Merge branch 'main' into southworks/update/replace-micro-libraries

libraries/botframework-connector/src/auth/federatedAppCredentials.ts

@@ -0,0 +1,91 @@
+/**
+ * @module botframework-connector
+ */
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+
+import { ConfidentialClientApplication, ManagedIdentityApplication } from '@azure/msal-node';
+import { ok } from 'assert';
+import { AppCredentials } from './appCredentials';
+import { AuthenticatorResult } from './authenticatorResult';
+import { MsalAppCredentials } from './msalAppCredentials';
+
+/**
+ * Federated Credentials auth implementation.
+ */
+export class FederatedAppCredentials extends AppCredentials {
+    private credentials: MsalAppCredentials;
+    private managedIdentityClientAssertion: ManagedIdentityApplication;
+    private clientAudience: string;
+
+    /**
+     * Initializes a new instance of the [FederatedAppCredentials](xref:botframework-connector.FederatedAppCredentials) class.
+     *
+     * @param {string} appId App ID for the Application.
+     * @param {string} clientId Client ID for the managed identity assigned to the bot.
+     * @param {string} channelAuthTenant Tenant ID of the Azure AD tenant where the bot is created.
+     *   * **Required** for SingleTenant app types.
+     *   * **Optional** for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
+     *
+     * More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
+     * @param {string} oAuthScope **Optional**. The scope for the token.
+     * @param {string} clientAudience **Optional**. The Audience used in the Client's Federated Credential. **Default** (_api://AzureADTokenExchange_).
+     */
+    constructor(
+        appId: string,
+        clientId: string,
+        channelAuthTenant?: string,
+        oAuthScope?: string,
+        clientAudience?: string
+    ) {
+        super(appId, channelAuthTenant, oAuthScope);
+
+        ok(appId?.trim(), 'FederatedAppCredentials.constructor(): missing appId.');
+
+        this.clientAudience = clientAudience ?? 'api://AzureADTokenExchange';
+        this.managedIdentityClientAssertion = new ManagedIdentityApplication({
+            managedIdentityIdParams: { userAssignedClientId: clientId },
+        });
+    }
+
+    /**
+     * @inheritdoc
+     */
+    async getToken(forceRefresh = false): Promise<string> {
+        this.credentials ??= new MsalAppCredentials(
+            this.createClientApplication(await this.fetchExternalToken(forceRefresh)),
+            this.oAuthEndpoint,
+            this.oAuthEndpoint,
+            this.oAuthScope
+        );
+        return this.credentials.getToken(forceRefresh);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected refreshToken(): Promise<AuthenticatorResult> {
+        // This will never be executed because we are using MsalAppCredentials.getToken underneath.
+        throw new Error('Method not implemented.');
+    }
+
+    private createClientApplication(clientAssertion: string) {
+        return new ConfidentialClientApplication({
+            auth: {
+                clientId: this.appId,
+                authority: this.oAuthEndpoint,
+                clientAssertion,
+            },
+        });
+    }
+
+    private async fetchExternalToken(forceRefresh = false): Promise<string> {
+        const response = await this.managedIdentityClientAssertion.acquireToken({
+            resource: this.clientAudience,
+            forceRefresh,
+        });
+        return response.accessToken;
+    }
+}

libraries/botframework-connector/src/auth/federatedServiceClientCredentialsFactory.ts

@@ -0,0 +1,66 @@
+/**
+ * @module botframework-connector
+ */
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+import { ok } from 'assert';
+import type { ServiceClientCredentials } from '@azure/core-http';
+import { ServiceClientCredentialsFactory } from './serviceClientCredentialsFactory';
+import { FederatedAppCredentials } from './federatedAppCredentials';
+
+/**
+ * A Federated Credentials implementation of the [ServiceClientCredentialsFactory](xref:botframework-connector.ServiceClientCredentialsFactory) interface.
+ */
+export class FederatedServiceClientCredentialsFactory extends ServiceClientCredentialsFactory {
+    /**
+     * Initializes a new instance of the [FederatedServiceClientCredentialsFactory](xref:botframework-connector.FederatedServiceClientCredentialsFactory) class.
+     *
+     * @param {string} appId App ID for the Application.
+     * @param {string} clientId Client ID for the managed identity assigned to the bot.
+     * @param {string} tenantId Tenant ID of the Azure AD tenant where the bot is created.
+     *   * **Required** for SingleTenant app types.
+     *   * **Optional** for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
+     *
+     * More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
+     * @param {string} clientAudience **Optional**. The Audience used in the Client's Federated Credential. **Default** (_api://AzureADTokenExchange_).
+     */
+    constructor(
+        private appId: string,
+        private clientId: string,
+        private tenantId?: string,
+        private clientAudience?: string
+    ) {
+        super();
+
+        ok(appId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing appId.');
+        ok(clientId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing clientId.');
+    }
+
+    /**
+     * @inheritdoc
+     */
+    async isValidAppId(appId = ''): Promise<boolean> {
+        return appId === this.appId;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    async isAuthenticationDisabled(): Promise<boolean> {
+        // Auth is always enabled for FIC.
+        return;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    async createCredentials(appId: string, audience: string): Promise<ServiceClientCredentials> {
+        ok(
+            await this.isValidAppId(appId),
+            'FederatedServiceClientCredentialsFactory.createCredentials(): Invalid App ID.'
+        );
+
+        return new FederatedAppCredentials(this.appId, this.clientId, this.tenantId, audience, this.clientAudience);
+    }
+}

libraries/botframework-connector/src/auth/index.ts

@@ -8,6 +8,7 @@
 
 export * from './allowedCallersClaimsValidator';
 export * from './appCredentials';
+export * from './aseChannelValidation';
 export * from './authenticateRequestResult';
 export * from './authenticationConfiguration';
 export * from './authenticationConstants';
@@ -22,9 +23,10 @@ export * from './claimsIdentity';
 export * from './connectorFactory';
 export * from './credentialProvider';
 export * from './emulatorValidation';
-export * from './aseChannelValidation';
 export * from './endorsementsValidator';
 export * from './enterpriseChannelValidation';
+export * from './federatedAppCredentials';
+export * from './federatedServiceClientCredentialsFactory';
 export * from './governmentChannelValidation';
 export * from './governmentConstants';
 export * from './jwtTokenProviderFactory';

package.json

@@ -7,6 +7,7 @@
     "libraries/functional-tests/dialogToDialog/*",
     "libraries/testskills/*",
     "testing/*",
+    "testing/browser-functional/browser-echo-bot",
     "tools",
     "transcripts"
   ],
@@ -97,6 +98,7 @@
     "typedoc-plugin-external-module-name": "^4.0.6",
     "typedoc-plugin-markdown": "^4.2.7",
     "typescript": "~4.7",
+    "webpack-dev-server": "^5.1.0",
     "wsrun": "^5.2.4",
     "esmify": "^2.1.1",
     "babelify": "^10.0.0"

testing/browser-functional/browser-echo-bot/package.json

@@ -11,40 +11,34 @@
     "start": "webpack-dev-server"
   },
   "dependencies": {
-    "@babel/runtime": "^7.23.2",
-    "botbuilder-core": "^4.5.1",
-    "botbuilder-dialogs": "~4.5.1",
-    "botframework-directlinejs": "~0.11.2",
-    "botframework-webchat": "~4.16.0",
-    "core-js": "^3.1.4"
+    "@babel/runtime": "^7.25.6",
+    "botbuilder-core": "4.1.6",
+    "botbuilder-dialogs": "4.1.6",
+    "botframework-directlinejs": "~0.15.5",
+    "botframework-webchat": "~4.18.0",
+    "core-js": "^3.38.1",
+    "process": "^0.11.10"
   },
   "devDependencies": {
-    "@babel/cli": "^7.23.0",
-    "@babel/core": "^7.23.2",
+    "@babel/cli": "^7.25.6",
+    "@babel/core": "^7.25.2",
     "@babel/plugin-proposal-class-properties": "^7.18.6",
-    "@babel/preset-env": "^7.23.2",
-    "@babel/preset-typescript": "^7.23.2",
-    "@babel/runtime": "^7.23.2",
-    "babel-loader": "^8.0.6",
+    "@babel/preset-env": "^7.25.4",
+    "@babel/preset-typescript": "^7.24.7",
+    "@babel/runtime": "^7.25.6",
+    "babel-loader": "^9.2.1",
     "browserify": "^17.0.0",
     "clean-webpack-plugin": "^4.0.0",
-    "copy-webpack-plugin": "^11.0.0",
-    "css-loader": "^6.11.0",
-    "react": "~16.8.6",
-    "react-dom": "~16.8.6",
-    "regenerator-runtime": "^0.13.2",
+    "copy-webpack-plugin": "^12.0.2",
+    "crypto-browserify": "^3.12.0",
+    "css-loader": "^7.1.2",
+    "react": "~18.3.1",
+    "react-dom": "~18.3.1",
+    "regenerator-runtime": "^0.14.1",
     "stream-browserify": "^3.0.0",
-    "style-loader": "^0.23.1",
-    "webpack": "^5.94.0",
+    "style-loader": "^4.0.0",
+    "webpack": "^5.95.0",
     "webpack-cli": "^5.1.4",
-    "webpack-dev-server": "^4.15.2"
-  },
-  "resolutions": {
-    "botframework-webchat/sanitize-html": "^2.13.0",
-    "@microsoft/recognizers-text-number": "~1.3.1"
-  },
-  "overrides": {
-    "botframework-webchat/sanitize-html": "^2.13.0",
-    "@microsoft/recognizers-text-number": "~1.3.1"
+    "webpack-dev-server": "^5.1.0"
   }
 }

testing/browser-functional/browser-echo-bot/src/css/app.css

@@ -9,19 +9,6 @@ body {
     box-sizing: content-box;
 }
 
-section {
-    position: absolute;
-    top: 0;
-    bottom: 0;
-    left: 0;
-    right: 0;
-    margin: 10px;
-    padding: 10px;
-    border: 1px solid #d1d1d1;
-    display: flex;
-    overflow: hidden;
-}
-
 section > div:first-child {
     width: 100%;
 }

testing/browser-functional/browser-echo-bot/webpack.config.js

@@ -61,9 +61,10 @@ module.exports = {
             tls: false,
             vm: false,
             path: false,
-            crypto: false,
+            crypto: require.resolve('crypto-browserify'),
             stream: require.resolve('stream-browserify'),
-            buffer: require.resolve('buffer')
+            buffer: require.resolve('buffer'),
+            'process/browser': require.resolve('process/browser'),
         },
     },
     output: {

testing/browser-functional/browser-tests-build-ci.yml

@@ -42,8 +42,11 @@ steps:
     cp "%GECKOWEBDRIVER%/geckodriver.exe" "testing/browser-functional/drivers"
   displayName: use browser drivers
 
-- script: cd testing/browser-functional/browser-echo-bot && yarn && yarn build
-  displayName: yarn install and build browser-echo-bot
+- script: yarn --network-timeout 600000
+  displayName: yarn install
+
+- script: yarn build
+  displayName: yarn build
 
 - task: PowerShell@2
   inputs:
@@ -75,9 +78,6 @@ steps:
      echo "# Deploy source code"
      call az webapp deployment source config-zip --resource-group "$(TestResourceGroup)" --name "$(TestWebApp)" --src "$(System.DefaultWorkingDirectory)/testing/browser-functional/browser-echo-bot/browser-echo-bot.zip"
 
-- script: yarn --network-timeout 600000
-  displayName: yarn install
-
 - script: yarn browser-functional-test chrome
   displayName: run chrome tests