }
+            else if (eventType === "teamRestored") {
+                return ActivityType.TeamRestored;
+            }
+        }
+        else if (activityType === "message") {
+            return ActivityType.CurrentBotMessaged;
+        }
+        return ActivityType.Unknown;
+    }
+    tryAddMessagedReference(context) {
+        var _a, _b, _c, _d;
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const reference = botbuilder.TurnContext.getConversationReference(context.activity);
+            const conversationType = (_a = reference === null || reference === void 0 ? void 0 : reference.conversation) === null || _a === void 0 ? void 0 : _a.conversationType;
+            if (conversationType === "personal" || conversationType === "groupChat") {
+                if (!(yield this.conversationReferenceStore.check(reference))) {
+                    yield this.conversationReferenceStore.set(reference);
+                }
+            }
+            else if (conversationType === "channel") {
+                const teamId = (_d = (_c = (_b = context.activity) === null || _b === void 0 ? void 0 : _b.channelData) === null || _c === void 0 ? void 0 : _c.team) === null || _d === void 0 ? void 0 : _d.id;
+                if (teamId !== undefined) {
+                    const teamReference = cloneConversation(reference);
+                    teamReference.conversation.id = teamId;
+                    if (!(yield this.conversationReferenceStore.check(teamReference))) {
+                        yield this.conversationReferenceStore.set(teamReference);
+                    }
+                }
+            }
+        });
+    }
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -2354,32 +2730,30 @@ class ConversationReferenceStore {
  *
  * @param target - the notification target.
  * @param text - the plain text message.
- * @returns A `Promise` representing the asynchronous operation.
- *
- * @beta
+ * @param onError - an optional error handler that can catch exceptions during message sending.
+ * If not defined, error will be handled by `BotAdapter.onTurnError`.
+ * @returns the response of sending message.
  */
-function sendMessage(target, text) {
-    return target.sendMessage(text);
+function sendMessage(target, text, onError) {
+    return target.sendMessage(text, onError);
 }
 /**
  * Send an adaptive card message to a notification target.
  *
  * @param target - the notification target.
  * @param card - the adaptive card raw JSON.
- * @returns A `Promise` representing the asynchronous operation.
- *
- * @beta
+ * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+ * If not defined, error will be handled by `BotAdapter.onTurnError`.
+ * @returns the response of sending adaptive card message.
  */
-function sendAdaptiveCard(target, card) {
-    return target.sendAdaptiveCard(card);
+function sendAdaptiveCard(target, card, onError) {
+    return target.sendAdaptiveCard(card, onError);
 }
 /**
  * A {@link NotificationTarget} that represents a team channel.
  *
  * @remarks
  * It's recommended to get channels from {@link TeamsBotInstallation.channels()}.
- *
- * @beta
  */
 class Channel {
     /**
@@ -2390,16 +2764,12 @@ class Channel {
      *
      * @param parent - The parent {@link TeamsBotInstallation} where this channel is created from.
      * @param info - Detailed channel information.
-     *
-     * @beta
      */
     constructor(parent, info) {
         /**
          * Notification target type. For channel it's always "Channel".
-         *
-         * @beta
          */
-        this.type = "Channel";
+        this.type = exports.NotificationTargetType.Channel;
         this.parent = parent;
         this.info = info;
     }
@@ -2407,36 +2777,64 @@ class Channel {
      * Send a plain text message.
      *
      * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
      */
-    sendMessage(text) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-            const conversation = yield this.newConversation(context);
-            yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
-                yield ctx.sendActivity(text);
-            }));
-        }));
-    }
-    /**
-     * Send an adaptive card message.
-     *
-     * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
+    sendMessage(text, onError) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const conversation = yield this.newConversation(context);
+                yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
+                    try {
+                        const res = yield ctx.sendActivity(text);
+                        response.id = res === null || res === void 0 ? void 0 : res.id;
+                    }
+                    catch (error) {
+                        if (onError) {
+                            yield onError(ctx, error);
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
+                }));
+            }));
+            return response;
+        });
+    }
+    /**
+     * Send an adaptive card message.
      *
-     * @beta
+     * @param card - the adaptive card raw JSON.
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
      */
-    sendAdaptiveCard(card) {
+    sendAdaptiveCard(card, onError) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            return this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
                 const conversation = yield this.newConversation(context);
                 yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
-                    yield ctx.sendActivity({
-                        attachments: [botbuilder.CardFactory.adaptiveCard(card)],
-                    });
+                    try {
+                        const res = yield ctx.sendActivity({
+                            attachments: [botbuilder.CardFactory.adaptiveCard(card)],
+                        });
+                        response.id = res === null || res === void 0 ? void 0 : res.id;
+                    }
+                    catch (error) {
+                        if (onError) {
+                            yield onError(ctx, error);
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
                 }));
             }));
+            return response;
         });
     }
     /**
@@ -2456,8 +2854,6 @@ class Channel {
  *
  * @remarks
  * It's recommended to get members from {@link TeamsBotInstallation.members()}.
- *
- * @beta
  */
 class Member {
     /**
@@ -2468,16 +2864,12 @@ class Member {
      *
      * @param parent - The parent {@link TeamsBotInstallation} where this member is created from.
      * @param account - Detailed member account information.
-     *
-     * @beta
      */
     constructor(parent, account) {
         /**
          * Notification target type. For member it's always "Person".
-         *
-         * @beta
          */
-        this.type = "Person";
+        this.type = exports.NotificationTargetType.Person;
         this.parent = parent;
         this.account = account;
     }
@@ -2485,225 +2877,778 @@ class Member {
      * Send a plain text message.
      *
      * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
      */
-    sendMessage(text) {
-        return this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-            const conversation = yield this.newConversation(context);
-            yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
-                yield ctx.sendActivity(text);
+    sendMessage(text, onError) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const conversation = yield this.newConversation(context);
+                yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
+                    try {
+                        const res = yield ctx.sendActivity(text);
+                        response.id = res === null || res === void 0 ? void 0 : res.id;
+                    }
+                    catch (error) {
+                        if (onError) {
+                            yield onError(ctx, error);
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
+                }));
             }));
-        }));
+            return response;
+        });
     }
     /**
      * Send an adaptive card message.
      *
      * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
      */
-    sendAdaptiveCard(card) {
+    sendAdaptiveCard(card, onError) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            return this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.parent.adapter.continueConversation(this.parent.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
                 const conversation = yield this.newConversation(context);
                 yield this.parent.adapter.continueConversation(conversation, (ctx) => tslib.__awaiter(this, void 0, void 0, function* () {
-                    yield ctx.sendActivity({
+                    try {
+                        const res = yield ctx.sendActivity({
+                            attachments: [botbuilder.CardFactory.adaptiveCard(card)],
+                        });
+                        response.id = res === null || res === void 0 ? void 0 : res.id;
+                    }
+                    catch (error) {
+                        if (onError) {
+                            yield onError(ctx, error);
+                        }
+                        else {
+                            throw error;
+                        }
+                    }
+                }));
+            }));
+            return response;
+        });
+    }
+    /**
+     * @internal
+     */
+    newConversation(context) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const reference = botbuilder.TurnContext.getConversationReference(context.activity);
+            const personalConversation = cloneConversation(reference);
+            const connectorClient = context.turnState.get(this.parent.adapter.ConnectorClientKey);
+            const conversation = yield connectorClient.conversations.createConversation({
+                isGroup: false,
+                tenantId: context.activity.conversation.tenantId,
+                bot: context.activity.recipient,
+                members: [this.account],
+                channelData: {},
+            });
+            personalConversation.conversation.id = conversation.id;
+            return personalConversation;
+        });
+    }
+}
+/**
+ * A {@link NotificationTarget} that represents a bot installation. Teams Bot could be installed into
+ * - Personal chat
+ * - Group chat
+ * - Team (by default the `General` channel)
+ *
+ * @remarks
+ * It's recommended to get bot installations from {@link ConversationBot.installations()}.
+ */
+class TeamsBotInstallation {
+    /**
+     * Constructor
+     *
+     * @remarks
+     * It's recommended to get bot installations from {@link ConversationBot.installations()}, instead of using this constructor.
+     *
+     * @param adapter - the bound `BotFrameworkAdapter`.
+     * @param conversationReference - the bound `ConversationReference`.
+     */
+    constructor(adapter, conversationReference) {
+        this.adapter = adapter;
+        this.conversationReference = conversationReference;
+        this.type = getTargetType(conversationReference);
+    }
+    /**
+     * Send a plain text message.
+     *
+     * @param text - the plain text message.
+     * @param onError - an optional error handler that can catch exceptions during message sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending message.
+     */
+    sendMessage(text, onError) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                try {
+                    const res = yield context.sendActivity(text);
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        yield onError(context, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }));
+            return response;
+        });
+    }
+    /**
+     * Send an adaptive card message.
+     *
+     * @param card - the adaptive card raw JSON.
+     * @param onError - an optional error handler that can catch exceptions during adaptive card sending.
+     * If not defined, error will be handled by `BotAdapter.onTurnError`.
+     * @returns the response of sending adaptive card message.
+     */
+    sendAdaptiveCard(card, onError) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const response = {};
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                try {
+                    const res = yield context.sendActivity({
                         attachments: [botbuilder.CardFactory.adaptiveCard(card)],
                     });
-                }));
+                    response.id = res === null || res === void 0 ? void 0 : res.id;
+                }
+                catch (error) {
+                    if (onError) {
+                        yield onError(context, error);
+                    }
+                    else {
+                        throw error;
+                    }
+                }
+            }));
+            return response;
+        });
+    }
+    /**
+     * Get channels from this bot installation.
+     *
+     * @returns an array of channels if bot is installed into a team, otherwise returns an empty array.
+     */
+    channels() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const channels = [];
+            if (this.type !== exports.NotificationTargetType.Channel) {
+                return channels;
+            }
+            let teamsChannels = [];
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const teamId = getTeamsBotInstallationId(context);
+                if (teamId !== undefined) {
+                    teamsChannels = yield botbuilder.TeamsInfo.getTeamChannels(context, teamId);
+                }
             }));
+            for (const channel of teamsChannels) {
+                channels.push(new Channel(this, channel));
+            }
+            return channels;
+        });
+    }
+    /**
+     * Get members from this bot installation.
+     *
+     * @returns an array of members from where the bot is installed.
+     */
+    members() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const members = [];
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                let continuationToken;
+                do {
+                    const pagedMembers = yield botbuilder.TeamsInfo.getPagedMembers(context, undefined, continuationToken);
+                    continuationToken = pagedMembers.continuationToken;
+                    for (const member of pagedMembers.members) {
+                        members.push(new Member(this, member));
+                    }
+                } while (continuationToken !== undefined);
+            }));
+            return members;
+        });
+    }
+    /**
+     * Get team details from this bot installation
+     *
+     * @returns the team details if bot is installed into a team, otherwise returns undefined.
+     */
+    getTeamDetails() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (this.type !== exports.NotificationTargetType.Channel) {
+                return undefined;
+            }
+            let teamDetails;
+            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const teamId = getTeamsBotInstallationId(context);
+                if (teamId !== undefined) {
+                    teamDetails = yield botbuilder.TeamsInfo.getTeamDetails(context, teamId);
+                }
+            }));
+            return teamDetails;
+        });
+    }
+}
+/**
+ * Provide utilities to send notification to varies targets (e.g., member, group, channel).
+ */
+class NotificationBot {
+    /**
+     * constructor of the notification bot.
+     *
+     * @remarks
+     * To ensure accuracy, it's recommended to initialize before handling any message.
+     *
+     * @param adapter - the bound `BotFrameworkAdapter`
+     * @param options - initialize options
+     */
+    constructor(adapter, options) {
+        var _a, _b;
+        const storage = (_a = options === null || options === void 0 ? void 0 : options.storage) !== null && _a !== void 0 ? _a : new LocalFileStorage(path__namespace.resolve(process.env.RUNNING_ON_AZURE === "1" ? (_b = process.env.TEMP) !== null && _b !== void 0 ? _b : "./" : "./"));
+        this.conversationReferenceStore = new ConversationReferenceStore(storage);
+        this.adapter = adapter.use(new NotificationMiddleware({
+            conversationReferenceStore: this.conversationReferenceStore,
+        }));
+    }
+    /**
+     * Get all targets where the bot is installed.
+     *
+     * @remarks
+     * The result is retrieving from the persisted storage.
+     *
+     * @returns - an array of {@link TeamsBotInstallation}.
+     */
+    installations() {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            if (this.conversationReferenceStore === undefined || this.adapter === undefined) {
+                throw new Error("NotificationBot has not been initialized.");
+            }
+            const references = yield this.conversationReferenceStore.getAll();
+            const targets = [];
+            for (const reference of references) {
+                // validate connection
+                let valid = true;
+                yield this.adapter.continueConversation(reference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
+                    try {
+                        // try get member to see if the installation is still valid
+                        yield botbuilder.TeamsInfo.getPagedMembers(context, 1);
+                    }
+                    catch (error) {
+                        if (error.code === "BotNotInConversationRoster") {
+                            valid = false;
+                        }
+                    }
+                }));
+                if (valid) {
+                    targets.push(new TeamsBotInstallation(this.adapter, reference));
+                }
+                else {
+                    yield this.conversationReferenceStore.delete(reference);
+                }
+            }
+            return targets;
+        });
+    }
+    /**
+     * Returns the first {@link Member} where predicate is true, and undefined otherwise.
+     *
+     * @param predicate find calls predicate once for each member of the installation,
+     * until it finds one where predicate returns true. If such a member is found, find
+     * immediately returns that member. Otherwise, find returns undefined.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns the first {@link Member} where predicate is true, and undefined otherwise.
+     */
+    findMember(predicate, scope) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            for (const target of yield this.installations()) {
+                if (this.matchSearchScope(target, scope)) {
+                    for (const member of yield target.members()) {
+                        if (yield predicate(member)) {
+                            return member;
+                        }
+                    }
+                }
+            }
+            return;
+        });
+    }
+    /**
+     * Returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise undefined will be returned.)
+     *
+     * @param predicate find calls predicate once for each channel of the installation,
+     * until it finds one where predicate returns true. If such a channel is found, find
+     * immediately returns that channel. Otherwise, find returns undefined.
+     * @returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     */
+    findChannel(predicate) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            for (const target of yield this.installations()) {
+                if (target.type === exports.NotificationTargetType.Channel) {
+                    const teamDetails = yield target.getTeamDetails();
+                    for (const channel of yield target.channels()) {
+                        if (yield predicate(channel, teamDetails)) {
+                            return channel;
+                        }
+                    }
+                }
+            }
+            return;
         });
     }
     /**
+     * Returns all {@link Member} where predicate is true, and empty array otherwise.
+     *
+     * @param predicate find calls predicate for each member of the installation.
+     * @param scope the scope to find members from the installations
+     * (personal chat, group chat, Teams channel).
+     * @returns an array of {@link Member} where predicate is true, and empty array otherwise.
+     */
+    findAllMembers(predicate, scope) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const members = [];
+            for (const target of yield this.installations()) {
+                if (this.matchSearchScope(target, scope)) {
+                    for (const member of yield target.members()) {
+                        if (yield predicate(member)) {
+                            members.push(member);
+                        }
+                    }
+                }
+            }
+            return members;
+        });
+    }
+    /**
+     * Returns all {@link Channel} where predicate is true, and empty array otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise empty array will be returned.)
+     *
+     * @param predicate find calls predicate for each channel of the installation.
+     * @returns an array of {@link Channel} where predicate is true, and empty array otherwise.
+     */
+    findAllChannels(predicate) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const channels = [];
+            for (const target of yield this.installations()) {
+                if (target.type === exports.NotificationTargetType.Channel) {
+                    const teamDetails = yield target.getTeamDetails();
+                    for (const channel of yield target.channels()) {
+                        if (yield predicate(channel, teamDetails)) {
+                            channels.push(channel);
+                        }
+                    }
+                }
+            }
+            return channels;
+        });
+    }
+    matchSearchScope(target, scope) {
+        scope = scope !== null && scope !== void 0 ? scope : exports.SearchScope.All;
+        return ((target.type === exports.NotificationTargetType.Channel && (scope & exports.SearchScope.Channel) !== 0) ||
+            (target.type === exports.NotificationTargetType.Group && (scope & exports.SearchScope.Group) !== 0) ||
+            (target.type === exports.NotificationTargetType.Person && (scope & exports.SearchScope.Person) !== 0));
+    }
+}
+/**
+ * The search scope when calling {@link NotificationBot.findMember} and {@link NotificationBot.findAllMembers}.
+ * The search scope is a flagged enum and it can be combined with `|`.
+ * For example, to search from personal chat and group chat, use `SearchScope.Person | SearchScope.Group`.
+ */
+exports.SearchScope = void 0;
+(function (SearchScope) {
+    /**
+     * Search members from the installations in personal chat only.
+     */
+    SearchScope[SearchScope["Person"] = 1] = "Person";
+    /**
+     * Search members from the installations in group chat only.
+     */
+    SearchScope[SearchScope["Group"] = 2] = "Group";
+    /**
+     * Search members from the installations in Teams channel only.
+     */
+    SearchScope[SearchScope["Channel"] = 4] = "Channel";
+    /**
+     * Search members from all installations including personal chat, group chat and Teams channel.
+     */
+    SearchScope[SearchScope["All"] = 7] = "All";
+})(exports.SearchScope || (exports.SearchScope = {}));
+
+// Copyright (c) Microsoft Corporation.
+let DIALOG_NAME = "BotSsoExecutionDialog";
+let TEAMS_SSO_PROMPT_ID = "TeamsFxSsoPrompt";
+let COMMAND_ROUTE_DIALOG = "CommandRouteDialog";
+/**
+ * Sso execution dialog, use to handle sso command
+ */
+class BotSsoExecutionDialog extends botbuilderDialogs.ComponentDialog {
+    constructor(dedupStorage, ssoPromptSettings, authConfig, ...args) {
+        var _a;
+        super((_a = (authConfig.getCredential ? args[0] : args[1])) !== null && _a !== void 0 ? _a : DIALOG_NAME);
+        this.dedupStorageKeys = [];
+        // Map to store the commandId and triggerPatterns, key: commandId, value: triggerPatterns
+        this.commandMapping = new Map();
+        const dialogName = authConfig.getCredential ? args[0] : args[1];
+        if (dialogName) {
+            DIALOG_NAME = dialogName;
+            TEAMS_SSO_PROMPT_ID = dialogName + TEAMS_SSO_PROMPT_ID;
+            COMMAND_ROUTE_DIALOG = dialogName + COMMAND_ROUTE_DIALOG;
+        }
+        let ssoDialog;
+        if (authConfig.getCredential) {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        else {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, args[0], TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        this.addDialog(ssoDialog);
+        this.initialDialogId = COMMAND_ROUTE_DIALOG;
+        this.dedupStorage = dedupStorage;
+        this.dedupStorageKeys = [];
+        const commandRouteDialog = new botbuilderDialogs.WaterfallDialog(COMMAND_ROUTE_DIALOG, [
+            this.commandRouteStep.bind(this),
+        ]);
+        this.addDialog(commandRouteDialog);
+    }
+    /**
+     * Add TeamsFxBotSsoCommandHandler instance
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
+     */
+    addCommand(handler, triggerPatterns) {
+        const commandId = this.getCommandHash(triggerPatterns);
+        const dialog = new botbuilderDialogs.WaterfallDialog(commandId, [
+            this.ssoStep.bind(this),
+            this.dedupStep.bind(this),
+            (stepContext) => tslib.__awaiter(this, void 0, void 0, function* () {
+                const tokenResponse = stepContext.result.tokenResponse;
+                const context = stepContext.context;
+                const message = stepContext.result.message;
+                try {
+                    if (tokenResponse) {
+                        yield handler(context, tokenResponse, message);
+                    }
+                    else {
+                        throw new Error(ErrorMessage.FailedToRetrieveSsoToken);
+                    }
+                    return yield stepContext.endDialog();
+                }
+                catch (error) {
+                    const errorMsg = formatString(ErrorMessage.FailedToProcessSsoHandler, error.message);
+                    internalLogger.error(errorMsg);
+                    return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToProcessSsoHandler));
+                }
+            }),
+        ]);
+        this.commandMapping.set(commandId, triggerPatterns);
+        this.addDialog(dialog);
+    }
+    getCommandHash(patterns) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        const patternStr = expressions.join();
+        const patternStrWithoutSpecialChar = patternStr.replace(/[^a-zA-Z0-9]/g, "");
+        const hash = crypto.createHash("sha256").update(patternStr).digest("hex").toLowerCase();
+        return patternStrWithoutSpecialChar + hash;
+    }
+    /**
+     * The run method handles the incoming activity (in the form of a DialogContext) and passes it through the dialog system.
+     *
+     * @param context The context object for the current turn.
+     * @param accessor The instance of StatePropertyAccessor for dialog system.
+     */
+    run(context, accessor) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const dialogSet = new botbuilderDialogs.DialogSet(accessor);
+            dialogSet.add(this);
+            const dialogContext = yield dialogSet.createContext(context);
+            this.ensureMsTeamsChannel(dialogContext);
+            const results = yield dialogContext.continueDialog();
+            if (results && results.status === botbuilderDialogs.DialogTurnStatus.empty) {
+                yield dialogContext.beginDialog(this.id);
+            }
+            else if (results &&
+                results.status === botbuilderDialogs.DialogTurnStatus.complete &&
+                results.result instanceof Error) {
+                throw results.result;
+            }
+        });
+    }
+    getActivityText(activity) {
+        let text = activity.text;
+        const removedMentionText = botbuilder.TurnContext.removeRecipientMention(activity);
+        if (removedMentionText) {
+            text = removedMentionText
+                .toLowerCase()
+                .replace(/\n|\r\n/g, "")
+                .trim();
+        }
+        return text;
+    }
+    commandRouteStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const turnContext = stepContext.context;
+            const text = this.getActivityText(turnContext.activity);
+            const commandId = this.getMatchesCommandId(text);
+            if (commandId) {
+                return yield stepContext.beginDialog(commandId);
+            }
+            const errorMsg = formatString(ErrorMessage.CannotFindCommand, turnContext.activity.text);
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.CannotFindCommand);
+        });
+    }
+    ssoStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            try {
+                const turnContext = stepContext.context;
+                const text = this.getActivityText(turnContext.activity);
+                const message = {
+                    text,
+                };
+                stepContext.options.commandMessage = message;
+                return yield stepContext.beginDialog(TEAMS_SSO_PROMPT_ID);
+            }
+            catch (error) {
+                const errorMsg = formatString(ErrorMessage.FailedToRunSsoStep, error.message);
+                internalLogger.error(errorMsg);
+                return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToRunSsoStep));
+            }
+        });
+    }
+    dedupStep(stepContext) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const tokenResponse = stepContext.result;
+            if (!tokenResponse) {
+                internalLogger.error(ErrorMessage.FailedToRetrieveSsoToken);
+                return yield stepContext.endDialog(new ErrorWithCode(ErrorMessage.FailedToRetrieveSsoToken, exports.ErrorCode.FailedToRunSsoStep));
+            }
+            try {
+                // Only dedup after ssoStep to make sure that all Teams client would receive the login request
+                if (tokenResponse && (yield this.shouldDedup(stepContext.context))) {
+                    return botbuilderDialogs.Dialog.EndOfTurn;
+                }
+                return yield stepContext.next({
+                    tokenResponse,
+                    message: stepContext.options.commandMessage,
+                });
+            }
+            catch (error) {
+                const errorMsg = formatString(ErrorMessage.FailedToRunDedupStep, error.message);
+                internalLogger.error(errorMsg);
+                return yield stepContext.endDialog(new ErrorWithCode(errorMsg, exports.ErrorCode.FailedToRunDedupStep));
+            }
+        });
+    }
+    /**
+     * Called when the component is ending.
+     *
+     * @param context Context for the current turn of conversation.
+     */
+    onEndDialog(context) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const conversationId = context.activity.conversation.id;
+            const currentDedupKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) > 0);
+            yield this.dedupStorage.delete(currentDedupKeys);
+            this.dedupStorageKeys = this.dedupStorageKeys.filter((key) => key.indexOf(conversationId) < 0);
+        });
+    }
+    /**
+     * If a user is signed into multiple Teams clients, the Bot might receive a "signin/tokenExchange" from each client.
+     * Each token exchange request for a specific user login will have an identical activity.value.Id.
+     * Only one of these token exchange requests should be processed by the bot. For a distributed bot in production,
+     * this requires a distributed storage to ensure only one token exchange is processed.
+     * @param context Context for the current turn of conversation.
+     * @returns boolean value indicate whether the message should be removed
+     */
+    shouldDedup(context) {
+        return tslib.__awaiter(this, void 0, void 0, function* () {
+            const storeItem = {
+                eTag: context.activity.value.id,
+            };
+            const key = this.getStorageKey(context);
+            const storeItems = { [key]: storeItem };
+            try {
+                yield this.dedupStorage.write(storeItems);
+                this.dedupStorageKeys.push(key);
+            }
+            catch (err) {
+                if (err instanceof Error && err.message.indexOf("eTag conflict")) {
+                    return true;
+                }
+                throw err;
+            }
+            return false;
+        });
+    }
+    getStorageKey(context) {
+        if (!context || !context.activity || !context.activity.conversation) {
+            throw new Error("Invalid context, can not get storage key!");
+        }
+        const activity = context.activity;
+        const channelId = activity.channelId;
+        const conversationId = activity.conversation.id;
+        if (activity.type !== botbuilder.ActivityTypes.Invoke || activity.name !== botbuilder.tokenExchangeOperationName) {
+            throw new Error("TokenExchangeState can only be used with Invokes of signin/tokenExchange.");
+        }
+        const value = activity.value;
+        if (!value || !value.id) {
+            throw new Error("Invalid signin/tokenExchange. Missing activity.value.id.");
+        }
+        return `${channelId}/${conversationId}/${value.id}`;
+    }
+    matchPattern(pattern, text) {
+        if (text) {
+            if (typeof pattern === "string") {
+                const regExp = new RegExp(pattern, "i");
+                return regExp.test(text);
+            }
+            if (pattern instanceof RegExp) {
+                const matches = text.match(pattern);
+                return matches !== null && matches !== void 0 ? matches : false;
+            }
+        }
+        return false;
+    }
+    isPatternMatched(patterns, text) {
+        const expressions = Array.isArray(patterns) ? patterns : [patterns];
+        for (const ex of expressions) {
+            const matches = this.matchPattern(ex, text);
+            return !!matches;
+        }
+        return false;
+    }
+    getMatchesCommandId(text) {
+        for (const command of this.commandMapping) {
+            const pattern = command[1];
+            if (this.isPatternMatched(pattern, text)) {
+                return command[0];
+            }
+        }
+        return undefined;
+    }
+    /**
+     * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
+     * @param dc dialog context
+     * @throws {@link ErrorCode|ChannelNotSupported} if bot channel is not MS Teams
      * @internal
      */
-    newConversation(context) {
-        return tslib.__awaiter(this, void 0, void 0, function* () {
-            const reference = botbuilder.TurnContext.getConversationReference(context.activity);
-            const personalConversation = cloneConversation(reference);
-            const connectorClient = context.turnState.get(this.parent.adapter.ConnectorClientKey);
-            const conversation = yield connectorClient.conversations.createConversation({
-                isGroup: false,
-                tenantId: context.activity.conversation.tenantId,
-                bot: context.activity.recipient,
-                members: [this.account],
-                channelData: {},
-            });
-            personalConversation.conversation.id = conversation.id;
-            return personalConversation;
-        });
+    ensureMsTeamsChannel(dc) {
+        if (dc.context.activity.channelId != botbuilder.Channels.Msteams) {
+            const errorMsg = formatString(ErrorMessage.OnlyMSTeamsChannelSupported, "SSO execution dialog");
+            internalLogger.error(errorMsg);
+            throw new ErrorWithCode(errorMsg, exports.ErrorCode.ChannelNotSupported);
+        }
     }
-}
+}
+
+// Copyright (c) Microsoft Corporation.
 /**
- * A {@link NotificationTarget} that represents a bot installation. Teams Bot could be installed into
- * - Personal chat
- * - Group chat
- * - Team (by default the `General` channel)
- *
- * @remarks
- * It's recommended to get bot installations from {@link ConversationBot.installations()}.
- *
- * @beta
+ * Default SSO execution activity handler
  */
-class TeamsBotInstallation {
+class DefaultBotSsoExecutionActivityHandler extends botbuilder.TeamsActivityHandler {
     /**
-     * Constructor
+     * Creates a new instance of the DefaultBotSsoExecutionActivityHandler.
+     * @param ssoConfig configuration for SSO command bot
      *
      * @remarks
-     * It's recommended to get bot installations from {@link ConversationBot.installations()}, instead of using this constructor.
-     *
-     * @param adapter - the bound `BotFrameworkAdapter`.
-     * @param conversationReference - the bound `ConversationReference`.
-     *
-     * @beta
-     */
-    constructor(adapter, conversationReference) {
-        this.adapter = adapter;
-        this.conversationReference = conversationReference;
-        this.type = getTargetType(conversationReference);
-    }
-    /**
-     * Send a plain text message.
-     *
-     * @param text - the plain text message.
-     * @returns A `Promise` representing the asynchronous operation.
-     *
-     * @beta
+     * In the constructor, it uses BotSsoConfig parameter which from {@link ConversationBot} options to initialize {@link BotSsoExecutionDialog}.
+     * It also need to register an event handler for the message event which trigger {@link BotSsoExecutionDialog} instance.
      */
-    sendMessage(text) {
-        return this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-            yield context.sendActivity(text);
+    constructor(ssoConfig) {
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
+        super();
+        const memoryStorage = new botbuilder.MemoryStorage();
+        const userState = (_b = (_a = ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.userState) !== null && _b !== void 0 ? _b : new botbuilder.UserState(memoryStorage);
+        const conversationState = (_d = (_c = ssoConfig.dialog) === null || _c === void 0 ? void 0 : _c.conversationState) !== null && _d !== void 0 ? _d : new botbuilder.ConversationState(memoryStorage);
+        const dedupStorage = (_f = (_e = ssoConfig.dialog) === null || _e === void 0 ? void 0 : _e.dedupStorage) !== null && _f !== void 0 ? _f : memoryStorage;
+        const _l = ssoConfig.aad, { scopes } = _l, customConfig = tslib.__rest(_l, ["scopes"]);
+        const settings = {
+            scopes: scopes,
+            timeout: (_h = (_g = ssoConfig.dialog) === null || _g === void 0 ? void 0 : _g.ssoPromptConfig) === null || _h === void 0 ? void 0 : _h.timeout,
+            endOnInvalidMessage: (_k = (_j = ssoConfig.dialog) === null || _j === void 0 ? void 0 : _j.ssoPromptConfig) === null || _k === void 0 ? void 0 : _k.endOnInvalidMessage,
+        };
+        const teamsfx = new TeamsFx(exports.IdentityType.User, Object.assign({}, customConfig));
+        this.ssoExecutionDialog = new BotSsoExecutionDialog(dedupStorage, settings, teamsfx);
+        this.conversationState = conversationState;
+        this.dialogState = conversationState.createProperty("DialogState");
+        this.userState = userState;
+        this.onMessage((context, next) => tslib.__awaiter(this, void 0, void 0, function* () {
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
+            yield next();
         }));
     }
     /**
-     * Send an adaptive card message.
-     *
-     * @param card - the adaptive card raw JSON.
-     * @returns A `Promise` representing the asynchronous operation.
+     * Add TeamsFxBotSsoCommandHandler instance to SSO execution dialog
+     * @param handler {@link BotSsoExecutionDialogHandler} callback function
+     * @param triggerPatterns The trigger pattern
      *
-     * @beta
+     * @remarks
+     * This function is used to add SSO command to {@link BotSsoExecutionDialog} instance.
      */
-    sendAdaptiveCard(card) {
-        return this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-            yield context.sendActivity({
-                attachments: [botbuilder.CardFactory.adaptiveCard(card)],
-            });
-        }));
+    addCommand(handler, triggerPatterns) {
+        this.ssoExecutionDialog.addCommand(handler, triggerPatterns);
     }
     /**
-     * Get channels from this bot installation.
-     *
-     * @returns an array of channels if bot is installed into a team, otherwise returns an empty array.
-     *
-     * @beta
+     * Called to initiate the event emission process.
+     * @param context The context object for the current turn.
      */
-    channels() {
+    run(context) {
+        const _super = Object.create(null, {
+            run: { get: () => super.run }
+        });
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            let teamsChannels = [];
-            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-                const teamId = getTeamsBotInstallationId(context);
-                if (teamId !== undefined) {
-                    teamsChannels = yield botbuilder.TeamsInfo.getTeamChannels(context, teamId);
-                }
-            }));
-            const channels = [];
-            for (const channel of teamsChannels) {
-                channels.push(new Channel(this, channel));
+            try {
+                yield _super.run.call(this, context);
+            }
+            finally {
+                yield this.conversationState.saveChanges(context, false);
+                yield this.userState.saveChanges(context, false);
             }
-            return channels;
         });
     }
     /**
-     * Get members from this bot installation.
-     *
-     * @returns an array of members from where the bot is installed.
+     * Receives invoke activities with Activity name of 'signin/verifyState'.
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query.
+     * @returns A promise that represents the work queued.
      *
-     * @beta
+     * @remarks
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
      */
-    members() {
+    handleTeamsSigninVerifyState(context, query) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            const members = [];
-            yield this.adapter.continueConversation(this.conversationReference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-                let continuationToken;
-                do {
-                    const pagedMembers = yield botbuilder.TeamsInfo.getPagedMembers(context, undefined, continuationToken);
-                    continuationToken = pagedMembers.continuationToken;
-                    for (const member of pagedMembers.members) {
-                        members.push(new Member(this, member));
-                    }
-                } while (continuationToken !== undefined);
-            }));
-            return members;
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
         });
     }
-}
-/**
- * Provide utilities to send notification to varies targets (e.g., member, group, channel).
- *
- * @beta
- */
-class NotificationBot {
-    /**
-     * constructor of the notification bot.
-     *
-     * @remarks
-     * To ensure accuracy, it's recommended to initialize before handling any message.
-     *
-     * @param adapter - the bound `BotFrameworkAdapter`
-     * @param options - initialize options
-     *
-     * @beta
-     */
-    constructor(adapter, options) {
-        var _a, _b;
-        const storage = (_a = options === null || options === void 0 ? void 0 : options.storage) !== null && _a !== void 0 ? _a : new LocalFileStorage(path__namespace.resolve(process.env.RUNNING_ON_AZURE === "1" ? (_b = process.env.TEMP) !== null && _b !== void 0 ? _b : "./" : "./"));
-        this.conversationReferenceStore = new ConversationReferenceStore(storage);
-        this.adapter = adapter.use(new NotificationMiddleware({
-            conversationReferenceStore: this.conversationReferenceStore,
-        }));
-    }
     /**
-     * Get all targets where the bot is installed.
-     *
-     * @remarks
-     * The result is retrieving from the persisted storage.
-     *
-     * @returns - an array of {@link TeamsBotInstallation}.
+     * Receives invoke activities with Activity name of 'signin/tokenExchange'
+     * @param context A context object for this turn.
+     * @param query Signin state (part of signin action auth flow) verification invoke query
+     * @returns A promise that represents the work queued.
      *
-     * @beta
+     * @remark
+     * It should trigger {@link BotSsoExecutionDialog} instance to handle signin process
      */
-    installations() {
+    handleTeamsSigninTokenExchange(context, query) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
-            if (this.conversationReferenceStore === undefined || this.adapter === undefined) {
-                throw new Error("NotificationBot has not been initialized.");
-            }
-            const references = yield this.conversationReferenceStore.getAll();
-            const targets = [];
-            for (const reference of references) {
-                // validate connection
-                let valid = true;
-                yield this.adapter.continueConversation(reference, (context) => tslib.__awaiter(this, void 0, void 0, function* () {
-                    try {
-                        // try get member to see if the installation is still valid
-                        yield botbuilder.TeamsInfo.getPagedMembers(context, 1);
-                    }
-                    catch (error) {
-                        if (error.code === "BotNotInConversationRoster") {
-                            valid = false;
-                        }
-                    }
-                }));
-                if (valid) {
-                    targets.push(new TeamsBotInstallation(this.adapter, reference));
-                }
-                else {
-                    yield this.conversationReferenceStore.delete(reference);
-                }
-            }
-            return targets;
+            yield this.ssoExecutionDialog.run(context, this.dialogState);
         });
     }
 }
@@ -2759,8 +3704,6 @@ class NotificationBot {
  * For command and response, ensure each command should ONLY be registered with the command once, otherwise it'll cause unexpected behavior if you register the same command more than once.
  *
  * For notification, set `notification.storage` in {@link ConversationOptions} to use your own storage implementation.
- *
- * @beta
  */
 class ConversationBot {
     /**
@@ -2770,23 +3713,34 @@ class ConversationBot {
      * It's recommended to create your own adapter and storage for production environment instead of the default one.
      *
      * @param options - initialize options
-     *
-     * @beta
      */
     constructor(options) {
-        var _a, _b;
+        var _a, _b, _c, _d;
         if (options.adapter) {
             this.adapter = options.adapter;
         }
         else {
             this.adapter = this.createDefaultAdapter(options.adapterConfig);
         }
-        if ((_a = options.command) === null || _a === void 0 ? void 0 : _a.enabled) {
-            this.command = new CommandBot(this.adapter, options.command);
+        let ssoCommandActivityHandler;
+        if (options === null || options === void 0 ? void 0 : options.ssoConfig) {
+            if ((_a = options.ssoConfig.dialog) === null || _a === void 0 ? void 0 : _a.CustomBotSsoExecutionActivityHandler) {
+                ssoCommandActivityHandler =
+                    new options.ssoConfig.dialog.CustomBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
+            else {
+                ssoCommandActivityHandler = new DefaultBotSsoExecutionActivityHandler(options.ssoConfig);
+            }
+        }
+        if ((_b = options.command) === null || _b === void 0 ? void 0 : _b.enabled) {
+            this.command = new CommandBot(this.adapter, options.command, ssoCommandActivityHandler, options.ssoConfig);
         }
-        if ((_b = options.notification) === null || _b === void 0 ? void 0 : _b.enabled) {
+        if ((_c = options.notification) === null || _c === void 0 ? void 0 : _c.enabled) {
             this.notification = new NotificationBot(this.adapter, options.notification);
         }
+        if ((_d = options.cardAction) === null || _d === void 0 ? void 0 : _d.enabled) {
+            this.cardAction = new CardActionBot(this.adapter, options.cardAction);
+        }
     }
     createDefaultAdapter(adapterConfig) {
         const adapter = adapterConfig === undefined
@@ -2827,8 +3781,6 @@ class ConversationBot {
      *   });
      * });
      * ```
-     *
-     * @beta
      */
     requestHandler(req, res, logic) {
         return tslib.__awaiter(this, void 0, void 0, function* () {
@@ -2881,8 +3833,6 @@ class MessageBuilder {
      *   description: "sample card description"
      * });
      * ```
-     *
-     * @beta
      */
     static attachAdaptiveCard(cardTemplate, data) {
         return {
@@ -2894,8 +3844,6 @@ class MessageBuilder {
      *
      * @param card The adaptive card content.
      * @returns A bot message activity attached with an adaptive card.
-     *
-     * @beta
      */
     static attachAdaptiveCardWithoutData(card) {
         return {
@@ -2921,8 +3869,6 @@ class MessageBuilder {
      *      ['action']
      * );
      * ```
-     *
-     * @beta
      */
     static attachHeroCard(title, images, buttons, other) {
         return MessageBuilder.attachContent(botbuilder.CardFactory.heroCard(title, images, buttons, other));
@@ -2938,8 +3884,6 @@ class MessageBuilder {
      *
      * @remarks
      * For channels that don't natively support sign-in cards, an alternative message is rendered.
-     *
-     * @beta
      */
     static attachSigninCard(title, url, text) {
         return MessageBuilder.attachContent(botbuilder.CardFactory.signinCard(title, url, text));
@@ -2949,8 +3893,6 @@ class MessageBuilder {
      *
      * @param card A description of the Office 365 connector card.
      * @returns A bot message activity attached with an Office 365 connector card.
-     *
-     * @beta
      */
     static attachO365ConnectorCard(card) {
         return MessageBuilder.attachContent(botbuilder.CardFactory.o365ConnectorCard(card));
@@ -2959,8 +3901,6 @@ class MessageBuilder {
      * Build a message activity attached with a receipt card.
      * @param card A description of the receipt card.
      * @returns A message activity attached with a receipt card.
-     *
-     * @beta
      */
     static AttachReceiptCard(card) {
         return MessageBuilder.attachContent(botbuilder.CardFactory.receiptCard(card));
@@ -2973,8 +3913,6 @@ class MessageBuilder {
      *      is converted to an `imBack` button with a title and value set to the value of the string.
      * @param other Optional. Any additional properties to include on the card.
      * @returns A message activity attached with a thumbnail card
-     *
-     * @beta
      */
     static attachThumbnailCard(title, images, buttons, other) {
         return MessageBuilder.attachContent(botbuilder.CardFactory.thumbnailCard(title, images, buttons, other));
@@ -2983,8 +3921,6 @@ class MessageBuilder {
      * Add an attachement to a bot activity.
      * @param attachement The attachment object to attach.
      * @returns A message activity with an attachment.
-     *
-     * @beta
      */
     static attachContent(attachement) {
         return {
@@ -2993,15 +3929,229 @@ class MessageBuilder {
     }
 }
 
+// Copyright (c) Microsoft Corporation.
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${initiateLoginEndpoint}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${authConfig.clientId}&tenantId=${authConfig.tenantId}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtension(teamsfx, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${teamsfx.getConfig("clientId")}&tenantId=${teamsfx.getConfig("tenantId")}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function executionWithTokenAndConfig(context, authConfig, initiateLoginEndpoint, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        const valueObj = context.activity.value;
+        if (!valueObj.authentication || !valueObj.authentication.token) {
+            internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+            return getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes);
+        }
+        try {
+            const credential = new OnBehalfOfUserCredential(valueObj.authentication.token, authConfig);
+            const token = yield credential.getToken(scopes);
+            const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+            const tokenRes = {
+                ssoToken: valueObj.authentication.token,
+                ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+                token: token.token,
+                expiration: token.expiresOnTimestamp.toString(),
+                connectionName: "",
+            };
+            if (logic) {
+                return yield logic(tokenRes);
+            }
+        }
+        catch (err) {
+            if (err instanceof ErrorWithCode && err.code === exports.ErrorCode.UiRequiredError) {
+                internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+                const response = { status: 412 };
+                yield context.sendActivity({ value: response, type: botbuilder.ActivityTypes.InvokeResponse });
+                return;
+            }
+            throw err;
+        }
+    });
+}
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function executionWithToken(context, config, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        const valueObj = context.activity.value;
+        if (!valueObj.authentication || !valueObj.authentication.token) {
+            internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+            return getSignInResponseForMessageExtension(new TeamsFx(exports.IdentityType.User, config), scopes);
+        }
+        try {
+            const teamsfx = new TeamsFx(exports.IdentityType.User, config).setSsoToken(valueObj.authentication.token);
+            const token = yield teamsfx.getCredential().getToken(scopes);
+            const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+            const tokenRes = {
+                ssoToken: valueObj.authentication.token,
+                ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+                token: token.token,
+                expiration: token.expiresOnTimestamp.toString(),
+                connectionName: "",
+            };
+            if (logic) {
+                return yield logic(tokenRes);
+            }
+        }
+        catch (err) {
+            if (err instanceof ErrorWithCode && err.code === exports.ErrorCode.UiRequiredError) {
+                internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+                const response = { status: 412 };
+                yield context.sendActivity({ value: response, type: botbuilder.ActivityTypes.InvokeResponse });
+                return;
+            }
+            throw err;
+        }
+    });
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function handleMessageExtensionQueryWithToken(context, config, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        if (context.activity.name != "composeExtension/query") {
+            internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+            throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), exports.ErrorCode.FailedOperation);
+        }
+        return yield executionWithToken(context, config !== null && config !== void 0 ? config : {}, scopes, logic);
+    });
+}
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} config - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function handleMessageExtensionQueryWithSSO(context, config, initiateLoginEndpoint, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        if (context.activity.name != "composeExtension/query") {
+            internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+            throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), exports.ErrorCode.FailedOperation);
+        }
+        return yield executionWithTokenAndConfig(context, config !== null && config !== void 0 ? config : {}, initiateLoginEndpoint, scopes, logic);
+    });
+}
+
 exports.ApiKeyProvider = ApiKeyProvider;
 exports.AppCredential = AppCredential;
 exports.BasicAuthProvider = BasicAuthProvider;
 exports.BearerTokenAuthProvider = BearerTokenAuthProvider;
+exports.BotSsoExecutionDialog = BotSsoExecutionDialog;
+exports.CardActionBot = CardActionBot;
 exports.CertificateAuthProvider = CertificateAuthProvider;
 exports.Channel = Channel;
 exports.CommandBot = CommandBot;
 exports.ConversationBot = ConversationBot;
 exports.ErrorWithCode = ErrorWithCode;
+exports.InvokeResponseFactory = InvokeResponseFactory;
 exports.Member = Member;
 exports.MessageBuilder = MessageBuilder;
 exports.MsGraphAuthProvider = MsGraphAuthProvider;
@@ -3013,10 +4163,13 @@ exports.TeamsFx = TeamsFx;
 exports.TeamsUserCredential = TeamsUserCredential;
 exports.createApiClient = createApiClient;
 exports.createMicrosoftGraphClient = createMicrosoftGraphClient;
+exports.createMicrosoftGraphClientWithCredential = createMicrosoftGraphClientWithCredential;
 exports.createPemCertOption = createPemCertOption;
 exports.createPfxCertOption = createPfxCertOption;
 exports.getLogLevel = getLogLevel;
 exports.getTediousConnectionConfig = getTediousConnectionConfig;
+exports.handleMessageExtensionQueryWithSSO = handleMessageExtensionQueryWithSSO;
+exports.handleMessageExtensionQueryWithToken = handleMessageExtensionQueryWithToken;
 exports.sendAdaptiveCard = sendAdaptiveCard;
 exports.sendMessage = sendMessage;
 exports.setLogFunction = setLogFunction;