@microsoft/teamsfx 2.0.1-alpha.5cda7f549.0 → 2.0.1-alpha.8da0a2e53.0

package/dist/index.node.cjs.js

@@ -483,17 +483,6 @@ function parseCertificate(certificateContent) {
  * Only works in in server side.
  */
 class AppCredential {
-    /**
-     * Constructor of AppCredential.
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {AuthenticationConfiguration} authConfig - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret or tenant id is not found in config.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
-     */
     constructor(authConfig) {
         internalLogger.info("Create M365 tenant credential");
         const config = this.loadAndValidateConfig(authConfig);
@@ -601,19 +590,6 @@ class AppCredential {
  * Can only be used in server side.
  */
 class OnBehalfOfUserCredential {
-    /**
-     * Constructor of OnBehalfOfUserCredential
-     *
-     * @remarks
-     * Only works in in server side.
-     *
-     * @param {string} ssoToken - User token provided by Teams SSO feature.
-     * @param {AuthenticationConfiguration} config - The authentication configuration. Use environment variables if not provided.
-     *
-     * @throws {@link ErrorCode|InvalidConfiguration} when client id, client secret, certificate content, authority host or tenant id is not found in config.
-     * @throws {@link ErrorCode|InternalError} when SSO token is not valid.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     */
     constructor(ssoToken, config) {
         internalLogger.info("Get on behalf of user credential");
         const missingConfigurations = [];
@@ -758,11 +734,6 @@ class OnBehalfOfUserCredential {
  * Can only be used within Teams.
  */
 class TeamsUserCredential {
-    /**
-     * Constructor of TeamsUserCredential.
-     * @remarks
-     * Can only be used within Teams.
-     */
     constructor(authConfig) {
         throw new ErrorWithCode(formatString(ErrorMessage.NodejsRuntimeNotSupported, "TeamsUserCredential"), exports.ErrorCode.RuntimeNotSupported);
     }
@@ -808,18 +779,8 @@ const defaultScope = "https://graph.microsoft.com/.default";
  * Microsoft Graph auth provider for Teams Framework
  */
 class MsGraphAuthProvider {
-    /**
-     * Constructor of MsGraphAuthProvider.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth.
-     * @param {string | string[]} scopes - The list of scopes for which the token will have access.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     *
-     * @returns An instance of MsGraphAuthProvider.
-     */
-    constructor(teamsfx, scopes) {
-        this.teamsfx = teamsfx;
+    constructor(credentialOrTeamsFx, scopes) {
+        this.credentialOrTeamsFx = credentialOrTeamsFx;
         let scopesStr = defaultScope;
         if (scopes) {
             validateScopesType(scopes);
@@ -846,7 +807,15 @@ class MsGraphAuthProvider {
     getAccessToken() {
         return tslib.__awaiter(this, void 0, void 0, function* () {
             internalLogger.info(`Get Graph Access token with scopes: '${this.scopes}'`);
-            const accessToken = yield this.teamsfx.getCredential().getToken(this.scopes);
+            let accessToken;
+            if (this.credentialOrTeamsFx.getCredential) {
+                accessToken = yield this.credentialOrTeamsFx
+                    .getCredential()
+                    .getToken(this.scopes);
+            }
+            else {
+                accessToken = yield this.credentialOrTeamsFx.getToken(this.scopes);
+            }
             return new Promise((resolve, reject) => {
                 if (accessToken) {
                     resolve(accessToken.token);
@@ -864,7 +833,6 @@ class MsGraphAuthProvider {
 // Copyright (c) Microsoft Corporation.
 /**
  * Get Microsoft graph client.
- *
  * @example
  * Get Microsoft graph client by TokenCredential
  * ```typescript
@@ -918,6 +886,66 @@ function createMicrosoftGraphClient(teamsfx, scopes) {
         authProvider,
     });
     return graphClient;
+}
+// eslint-disable-next-line no-secrets/no-secrets
+/**
+ * Get Microsoft graph client.
+ * @example
+ * Get Microsoft graph client by TokenCredential
+ * ```typescript
+ * // In browser: TeamsUserCredential
+ * const authConfig: TeamsUserCredentialAuthConfig = {
+ *   clientId: "xxx",
+    initiateLoginEndpoint: "https://xxx/auth-start.html",
+ * };
+
+ * const credential = new TeamsUserCredential(authConfig);
+
+ * const scope = "User.Read";
+ * await credential.login(scope);
+
+ * const client = createMicrosoftGraphClientWithCredential(credential, scope);
+
+ * // In node: OnBehalfOfUserCredential
+ * const oboAuthConfig: OnBehalfOfCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+
+ * const oboCredential = new OnBehalfOfUserCredential(ssoToken, oboAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(oboCredential, scope);
+
+ * // In node: AppCredential
+ * const appAuthConfig: AppCredentialAuthConfig = {
+ *   authorityHost: "xxx",
+ *   clientId: "xxx",
+ *   tenantId: "xxx",
+ *   clientSecret: "xxx",
+ * };
+ * const appCredential = new AppCredential(appAuthConfig);
+ * const scope = "User.Read";
+ * const client = createMicrosoftGraphClientWithCredential(appCredential, scope);
+ *
+ * const profile = await client.api("/me").get();
+ * ```
+ *
+ * @param {TokenCredential} credential - Used to provide configuration and auth.
+ * @param scopes - The array of Microsoft Token scope of access. Default value is `[.default]`.
+ *
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ *
+ * @returns Graph client with specified scopes.
+ */
+function createMicrosoftGraphClientWithCredential(credential, scopes) {
+    internalLogger.info("Create Microsoft Graph Client");
+    const authProvider = new MsGraphAuthProvider(credential, scopes);
+    const graphClient = microsoftGraphClient.Client.initWithMiddleware({
+        authProvider,
+    });
+    return graphClient;
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -1170,22 +1198,20 @@ class TokenExchangeInvokeResponse {
  * ```
  */
 class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
-    /**
-     * Constructor of TeamsBotSsoPrompt.
-     *
-     * @param {TeamsFx} teamsfx - Used to provide configuration and auth
-     * @param dialogId Unique ID of the dialog within its parent `DialogSet` or `ComponentDialog`.
-     * @param settings Settings used to configure the prompt.
-     *
-     * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
-     * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is browser.
-     */
-    constructor(teamsfx, dialogId, settings) {
-        super(dialogId);
-        this.teamsfx = teamsfx;
-        this.settings = settings;
-        validateScopesType(settings.scopes);
-        this.loadAndValidateConfig();
+    constructor(authConfig, ...args) {
+        super(arguments.length === 3 ? args[0] : args[1]);
+        if (authConfig.getCredential) {
+            const teamsfx = authConfig;
+            this.authConfig = this.loadAndValidateConfig(teamsfx);
+            this.initiateLoginEndpoint = teamsfx.getConfig("initiateLoginEndpoint");
+            this.settings = args[1];
+        }
+        else {
+            this.initiateLoginEndpoint = args[0];
+            this.authConfig = authConfig;
+            this.settings = args[2];
+        }
+        validateScopesType(this.settings.scopes);
         internalLogger.info("Create a new Teams Bot SSO Prompt");
     }
     /**
@@ -1286,20 +1312,20 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
             }
         });
     }
-    loadAndValidateConfig() {
-        if (this.teamsfx.getIdentityType() !== exports.IdentityType.User) {
-            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, this.teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
+    loadAndValidateConfig(teamsfx) {
+        if (teamsfx.getIdentityType() !== exports.IdentityType.User) {
+            const errorMsg = formatString(ErrorMessage.IdentityTypeNotSupported, teamsfx.getIdentityType().toString(), "TeamsBotSsoPrompt");
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, exports.ErrorCode.IdentityTypeNotSupported);
         }
         const missingConfigurations = [];
-        if (!this.teamsfx.hasConfig("initiateLoginEndpoint")) {
+        if (!teamsfx.hasConfig("initiateLoginEndpoint")) {
             missingConfigurations.push("initiateLoginEndpoint");
         }
-        if (!this.teamsfx.hasConfig("clientId")) {
+        if (!teamsfx.hasConfig("clientId")) {
             missingConfigurations.push("clientId");
         }
-        if (!this.teamsfx.hasConfig("tenantId")) {
+        if (!teamsfx.hasConfig("tenantId")) {
             missingConfigurations.push("tenantId");
         }
         if (missingConfigurations.length != 0) {
@@ -1307,6 +1333,24 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
             internalLogger.error(errorMsg);
             throw new ErrorWithCode(errorMsg, exports.ErrorCode.InvalidConfiguration);
         }
+        let authConfig;
+        if (teamsfx.getConfig("clientSecret")) {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                clientSecret: teamsfx.getConfig("clientSecret"),
+            };
+        }
+        else {
+            authConfig = {
+                authorityHost: teamsfx.getConfig("authorityHost"),
+                clientId: teamsfx.getConfig("clientId"),
+                tenantId: teamsfx.getConfig("tenantId"),
+                certificateContent: teamsfx.getConfig("certificateContent"),
+            };
+        }
+        return authConfig;
     }
     /**
      * Ensure bot is running in MS Teams since TeamsBotSsoPrompt is only supported in MS Teams channel.
@@ -1350,7 +1394,7 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
      */
     getSignInResource(loginHint) {
         internalLogger.verbose("Get sign in authentication configuration");
-        const signInLink = `${this.teamsfx.getConfig("initiateLoginEndpoint")}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.teamsfx.getConfig("clientId")}&tenantId=${this.teamsfx.getConfig("tenantId")}&loginHint=${loginHint}`;
+        const signInLink = `${this.initiateLoginEndpoint}?scope=${encodeURI(this.settings.scopes.join(" "))}&clientId=${this.authConfig.clientId}&tenantId=${this.authConfig.tenantId}&loginHint=${loginHint}`;
         internalLogger.verbose("Sign in link: " + signInLink);
         const tokenExchangeResource = {
             id: uuid.v4(),
@@ -1377,8 +1421,7 @@ class TeamsBotSsoPrompt extends botbuilderDialogs.Dialog {
                 }
                 else {
                     const ssoToken = context.activity.value.token;
-                    this.teamsfx.setSsoToken(ssoToken);
-                    const credential = this.teamsfx.getCredential();
+                    const credential = new OnBehalfOfUserCredential(ssoToken, this.authConfig);
                     let exchangedToken;
                     try {
                         exchangedToken = yield credential.getToken(this.settings.scopes);
@@ -2443,8 +2486,17 @@ function getTargetType(conversationReference) {
  * @internal
  */
 function getTeamsBotInstallationId(context) {
-    var _a, _b, _c, _d;
-    return (_d = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id) !== null && _d !== void 0 ? _d : context.activity.conversation.id;
+    var _a, _b, _c;
+    const teamId = (_c = (_b = (_a = context.activity) === null || _a === void 0 ? void 0 : _a.channelData) === null || _b === void 0 ? void 0 : _b.team) === null || _c === void 0 ? void 0 : _c.id;
+    if (teamId) {
+        return teamId;
+    }
+    // Fallback to use conversation id.
+    // the conversation id is equal to team id only when the bot app is installed into the General channel.
+    if (context.activity.conversation.name === undefined) {
+        return context.activity.conversation.id;
+    }
+    return undefined;
 }
 
 // Copyright (c) Microsoft Corporation.
@@ -3139,6 +3191,7 @@ class NotificationBot {
     }
     /**
      * Returns the first {@link Channel} where predicate is true, and undefined otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise undefined will be returned.)
      *
      * @param predicate find calls predicate once for each channel of the installation,
      * until it finds one where predicate returns true. If such a channel is found, find
@@ -3185,6 +3238,7 @@ class NotificationBot {
     }
     /**
      * Returns all {@link Channel} where predicate is true, and empty array otherwise.
+     * (Ensure the bot app is installed into the `General` channel, otherwise empty array will be returned.)
      *
      * @param predicate find calls predicate for each channel of the installation.
      * @returns an array of {@link Channel} where predicate is true, and empty array otherwise.
@@ -3245,27 +3299,29 @@ let COMMAND_ROUTE_DIALOG = "CommandRouteDialog";
  * Sso execution dialog, use to handle sso command
  */
 class BotSsoExecutionDialog extends botbuilderDialogs.ComponentDialog {
-    /**
-     * Creates a new instance of the BotSsoExecutionDialog.
-     * @param dedupStorage Helper storage to remove duplicated messages
-     * @param settings The list of scopes for which the token will have access
-     * @param teamsfx {@link TeamsFx} instance for authentication
-     */
-    constructor(dedupStorage, ssoPromptSettings, teamsfx, dialogName) {
-        super(dialogName !== null && dialogName !== void 0 ? dialogName : DIALOG_NAME);
+    constructor(dedupStorage, ssoPromptSettings, authConfig, ...args) {
+        var _a;
+        super((_a = (authConfig.getCredential ? args[0] : args[1])) !== null && _a !== void 0 ? _a : DIALOG_NAME);
         this.dedupStorageKeys = [];
         // Map to store the commandId and triggerPatterns, key: commandId, value: triggerPatterns
         this.commandMapping = new Map();
+        const dialogName = authConfig.getCredential ? args[0] : args[1];
         if (dialogName) {
             DIALOG_NAME = dialogName;
             TEAMS_SSO_PROMPT_ID = dialogName + TEAMS_SSO_PROMPT_ID;
             COMMAND_ROUTE_DIALOG = dialogName + COMMAND_ROUTE_DIALOG;
         }
+        let ssoDialog;
+        if (authConfig.getCredential) {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        else {
+            ssoDialog = new TeamsBotSsoPrompt(authConfig, args[0], TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
+        }
+        this.addDialog(ssoDialog);
         this.initialDialogId = COMMAND_ROUTE_DIALOG;
         this.dedupStorage = dedupStorage;
         this.dedupStorageKeys = [];
-        const ssoDialog = new TeamsBotSsoPrompt(teamsfx, TEAMS_SSO_PROMPT_ID, ssoPromptSettings);
-        this.addDialog(ssoDialog);
         const commandRouteDialog = new botbuilderDialogs.WaterfallDialog(COMMAND_ROUTE_DIALOG, [
             this.commandRouteStep.bind(this),
         ]);
@@ -3874,6 +3930,34 @@ class MessageBuilder {
 }
 
 // Copyright (c) Microsoft Corporation.
+/**
+ * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
+ * This method only work on MessageExtension with Query now.
+ *
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string | string[]} scopes - The list of scopes for which the token will have access.
+ *
+ * @returns SignIn link CardAction with 200 status code.
+ */
+function getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes) {
+    const scopesArray = getScopesArray(scopes);
+    const signInLink = `${initiateLoginEndpoint}?scope=${encodeURI(scopesArray.join(" "))}&clientId=${authConfig.clientId}&tenantId=${authConfig.tenantId}`;
+    return {
+        composeExtension: {
+            type: "silentAuth",
+            suggestedActions: {
+                actions: [
+                    {
+                        type: "openUrl",
+                        value: signInLink,
+                        title: "Message Extension OAuth",
+                    },
+                ],
+            },
+        },
+    };
+}
 /**
  * Retrieve the OAuth Sign in Link to use in the MessagingExtensionResult Suggested Actions.
  * This method only work on MessageExtension with Query now.
@@ -3901,6 +3985,56 @@ function getSignInResponseForMessageExtension(teamsfx, scopes) {
         },
     };
 }
+/**
+ * execution in message extension with SSO token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} authConfig - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function executionWithTokenAndConfig(context, authConfig, initiateLoginEndpoint, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        const valueObj = context.activity.value;
+        if (!valueObj.authentication || !valueObj.authentication.token) {
+            internalLogger.verbose("No AccessToken in request, return silentAuth for AccessToken");
+            return getSignInResponseForMessageExtensionWithAuthConfig(authConfig, initiateLoginEndpoint, scopes);
+        }
+        try {
+            const credential = new OnBehalfOfUserCredential(valueObj.authentication.token, authConfig);
+            const token = yield credential.getToken(scopes);
+            const ssoTokenExpiration = parseJwt(valueObj.authentication.token).exp;
+            const tokenRes = {
+                ssoToken: valueObj.authentication.token,
+                ssoTokenExpiration: new Date(ssoTokenExpiration * 1000).toISOString(),
+                token: token.token,
+                expiration: token.expiresOnTimestamp.toString(),
+                connectionName: "",
+            };
+            if (logic) {
+                return yield logic(tokenRes);
+            }
+        }
+        catch (err) {
+            if (err instanceof ErrorWithCode && err.code === exports.ErrorCode.UiRequiredError) {
+                internalLogger.verbose("User not consent yet, return 412 to user consent first.");
+                const response = { status: 412 };
+                yield context.sendActivity({ value: response, type: botbuilder.ActivityTypes.InvokeResponse });
+                return;
+            }
+            throw err;
+        }
+    });
+}
 /**
  * execution in message extension with SSO token.
  *
@@ -3950,9 +4084,11 @@ function executionWithToken(context, config, scopes, logic) {
         }
     });
 }
+// eslint-disable-next-line no-secrets/no-secrets
 /**
  * Users execute query in message extension with SSO or access token.
  *
+ *
  * @param {TurnContext} context - The context object for the current turn.
  * @param {AuthenticationConfiguration} config - User custom the message extension authentication configuration.
  * @param {string| string[]} scopes - The list of scopes for which the token will have access.
@@ -3975,6 +4111,33 @@ function handleMessageExtensionQueryWithToken(context, config, scopes, logic) {
         }
         return yield executionWithToken(context, config !== null && config !== void 0 ? config : {}, scopes, logic);
     });
+}
+/**
+ * Users execute query in message extension with SSO or access token.
+ *
+ * @param {TurnContext} context - The context object for the current turn.
+ * @param {OnBehalfOfCredentialAuthConfig} config - User custom the message extension authentication configuration.
+ * @param {initiateLoginEndpoint} initiateLoginEndpoint - Login page for Teams to redirect to.
+ * @param {string| string[]} scopes - The list of scopes for which the token will have access.
+ * @param {function} logic - Business logic when executing the query in message extension with SSO or access token.
+ *
+ * @throws {@link ErrorCode|InternalError} when User invoke not response to message extension query.
+ * @throws {@link ErrorCode|InternalError} when failed to get access token with unknown error.
+ * @throws {@link ErrorCode|TokenExpiredError} when SSO token has already expired.
+ * @throws {@link ErrorCode|ServiceError} when failed to get access token from simple auth server.
+ * @throws {@link ErrorCode|InvalidParameter} when scopes is not a valid string or string array.
+ * @throws {@link ErrorCode|RuntimeNotSupported} when runtime is nodeJS.
+ *
+ * @returns A MessageExtension Response for the activity. If the logic not return any, return void instead.
+ */
+function handleMessageExtensionQueryWithSSO(context, config, initiateLoginEndpoint, scopes, logic) {
+    return tslib.__awaiter(this, void 0, void 0, function* () {
+        if (context.activity.name != "composeExtension/query") {
+            internalLogger.error(ErrorMessage.OnlySupportInQueryActivity);
+            throw new ErrorWithCode(formatString(ErrorMessage.OnlySupportInQueryActivity), exports.ErrorCode.FailedOperation);
+        }
+        return yield executionWithTokenAndConfig(context, config !== null && config !== void 0 ? config : {}, initiateLoginEndpoint, scopes, logic);
+    });
 }
 
 exports.ApiKeyProvider = ApiKeyProvider;
@@ -4000,10 +4163,12 @@ exports.TeamsFx = TeamsFx;
 exports.TeamsUserCredential = TeamsUserCredential;
 exports.createApiClient = createApiClient;
 exports.createMicrosoftGraphClient = createMicrosoftGraphClient;
+exports.createMicrosoftGraphClientWithCredential = createMicrosoftGraphClientWithCredential;
 exports.createPemCertOption = createPemCertOption;
 exports.createPfxCertOption = createPfxCertOption;
 exports.getLogLevel = getLogLevel;
 exports.getTediousConnectionConfig = getTediousConnectionConfig;
+exports.handleMessageExtensionQueryWithSSO = handleMessageExtensionQueryWithSSO;
 exports.handleMessageExtensionQueryWithToken = handleMessageExtensionQueryWithToken;
 exports.sendAdaptiveCard = sendAdaptiveCard;
 exports.sendMessage = sendMessage;