@microsoft/teams-ai
Version:
SDK focused on building AI based applications for Microsoft Teams.
93 lines • 4.09 kB
JavaScript
;
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
Object.defineProperty(exports, "__esModule", { value: true });
exports.TeamsSsoMessageExtensionAuthentication = void 0;
const MessageExtensionAuthenticationBase_1 = require("./MessageExtensionAuthenticationBase");
const MessageExtensions_1 = require("../MessageExtensions");
/**
* @internal
*
* Handles authentication for Teams Message Extension using Single Sign-On (SSO).
*/
class TeamsSsoMessageExtensionAuthentication extends MessageExtensionAuthenticationBase_1.MessageExtensionAuthenticationBase {
settings;
msal;
/**
* Creates a new instance of TeamsSsoMessageExtensionAuthentication.
* @param {TeamsSsoSettings} settings The Teams SSO settings.
* @param {ConfidentialClientApplication} msal The MSAL (Microsoft Authentication Library) instance.
*/
constructor(settings, msal) {
super();
this.settings = settings;
this.msal = msal;
}
/**
* Checks if the activity is a valid Message Extension activity that supports SSO
* @param {TurnContext} context The turn context.
* @returns {boolean} A boolean indicating if the activity is valid.
*/
isValidActivity(context) {
// Currently only search based message extensions has SSO
return super.isValidActivity(context) && context.activity.name == MessageExtensions_1.MessageExtensionsInvokeNames.QUERY_INVOKE;
}
/**
* Handles the SSO token exchange.
* @param {TurnContext} context The turn context.
* @returns {Promise<TokenResponse | undefined>} A promise that resolves to the token response or undefined if token exchange failed.
*/
async handleSsoTokenExchange(context) {
const tokenExchangeRequest = context.activity.value.authentication;
if (!tokenExchangeRequest || !tokenExchangeRequest.token) {
return;
}
const result = await this.msal.acquireTokenOnBehalfOf({
oboAssertion: tokenExchangeRequest.token, // The parent class ensures that this is not undefined
scopes: this.settings.scopes
});
if (result) {
return {
connectionName: '',
token: result.accessToken,
expiration: result.expiresOn?.toISOString() ?? ''
};
}
return undefined;
}
/**
* Handles the signin/verifyState activity.
* @param {TurnContext} context The turn context.
* @param {string} magicCode The magic code from sign-in.
* @returns {Promise<TokenResponse|undefined>} A promise that resolves to undefined. The parent class will trigger silentAuth again.
*/
async handleUserSignIn(context, magicCode) {
return undefined; // Let parent class trigger silentAuth again
}
/**
* Gets the sign-in link for the user.
* @param {TurnContext} context The turn context.
* @returns {Promise<string>} A promise that resolves to the sign-in link.
*/
async getSignInLink(context) {
const clientId = this.settings.msalConfig.auth.clientId;
const scope = encodeURI(this.settings.scopes.join(' '));
const authority = this.settings.msalConfig.auth.authority ?? 'https://login.microsoftonline.com/common/';
const tenantId = authority.match(/https:\/\/[^\/]+\/([^\/]+)\/?/)?.[1];
const signInLink = `${this.settings.signInLink}?scope=${scope}&clientId=${clientId}&tenantId=${tenantId}`;
return signInLink;
}
/**
* Should sign in using SSO flow.
* @param {TurnContext} context - The turn context.
* @returns {boolean} - A boolean indicating if the sign-in should use SSO flow.
*/
isSsoSignIn(context) {
if (context.activity.name === MessageExtensions_1.MessageExtensionsInvokeNames.QUERY_INVOKE) {
return true;
}
return false;
}
}
exports.TeamsSsoMessageExtensionAuthentication = TeamsSsoMessageExtensionAuthentication;
//# sourceMappingURL=TeamsSsoMessageExtensionAuthentication.js.map