npm - @openclaw/msteams - Versions diffs - 2026.5.2 → 2026.5.3-beta.1 - Mend

@openclaw/msteams 2026.5.2 → 2026.5.3-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (197) hide show

package/dist/api.js +3 -0
package/dist/channel-D7hdreTh.js +984 -0
package/dist/channel-config-api.js +2 -0
package/dist/channel-plugin-api.js +2 -0
package/dist/channel.runtime-BC1ruIfN.js +573 -0
package/dist/config-schema-B8QezH6t.js +15 -0
package/dist/contract-api.js +2 -0
package/dist/graph-users-9uQJepqr.js +1354 -0
package/dist/index.js +22 -0
package/dist/oauth-BWJyilR1.js +114 -0
package/dist/oauth.token-xxpoLWy5.js +115 -0
package/dist/policy-DTnU2GR7.js +142 -0
package/dist/probe-D_H8yFps.js +2194 -0
package/dist/resolve-allowlist-D41JSziq.js +219 -0
package/dist/runtime-api-DV1iVMn1.js +28 -0
package/dist/runtime-api.js +2 -0
package/dist/secret-contract-BuoEXmPS.js +35 -0
package/dist/secret-contract-api.js +2 -0
package/dist/setup-entry.js +15 -0
package/dist/setup-plugin-api.js +64 -0
package/dist/setup-surface-BLkFQYIQ.js +313 -0
package/dist/src-CFp1QpFd.js +4064 -0
package/dist/test-api.js +2 -0
package/package.json +14 -6
package/api.ts +0 -3
package/channel-config-api.ts +0 -1
package/channel-plugin-api.ts +0 -2
package/config-api.ts +0 -4
package/contract-api.ts +0 -4
package/index.ts +0 -20
package/runtime-api.ts +0 -73
package/secret-contract-api.ts +0 -5
package/setup-entry.ts +0 -13
package/setup-plugin-api.ts +0 -3
package/src/ai-entity.ts +0 -7
package/src/approval-auth.ts +0 -44
package/src/attachments/bot-framework.test.ts +0 -461
package/src/attachments/bot-framework.ts +0 -362
package/src/attachments/download.ts +0 -311
package/src/attachments/graph.test.ts +0 -416
package/src/attachments/graph.ts +0 -484
package/src/attachments/html.ts +0 -122
package/src/attachments/payload.ts +0 -14
package/src/attachments/remote-media.test.ts +0 -137
package/src/attachments/remote-media.ts +0 -112
package/src/attachments/shared.test.ts +0 -530
package/src/attachments/shared.ts +0 -626
package/src/attachments/types.ts +0 -47
package/src/attachments.graph.test.ts +0 -342
package/src/attachments.helpers.test.ts +0 -246
package/src/attachments.test-helpers.ts +0 -17
package/src/attachments.test.ts +0 -687
package/src/attachments.ts +0 -18
package/src/block-streaming-config.test.ts +0 -61
package/src/channel-api.ts +0 -1
package/src/channel.actions.test.ts +0 -742
package/src/channel.directory.test.ts +0 -200
package/src/channel.runtime.ts +0 -56
package/src/channel.setup.ts +0 -77
package/src/channel.test.ts +0 -128
package/src/channel.ts +0 -1136
package/src/config-schema.ts +0 -6
package/src/config-ui-hints.ts +0 -12
package/src/conversation-store-fs.test.ts +0 -74
package/src/conversation-store-fs.ts +0 -149
package/src/conversation-store-helpers.test.ts +0 -202
package/src/conversation-store-helpers.ts +0 -105
package/src/conversation-store-memory.ts +0 -51
package/src/conversation-store.shared.test.ts +0 -225
package/src/conversation-store.ts +0 -71
package/src/directory-live.test.ts +0 -156
package/src/directory-live.ts +0 -111
package/src/doctor.ts +0 -27
package/src/errors.test.ts +0 -133
package/src/errors.ts +0 -246
package/src/feedback-reflection-prompt.ts +0 -117
package/src/feedback-reflection-store.ts +0 -114
package/src/feedback-reflection.test.ts +0 -237
package/src/feedback-reflection.ts +0 -283
package/src/file-consent-helpers.test.ts +0 -326
package/src/file-consent-helpers.ts +0 -126
package/src/file-consent-invoke.ts +0 -150
package/src/file-consent.test.ts +0 -363
package/src/file-consent.ts +0 -287
package/src/graph-chat.ts +0 -55
package/src/graph-group-management.test.ts +0 -318
package/src/graph-group-management.ts +0 -168
package/src/graph-members.test.ts +0 -89
package/src/graph-members.ts +0 -48
package/src/graph-messages.actions.test.ts +0 -243
package/src/graph-messages.read.test.ts +0 -391
package/src/graph-messages.search.test.ts +0 -213
package/src/graph-messages.test-helpers.ts +0 -50
package/src/graph-messages.ts +0 -534
package/src/graph-teams.test.ts +0 -215
package/src/graph-teams.ts +0 -114
package/src/graph-thread.test.ts +0 -246
package/src/graph-thread.ts +0 -146
package/src/graph-upload.test.ts +0 -258
package/src/graph-upload.ts +0 -531
package/src/graph-users.ts +0 -29
package/src/graph.test.ts +0 -516
package/src/graph.ts +0 -293
package/src/inbound.test.ts +0 -221
package/src/inbound.ts +0 -148
package/src/index.ts +0 -4
package/src/media-helpers.test.ts +0 -202
package/src/media-helpers.ts +0 -105
package/src/mentions.test.ts +0 -244
package/src/mentions.ts +0 -114
package/src/messenger.test.ts +0 -865
package/src/messenger.ts +0 -605
package/src/monitor-handler/access.ts +0 -125
package/src/monitor-handler/inbound-media.test.ts +0 -289
package/src/monitor-handler/inbound-media.ts +0 -180
package/src/monitor-handler/message-handler-mock-support.test-support.ts +0 -28
package/src/monitor-handler/message-handler.authz.test.ts +0 -669
package/src/monitor-handler/message-handler.dm-media.test.ts +0 -54
package/src/monitor-handler/message-handler.test-support.ts +0 -100
package/src/monitor-handler/message-handler.thread-parent.test.ts +0 -223
package/src/monitor-handler/message-handler.thread-session.test.ts +0 -77
package/src/monitor-handler/message-handler.ts +0 -1000
package/src/monitor-handler/reaction-handler.test.ts +0 -267
package/src/monitor-handler/reaction-handler.ts +0 -210
package/src/monitor-handler/thread-session.ts +0 -17
package/src/monitor-handler.adaptive-card.test.ts +0 -162
package/src/monitor-handler.feedback-authz.test.ts +0 -314
package/src/monitor-handler.file-consent.test.ts +0 -423
package/src/monitor-handler.sso.test.ts +0 -563
package/src/monitor-handler.test-helpers.ts +0 -180
package/src/monitor-handler.ts +0 -534
package/src/monitor-handler.types.ts +0 -27
package/src/monitor-types.ts +0 -6
package/src/monitor.lifecycle.test.ts +0 -278
package/src/monitor.test.ts +0 -119
package/src/monitor.ts +0 -442
package/src/oauth.flow.ts +0 -77
package/src/oauth.shared.ts +0 -37
package/src/oauth.test.ts +0 -305
package/src/oauth.token.ts +0 -158
package/src/oauth.ts +0 -130
package/src/outbound.test.ts +0 -130
package/src/outbound.ts +0 -71
package/src/pending-uploads-fs.test.ts +0 -246
package/src/pending-uploads-fs.ts +0 -235
package/src/pending-uploads.test.ts +0 -173
package/src/pending-uploads.ts +0 -121
package/src/policy.test.ts +0 -240
package/src/policy.ts +0 -262
package/src/polls-store-memory.ts +0 -32
package/src/polls.test.ts +0 -160
package/src/polls.ts +0 -323
package/src/presentation.ts +0 -68
package/src/probe.test.ts +0 -77
package/src/probe.ts +0 -132
package/src/reply-dispatcher.test.ts +0 -437
package/src/reply-dispatcher.ts +0 -346
package/src/reply-stream-controller.test.ts +0 -235
package/src/reply-stream-controller.ts +0 -147
package/src/resolve-allowlist.test.ts +0 -250
package/src/resolve-allowlist.ts +0 -309
package/src/revoked-context.ts +0 -17
package/src/runtime.ts +0 -9
package/src/sdk-types.ts +0 -59
package/src/sdk.test.ts +0 -666
package/src/sdk.ts +0 -884
package/src/secret-contract.ts +0 -49
package/src/secret-input.ts +0 -7
package/src/send-context.ts +0 -231
package/src/send.test.ts +0 -493
package/src/send.ts +0 -637
package/src/sent-message-cache.test.ts +0 -15
package/src/sent-message-cache.ts +0 -56
package/src/session-route.ts +0 -40
package/src/setup-core.ts +0 -160
package/src/setup-surface.test.ts +0 -202
package/src/setup-surface.ts +0 -320
package/src/sso-token-store.test.ts +0 -72
package/src/sso-token-store.ts +0 -166
package/src/sso.ts +0 -300
package/src/storage.ts +0 -25
package/src/store-fs.ts +0 -44
package/src/streaming-message.test.ts +0 -262
package/src/streaming-message.ts +0 -297
package/src/test-runtime.ts +0 -16
package/src/thread-parent-context.test.ts +0 -224
package/src/thread-parent-context.ts +0 -159
package/src/token-response.ts +0 -11
package/src/token.test.ts +0 -259
package/src/token.ts +0 -195
package/src/user-agent.test.ts +0 -86
package/src/user-agent.ts +0 -53
package/src/webhook-timeouts.ts +0 -27
package/src/welcome-card.test.ts +0 -81
package/src/welcome-card.ts +0 -57
package/test-api.ts +0 -1
package/tsconfig.json +0 -16

package/src/oauth.test.ts DELETED Viewed

@@ -1,305 +0,0 @@
-import { createHash } from "node:crypto";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-vi.mock("openclaw/plugin-sdk/ssrf-runtime", () => ({
-  fetchWithSsrFGuard: async (params: {
-    url: string;
-    init?: RequestInit;
-    fetchImpl?: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
-  }) => {
-    const fetchImpl = params.fetchImpl ?? globalThis.fetch;
-    const response = await fetchImpl(params.url, params.init);
-    return {
-      response,
-      finalUrl: params.url,
-      release: async () => {},
-    };
-  },
-}));
-import {
-  generatePkce,
-  generateOAuthState,
-  buildMSTeamsAuthUrl,
-  parseCallbackInput,
-} from "./oauth.flow.js";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_OAUTH_REDIRECT_URI,
-  buildMSTeamsAuthEndpoint,
-  buildMSTeamsTokenEndpoint,
-} from "./oauth.shared.js";
-import { exchangeMSTeamsCodeForTokens, refreshMSTeamsDelegatedTokens } from "./oauth.token.js";
-function responseJson(body: unknown, status = 200): Response {
-  return new Response(JSON.stringify(body), {
-    status,
-    headers: { "Content-Type": "application/json" },
-  });
-}
-describe("generatePkce", () => {
-  it("produces a 64-char hex verifier and a base64url SHA-256 challenge", () => {
-    const { verifier, challenge } = generatePkce();
-    expect(verifier).toMatch(/^[0-9a-f]{64}$/);
-    const expected = createHash("sha256").update(verifier).digest("base64url");
-    expect(challenge).toBe(expected);
-  });
-});
-describe("generateOAuthState", () => {
-  it("produces a 64-char hex string separate from the PKCE verifier", () => {
-    const state = generateOAuthState();
-    expect(state).toMatch(/^[0-9a-f]{64}$/);
-    const { verifier } = generatePkce();
-    expect(state).not.toBe(verifier);
-  });
-});
-describe("buildMSTeamsAuthUrl", () => {
-  it("includes correct tenant, client_id, scopes, PKCE params, and redirect_uri", () => {
-    const { challenge } = generatePkce();
-    const state = generateOAuthState();
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "my-tenant-id",
-      clientId: "my-client-id",
-      challenge,
-      state,
-    });
-    const parsed = new URL(url);
-    expect(parsed.origin + parsed.pathname).toBe(buildMSTeamsAuthEndpoint("my-tenant-id"));
-    expect(parsed.searchParams.get("client_id")).toBe("my-client-id");
-    expect(parsed.searchParams.get("response_type")).toBe("code");
-    expect(parsed.searchParams.get("redirect_uri")).toBe(MSTEAMS_OAUTH_REDIRECT_URI);
-    expect(parsed.searchParams.get("scope")).toBe(MSTEAMS_DEFAULT_DELEGATED_SCOPES.join(" "));
-    expect(parsed.searchParams.get("code_challenge")).toBe(challenge);
-    expect(parsed.searchParams.get("code_challenge_method")).toBe("S256");
-    expect(parsed.searchParams.get("state")).toBe(state);
-    expect(parsed.searchParams.get("prompt")).toBe("consent");
-  });
-  it("does not expose the PKCE verifier in the URL", () => {
-    const { verifier, challenge } = generatePkce();
-    const state = generateOAuthState();
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "t",
-      clientId: "c",
-      challenge,
-      state,
-    });
-    expect(url).not.toContain(verifier);
-    expect(url).toContain(`state=${state}`);
-  });
-  it("uses custom scopes when provided", () => {
-    const url = buildMSTeamsAuthUrl({
-      tenantId: "t",
-      clientId: "c",
-      challenge: "ch",
-      state: "s",
-      scopes: ["User.Read", "offline_access"],
-    });
-    const parsed = new URL(url);
-    expect(parsed.searchParams.get("scope")).toBe("User.Read offline_access");
-  });
-});
-describe("parseCallbackInput", () => {
-  const expectedState = "expected-state-value";
-  it("extracts code and state from a valid callback URL", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?code=abc123&state=${expectedState}`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({ code: "abc123", state: expectedState });
-  });
-  it("returns error when code is missing from URL", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?state=${expectedState}`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({ error: "Missing 'code' parameter in URL" });
-  });
-  it("rejects bare authorization codes to prevent CSRF bypass", () => {
-    const result = parseCallbackInput("bare-code-value", expectedState);
-    expect(result).toEqual({
-      error:
-        "Paste the full redirect URL (including code and state parameters), not just the authorization code.",
-    });
-  });
-  it("returns error on empty input", () => {
-    const result = parseCallbackInput("", expectedState);
-    expect(result).toEqual({ error: "No input provided" });
-  });
-  it("returns error when state is missing from a valid URL (CSRF protection)", () => {
-    const input = `${MSTEAMS_OAUTH_REDIRECT_URI}?code=abc123`;
-    const result = parseCallbackInput(input, expectedState);
-    expect(result).toEqual({
-      error: "Missing 'state' parameter in URL. Paste the full redirect URL.",
-    });
-  });
-  it("rejects bare codes even when expectedState is empty", () => {
-    const result = parseCallbackInput("bare-code", "");
-    expect(result).toEqual({
-      error:
-        "Paste the full redirect URL (including code and state parameters), not just the authorization code.",
-    });
-  });
-});
-describe("exchangeMSTeamsCodeForTokens", () => {
-  let fetchSpy: ReturnType<typeof vi.fn>;
-  beforeEach(() => {
-    fetchSpy = vi.fn();
-    vi.stubGlobal("fetch", fetchSpy);
-  });
-  afterEach(() => {
-    vi.unstubAllGlobals();
-  });
-  it("exchanges an authorization code for delegated tokens", async () => {
-    const now = Date.now();
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "at-123",
-        refresh_token: "rt-456",
-        expires_in: 3600,
-        scope: "ChatMessage.Send offline_access",
-      }),
-    );
-    const tokens = await exchangeMSTeamsCodeForTokens({
-      tenantId: "tenant-1",
-      clientId: "client-1",
-      clientSecret: "secret-1", // pragma: allowlist secret
-      code: "auth-code",
-      verifier: "pkce-verifier",
-    });
-    const afterExchange = Date.now();
-    expect(tokens.accessToken).toBe("at-123");
-    expect(tokens.refreshToken).toBe("rt-456");
-    expect(tokens.scopes).toEqual(["ChatMessage.Send", "offline_access"]);
-    // expiresAt should be roughly now + 3600s - 300s
-    expect(tokens.expiresAt).toBeGreaterThanOrEqual(now + 3300 * 1000 - 1000);
-    expect(tokens.expiresAt).toBeLessThanOrEqual(afterExchange + 3300 * 1000 + 2000);
-    // Verify the request was well-formed
-    expect(fetchSpy).toHaveBeenCalledOnce();
-    const [url, init] = fetchSpy.mock.calls[0] as [string, RequestInit];
-    expect(url).toBe(buildMSTeamsTokenEndpoint("tenant-1"));
-    const body = new URLSearchParams(init.body as string);
-    expect(body.get("client_id")).toBe("client-1");
-    expect(body.get("client_secret")).toBe("secret-1");
-    expect(body.get("grant_type")).toBe("authorization_code");
-    expect(body.get("code")).toBe("auth-code");
-    expect(body.get("code_verifier")).toBe("pkce-verifier");
-    expect(body.get("redirect_uri")).toBe(MSTEAMS_OAUTH_REDIRECT_URI);
-  });
-  it("throws on a 400 error response", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response(JSON.stringify({ error: "invalid_grant" }), {
-        status: 400,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      exchangeMSTeamsCodeForTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        code: "bad-code",
-        verifier: "v",
-      }),
-    ).rejects.toThrow(/MSTeams token exchange failed \(400\)/);
-  });
-});
-describe("refreshMSTeamsDelegatedTokens", () => {
-  let fetchSpy: ReturnType<typeof vi.fn>;
-  beforeEach(() => {
-    fetchSpy = vi.fn();
-    vi.stubGlobal("fetch", fetchSpy);
-  });
-  afterEach(() => {
-    vi.unstubAllGlobals();
-  });
-  it("refreshes tokens using refresh_token grant and keeps old refresh token when Azure omits it", async () => {
-    const now = Date.now();
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "new-at",
-        // Azure sometimes does not return a new refresh_token
-        expires_in: 3600,
-        scope: "ChatMessage.Send offline_access",
-      }),
-    );
-    const tokens = await refreshMSTeamsDelegatedTokens({
-      tenantId: "tenant-1",
-      clientId: "client-1",
-      clientSecret: "secret-1", // pragma: allowlist secret
-      refreshToken: "original-rt",
-    });
-    expect(tokens.accessToken).toBe("new-at");
-    // Old refresh token should be preserved
-    expect(tokens.refreshToken).toBe("original-rt");
-    expect(tokens.scopes).toEqual(["ChatMessage.Send", "offline_access"]);
-    expect(tokens.expiresAt).toBeGreaterThanOrEqual(now + 3300 * 1000 - 1000);
-    // Verify the request body includes refresh_token grant type
-    const [, init] = fetchSpy.mock.calls[0] as [string, RequestInit];
-    const body = new URLSearchParams(init.body as string);
-    expect(body.get("grant_type")).toBe("refresh_token");
-    expect(body.get("refresh_token")).toBe("original-rt");
-    expect(body.get("client_secret")).toBe("secret-1");
-  });
-  it("uses new refresh token when Azure returns one", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      responseJson({
-        access_token: "new-at",
-        refresh_token: "new-rt",
-        expires_in: 3600,
-      }),
-    );
-    const tokens = await refreshMSTeamsDelegatedTokens({
-      tenantId: "t",
-      clientId: "c",
-      clientSecret: "s", // pragma: allowlist secret
-      refreshToken: "old-rt",
-    });
-    expect(tokens.refreshToken).toBe("new-rt");
-  });
-  it("throws on a 401 error response", async () => {
-    fetchSpy.mockResolvedValueOnce(
-      new Response(JSON.stringify({ error: "invalid_grant" }), {
-        status: 401,
-        headers: { "Content-Type": "application/json" },
-      }),
-    );
-    await expect(
-      refreshMSTeamsDelegatedTokens({
-        tenantId: "t",
-        clientId: "c",
-        clientSecret: "s", // pragma: allowlist secret
-        refreshToken: "expired-rt",
-      }),
-    ).rejects.toThrow(/MSTeams token refresh failed \(401\)/);
-  });
-});

package/src/oauth.token.ts DELETED Viewed

@@ -1,158 +0,0 @@
-import { fetchWithSsrFGuard } from "openclaw/plugin-sdk/ssrf-runtime";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS,
-  MSTEAMS_OAUTH_REDIRECT_URI,
-  buildMSTeamsTokenEndpoint,
-  type MSTeamsDelegatedTokens,
-} from "./oauth.shared.js";
-/** Five-minute buffer subtracted from token expiry to avoid edge-case clock drift. */
-const EXPIRY_BUFFER_MS = 5 * 60 * 1000;
-type MSTeamsTokenResponse = {
-  access_token: string;
-  refresh_token?: string;
-  expires_in: number;
-  scope?: string;
-};
-function createMSTeamsTokenBody(params: {
-  clientId: string;
-  clientSecret: string;
-  grantType: string;
-  scopes: readonly string[];
-  values?: Record<string, string>;
-}): URLSearchParams {
-  const body = new URLSearchParams({
-    client_id: params.clientId,
-    client_secret: params.clientSecret,
-    grant_type: params.grantType,
-    scope: [...params.scopes].join(" "),
-  });
-  for (const [key, value] of Object.entries(params.values ?? {})) {
-    body.set(key, value);
-  }
-  return body;
-}
-async function fetchMSTeamsTokens(params: {
-  tokenUrl: string;
-  body: URLSearchParams;
-  auditContext: string;
-  failureLabel: string;
-}): Promise<MSTeamsTokenResponse> {
-  const currentFetch = globalThis.fetch;
-  const { response, release } = await fetchWithSsrFGuard({
-    url: params.tokenUrl,
-    fetchImpl: async (input, guardedInit) => await currentFetch(input, guardedInit),
-    init: {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded;charset=UTF-8",
-        Accept: "application/json",
-      },
-      body: params.body,
-      signal: AbortSignal.timeout(MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS),
-    },
-    auditContext: params.auditContext,
-  });
-  try {
-    if (!response.ok) {
-      const errorText = await response.text();
-      throw new Error(`MSTeams ${params.failureLabel} failed (${response.status}): ${errorText}`);
-    }
-    return (await response.json()) as MSTeamsTokenResponse;
-  } finally {
-    await release();
-  }
-}
-async function requestMSTeamsDelegatedTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  scopes?: readonly string[];
-  grantType: string;
-  values: Record<string, string>;
-  auditContext: string;
-  failureLabel: string;
-  resolveRefreshToken: (data: MSTeamsTokenResponse) => string;
-}): Promise<MSTeamsDelegatedTokens> {
-  const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
-  const body = createMSTeamsTokenBody({
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: params.grantType,
-    scopes,
-    values: params.values,
-  });
-  const data = await fetchMSTeamsTokens({
-    tokenUrl: buildMSTeamsTokenEndpoint(params.tenantId),
-    body,
-    auditContext: params.auditContext,
-    failureLabel: params.failureLabel,
-  });
-  return {
-    accessToken: data.access_token,
-    refreshToken: params.resolveRefreshToken(data),
-    expiresAt: Date.now() + data.expires_in * 1000 - EXPIRY_BUFFER_MS,
-    scopes: data.scope ? data.scope.split(" ") : [...scopes],
-  };
-}
-export async function exchangeMSTeamsCodeForTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  code: string;
-  verifier: string;
-  scopes?: readonly string[];
-}): Promise<MSTeamsDelegatedTokens> {
-  return await requestMSTeamsDelegatedTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: "authorization_code",
-    scopes: params.scopes,
-    values: {
-      code: params.code,
-      redirect_uri: MSTEAMS_OAUTH_REDIRECT_URI,
-      code_verifier: params.verifier,
-    },
-    auditContext: "msteams-oauth-token-exchange",
-    failureLabel: "token exchange",
-    resolveRefreshToken: (data) => {
-      if (!data.refresh_token) {
-        throw new Error("No refresh token received from Azure AD. Please try again.");
-      }
-      return data.refresh_token;
-    },
-  });
-}
-export async function refreshMSTeamsDelegatedTokens(params: {
-  tenantId: string;
-  clientId: string;
-  clientSecret: string;
-  refreshToken: string;
-  scopes?: readonly string[];
-}): Promise<MSTeamsDelegatedTokens> {
-  return await requestMSTeamsDelegatedTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    grantType: "refresh_token",
-    scopes: params.scopes,
-    values: {
-      refresh_token: params.refreshToken,
-    },
-    auditContext: "msteams-oauth-token-refresh",
-    failureLabel: "token refresh",
-    resolveRefreshToken: (data) => data.refresh_token ?? params.refreshToken,
-  });
-}

package/src/oauth.ts DELETED Viewed

@@ -1,130 +0,0 @@
-import {
-  buildMSTeamsAuthUrl,
-  generateOAuthState,
-  generatePkce,
-  parseCallbackInput,
-  shouldUseManualOAuthFlow,
-  waitForLocalCallback,
-} from "./oauth.flow.js";
-import {
-  MSTEAMS_DEFAULT_DELEGATED_SCOPES,
-  MSTEAMS_OAUTH_CALLBACK_PORT,
-  type MSTeamsDelegatedOAuthContext,
-  type MSTeamsDelegatedTokens,
-} from "./oauth.shared.js";
-import { exchangeMSTeamsCodeForTokens } from "./oauth.token.js";
-export type { MSTeamsDelegatedOAuthContext, MSTeamsDelegatedTokens };
-export async function loginMSTeamsDelegated(
-  ctx: MSTeamsDelegatedOAuthContext,
-  params: {
-    tenantId: string;
-    clientId: string;
-    clientSecret: string;
-    scopes?: readonly string[];
-  },
-): Promise<MSTeamsDelegatedTokens> {
-  const scopes = params.scopes ?? MSTEAMS_DEFAULT_DELEGATED_SCOPES;
-  const needsManual = shouldUseManualOAuthFlow(ctx.isRemote);
-  await ctx.note(
-    needsManual
-      ? [
-          "You are running in a remote/VPS environment.",
-          "A URL will be shown for you to open in your LOCAL browser.",
-          "After signing in, copy the redirect URL and paste it back here.",
-        ].join("\n")
-      : [
-          "Browser will open for Microsoft authentication.",
-          `Sign in to grant delegated permissions for MSTeams.`,
-          `The callback will be captured automatically on localhost:${MSTEAMS_OAUTH_CALLBACK_PORT}.`,
-        ].join("\n"),
-    "MSTeams Delegated OAuth",
-  );
-  const { verifier, challenge } = generatePkce();
-  const state = generateOAuthState();
-  const authUrl = buildMSTeamsAuthUrl({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    challenge,
-    state,
-    scopes,
-  });
-  if (needsManual) {
-    return manualFlow(ctx, authUrl, state, verifier, params);
-  }
-  ctx.progress.update("Complete sign-in in browser...");
-  try {
-    await ctx.openUrl(authUrl);
-  } catch {
-    ctx.log(`\nOpen this URL in your browser:\n\n${authUrl}\n`);
-  }
-  try {
-    const { code } = await waitForLocalCallback({
-      expectedState: state,
-      timeoutMs: 5 * 60 * 1000,
-      onProgress: (msg) => ctx.progress.update(msg),
-    });
-    ctx.progress.update("Exchanging authorization code for tokens...");
-    return await exchangeMSTeamsCodeForTokens({
-      tenantId: params.tenantId,
-      clientId: params.clientId,
-      clientSecret: params.clientSecret,
-      code,
-      verifier,
-      scopes,
-    });
-  } catch (err) {
-    // EADDRINUSE or other listen errors: fall back to manual flow
-    if (
-      err instanceof Error &&
-      (err.message.includes("EADDRINUSE") ||
-        err.message.includes("port") ||
-        err.message.includes("listen"))
-    ) {
-      ctx.progress.update("Local callback server failed. Switching to manual mode...");
-      return manualFlow(ctx, authUrl, state, verifier, params, err);
-    }
-    throw err;
-  }
-}
-async function manualFlow(
-  ctx: MSTeamsDelegatedOAuthContext,
-  authUrl: string,
-  state: string,
-  verifier: string,
-  params: {
-    tenantId: string;
-    clientId: string;
-    clientSecret: string;
-    scopes?: readonly string[];
-  },
-  cause?: Error,
-): Promise<MSTeamsDelegatedTokens> {
-  ctx.progress.update("OAuth URL ready");
-  ctx.log(`\nOpen this URL in your LOCAL browser:\n\n${authUrl}\n`);
-  ctx.progress.update("Waiting for you to paste the callback URL...");
-  const callbackInput = await ctx.prompt("Paste the redirect URL here: ");
-  const parsed = parseCallbackInput(callbackInput, state);
-  if ("error" in parsed) {
-    throw new Error(parsed.error, cause ? { cause } : undefined);
-  }
-  if (parsed.state !== state) {
-    throw new Error("OAuth state mismatch - please try again", cause ? { cause } : undefined);
-  }
-  ctx.progress.update("Exchanging authorization code for tokens...");
-  return exchangeMSTeamsCodeForTokens({
-    tenantId: params.tenantId,
-    clientId: params.clientId,
-    clientSecret: params.clientSecret,
-    code: parsed.code,
-    verifier,
-    scopes: params.scopes,
-  });
-}