botframework-connector - npm Package Compare versions

83

lib/auth/channelValidation.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -24,10 +33,12 @@ const authenticationConstants_1 = require("./authenticationConstants");
		*/
		async function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId) {
		const identity = await authenticateChannelToken(authHeader, credentials, channelId);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const identity = yield authenticateChannelToken(authHeader, credentials, channelId);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		});
		}
		@@ -42,6 +53,8 @@ ChannelValidation.authenticateChannelTokenWithServiceUrl = authenticateChannelTokenWithServiceUrl;
		*/
		async function authenticateChannelToken(authHeader, credentials, channelId) {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(ChannelValidation.ToBotFromChannelTokenValidationParameters, ChannelValidation.OpenIdMetadataEndpoint ? ChannelValidation.OpenIdMetadataEndpoint : authenticationConstants_1.AuthenticationConstants.ToBotFromChannelOpenIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = await tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return await validateIdentity(identity, credentials);
		function authenticateChannelToken(authHeader, credentials, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(ChannelValidation.ToBotFromChannelTokenValidationParameters, ChannelValidation.OpenIdMetadataEndpoint ? ChannelValidation.OpenIdMetadataEndpoint : authenticationConstants_1.AuthenticationConstants.ToBotFromChannelOpenIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = yield tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return yield validateIdentity(identity, credentials);
		});
		}
		@@ -55,24 +68,26 @@ ChannelValidation.authenticateChannelToken = authenticateChannelToken;
		*/
		async function validateIdentity(identity, credentials) {
		if (!identity \|\| !identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== authenticationConstants_1.AuthenticationConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(await credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		function validateIdentity(identity, credentials) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!identity \|\| !identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== authenticationConstants_1.AuthenticationConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(yield credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		});
		}
		@@ -79,0 +94,0 @@ ChannelValidation.validateIdentity = validateIdentity;

111

lib/auth/emulatorValidation.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -91,54 +100,56 @@ /**
		*/
		async function authenticateEmulatorToken(authHeader, credentials, channelService, channelId) {
		const openIdMetadataUrl = (channelService !== undefined && jwtTokenValidation_1.JwtTokenValidation.isGovernment(channelService)) ?
		governmentConstants_1.GovernmentConstants.ToBotFromEmulatorOpenIdMetadataUrl :
		authenticationConstants_1.AuthenticationConstants.ToBotFromEmulatorOpenIdMetadataUrl;
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(EmulatorValidation.ToBotFromEmulatorTokenValidationParameters, openIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = await tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		const versionClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.VersionClaim);
		if (versionClaim === null) {
		throw new Error('Unauthorized. "ver" claim is required on Emulator Tokens.');
		}
		let appId = '';
		// The Emulator, depending on Version, sends the AppId via either the
		// appid claim (Version 1) or the Authorized Party claim (Version 2).
		if (!versionClaim \|\| versionClaim === '1.0') {
		// either no Version or a version of "1.0" means we should look for
		// the claim in the "appid" claim.
		const appIdClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AppIdClaim);
		if (!appIdClaim) {
		// No claim around AppID. Not Authorized.
		throw new Error('Unauthorized. "appid" claim is required on Emulator Token version "1.0".');
		function authenticateEmulatorToken(authHeader, credentials, channelService, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const openIdMetadataUrl = (channelService !== undefined && jwtTokenValidation_1.JwtTokenValidation.isGovernment(channelService)) ?
		governmentConstants_1.GovernmentConstants.ToBotFromEmulatorOpenIdMetadataUrl :
		authenticationConstants_1.AuthenticationConstants.ToBotFromEmulatorOpenIdMetadataUrl;
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(EmulatorValidation.ToBotFromEmulatorTokenValidationParameters, openIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = yield tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		appId = appIdClaim;
		}
		else if (versionClaim === '2.0') {
		// Emulator, "2.0" puts the AppId in the "azp" claim.
		const appZClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AuthorizedParty);
		if (!appZClaim) {
		// No claim around AppID. Not Authorized.
		throw new Error('Unauthorized. "azp" claim is required on Emulator Token version "2.0".');
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		appId = appZClaim;
		}
		else {
		// Unknown Version. Not Authorized.
		throw new Error(`Unauthorized. Unknown Emulator Token version "${versionClaim}".`);
		}
		if (!await credentials.isValidAppId(appId)) {
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${appId}`);
		}
		return identity;
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		const versionClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.VersionClaim);
		if (versionClaim === null) {
		throw new Error('Unauthorized. "ver" claim is required on Emulator Tokens.');
		}
		let appId = '';
		// The Emulator, depending on Version, sends the AppId via either the
		// appid claim (Version 1) or the Authorized Party claim (Version 2).
		if (!versionClaim \|\| versionClaim === '1.0') {
		// either no Version or a version of "1.0" means we should look for
		// the claim in the "appid" claim.
		const appIdClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AppIdClaim);
		if (!appIdClaim) {
		// No claim around AppID. Not Authorized.
		throw new Error('Unauthorized. "appid" claim is required on Emulator Token version "1.0".');
		}
		appId = appIdClaim;
		}
		else if (versionClaim === '2.0') {
		// Emulator, "2.0" puts the AppId in the "azp" claim.
		const appZClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AuthorizedParty);
		if (!appZClaim) {
		// No claim around AppID. Not Authorized.
		throw new Error('Unauthorized. "azp" claim is required on Emulator Token version "2.0".');
		}
		appId = appZClaim;
		}
		else {
		// Unknown Version. Not Authorized.
		throw new Error(`Unauthorized. Unknown Emulator Token version "${versionClaim}".`);
		}
		if (!(yield credentials.isValidAppId(appId))) {
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${appId}`);
		}
		return identity;
		});
		}
		@@ -145,0 +156,0 @@ EmulatorValidation.authenticateEmulatorToken = authenticateEmulatorToken;

95

lib/auth/enterpriseChannelValidation.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -25,10 +34,12 @@ const channelValidation_1 = require("./channelValidation");
		*/
		async function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId, channelService) {
		const identity = await authenticateChannelToken(authHeader, credentials, channelId, channelService);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId, channelService) {
		return __awaiter(this, void 0, void 0, function* () {
		const identity = yield authenticateChannelToken(authHeader, credentials, channelId, channelService);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		});
		}
		@@ -43,8 +54,10 @@ EnterpriseChannelValidation.authenticateChannelTokenWithServiceUrl = authenticateChannelTokenWithServiceUrl;
		*/
		async function authenticateChannelToken(authHeader, credentials, channelId, channelService) {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(EnterpriseChannelValidation.ToBotFromEnterpriseChannelTokenValidationParameters, channelValidation_1.ChannelValidation.OpenIdMetadataEndpoint ?
		channelValidation_1.ChannelValidation.OpenIdMetadataEndpoint :
		authenticationConstants_1.AuthenticationConstants.ToBotFromEnterpriseChannelOpenIdMetadataUrlFormat.replace('{channelService}', channelService), authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = await tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return await validateIdentity(identity, credentials);
		function authenticateChannelToken(authHeader, credentials, channelId, channelService) {
		return __awaiter(this, void 0, void 0, function* () {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(EnterpriseChannelValidation.ToBotFromEnterpriseChannelTokenValidationParameters, channelValidation_1.ChannelValidation.OpenIdMetadataEndpoint ?
		channelValidation_1.ChannelValidation.OpenIdMetadataEndpoint :
		authenticationConstants_1.AuthenticationConstants.ToBotFromEnterpriseChannelOpenIdMetadataUrlFormat.replace('{channelService}', channelService), authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = yield tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return yield validateIdentity(identity, credentials);
		});
		}
		@@ -58,28 +71,30 @@ EnterpriseChannelValidation.authenticateChannelToken = authenticateChannelToken;
		*/
		async function validateIdentity(identity, credentials) {
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== authenticationConstants_1.AuthenticationConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(await credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		function validateIdentity(identity, credentials) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== authenticationConstants_1.AuthenticationConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(yield credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		});
		}
		@@ -86,0 +101,0 @@ EnterpriseChannelValidation.validateIdentity = validateIdentity;

93

lib/auth/governmentChannelValidation.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -25,10 +34,12 @@ const authenticationConstants_1 = require("./authenticationConstants");
		*/
		async function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId) {
		const identity = await authenticateChannelToken(authHeader, credentials, channelId);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		function authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const identity = yield authenticateChannelToken(authHeader, credentials, channelId);
		const serviceUrlClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.ServiceUrlClaim);
		if (serviceUrlClaim !== serviceUrl) {
		// Claim must match. Not Authorized.
		throw new Error('Unauthorized. ServiceUrl claim do not match.');
		}
		return identity;
		});
		}
		@@ -43,7 +54,9 @@ GovernmentChannelValidation.authenticateChannelTokenWithServiceUrl = authenticateChannelTokenWithServiceUrl;
		*/
		async function authenticateChannelToken(authHeader, credentials, channelId) {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(GovernmentChannelValidation.ToBotFromGovernmentChannelTokenValidationParameters, GovernmentChannelValidation.OpenIdMetadataEndpoint ?
		GovernmentChannelValidation.OpenIdMetadataEndpoint : governmentConstants_1.GovernmentConstants.ToBotFromChannelOpenIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = await tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return await validateIdentity(identity, credentials);
		function authenticateChannelToken(authHeader, credentials, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const tokenExtractor = new jwtTokenExtractor_1.JwtTokenExtractor(GovernmentChannelValidation.ToBotFromGovernmentChannelTokenValidationParameters, GovernmentChannelValidation.OpenIdMetadataEndpoint ?
		GovernmentChannelValidation.OpenIdMetadataEndpoint : governmentConstants_1.GovernmentConstants.ToBotFromChannelOpenIdMetadataUrl, authenticationConstants_1.AuthenticationConstants.AllowedSigningAlgorithms);
		const identity = yield tokenExtractor.getIdentityFromAuthHeader(authHeader, channelId);
		return yield validateIdentity(identity, credentials);
		});
		}
		@@ -57,28 +70,30 @@ GovernmentChannelValidation.authenticateChannelToken = authenticateChannelToken;
		*/
		async function validateIdentity(identity, credentials) {
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== governmentConstants_1.GovernmentConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(await credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		function validateIdentity(identity, credentials) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!identity) {
		// No valid identity. Not Authorized.
		throw new Error('Unauthorized. No valid identity.');
		}
		if (!identity.isAuthenticated) {
		// The token is in some way invalid. Not Authorized.
		throw new Error('Unauthorized. Is not authenticated');
		}
		// Now check that the AppID in the claimset matches
		// what we're looking for. Note that in a multi-tenant bot, this value
		// comes from developer code that may be reaching out to a service, hence the
		// Async validation.
		// Look for the "aud" claim, but only if issued from the Bot Framework
		if (identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.IssuerClaim) !== governmentConstants_1.GovernmentConstants.ToBotFromChannelTokenIssuer) {
		// The relevant Audiance Claim MUST be present. Not Authorized.
		throw new Error('Unauthorized. Issuer Claim MUST be present.');
		}
		// The AppId from the claim in the token must match the AppId specified by the developer.
		// In this case, the token is destined for the app, so we find the app ID in the audience claim.
		const audClaim = identity.getClaimValue(authenticationConstants_1.AuthenticationConstants.AudienceClaim);
		if (!(yield credentials.isValidAppId(audClaim \|\| ''))) {
		// The AppId is not valid or not present. Not Authorized.
		throw new Error(`Unauthorized. Invalid AppId passed on token: ${audClaim}`);
		}
		return identity;
		});
		}
		@@ -85,0 +100,0 @@ GovernmentChannelValidation.validateIdentity = validateIdentity;

129

lib/auth/jwtTokenExtractor.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -16,3 +25,3 @@ /**
		constructor(tokenValidationParameters, metadataUrl, allowedSigningAlgorithms) {
		this.tokenValidationParameters = { ...tokenValidationParameters };
		this.tokenValidationParameters = Object.assign({}, tokenValidationParameters);
		this.tokenValidationParameters.algorithms = allowedSigningAlgorithms;
		@@ -29,29 +38,33 @@ this.openIdMetadata = JwtTokenExtractor.getOrAddOpenIdMetadata(metadataUrl);
		}
		async getIdentityFromAuthHeader(authorizationHeader, channelId) {
		if (!authorizationHeader) {
		getIdentityFromAuthHeader(authorizationHeader, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!authorizationHeader) {
		return null;
		}
		const parts = authorizationHeader.split(' ');
		if (parts.length === 2) {
		return yield this.getIdentity(parts[0], parts[1], channelId);
		}
		return null;
		}
		const parts = authorizationHeader.split(' ');
		if (parts.length === 2) {
		return await this.getIdentity(parts[0], parts[1], channelId);
		}
		return null;
		});
		}
		async getIdentity(scheme, parameter, channelId) {
		// No header in correct scheme or no token
		if (scheme !== 'Bearer' \|\| !parameter) {
		return null;
		}
		// Issuer isn't allowed? No need to check signature
		if (!this.hasAllowedIssuer(parameter)) {
		return null;
		}
		try {
		return await this.validateToken(parameter, channelId);
		}
		catch (err) {
		// tslint:disable-next-line:no-console
		console.error('JwtTokenExtractor.getIdentity:err!', err);
		throw err;
		}
		getIdentity(scheme, parameter, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		// No header in correct scheme or no token
		if (scheme !== 'Bearer' \|\| !parameter) {
		return null;
		}
		// Issuer isn't allowed? No need to check signature
		if (!this.hasAllowedIssuer(parameter)) {
		return null;
		}
		try {
		return yield this.validateToken(parameter, channelId);
		}
		catch (err) {
		// tslint:disable-next-line:no-console
		console.error('JwtTokenExtractor.getIdentity:err!', err);
		throw err;
		}
		});
		}
		@@ -69,36 +82,38 @@ hasAllowedIssuer(jwtToken) {
		}
		async validateToken(jwtToken, channelId) {
		const decodedToken = jwt.decode(jwtToken, { complete: true });
		// Update the signing tokens from the last refresh
		const keyId = decodedToken.header.kid;
		const metadata = await this.openIdMetadata.getKey(keyId);
		if (!metadata) {
		throw new Error('Signing Key could not be retrieved.');
		}
		try {
		const decodedPayload = jwt.verify(jwtToken, metadata.key, this.tokenValidationParameters);
		// enforce endorsements in openIdMetadadata if there is any endorsements associated with the key
		const endorsements = metadata.endorsements;
		if (Array.isArray(endorsements) && endorsements.length !== 0) {
		const isEndorsed = endorsementsValidator_1.EndorsementsValidator.validate(channelId, endorsements);
		if (!isEndorsed) {
		throw new Error(`Could not validate endorsement for key: ${keyId} with endorsements: ${endorsements.join(',')}`);
		}
		validateToken(jwtToken, channelId) {
		return __awaiter(this, void 0, void 0, function* () {
		const decodedToken = jwt.decode(jwtToken, { complete: true });
		// Update the signing tokens from the last refresh
		const keyId = decodedToken.header.kid;
		const metadata = yield this.openIdMetadata.getKey(keyId);
		if (!metadata) {
		throw new Error('Signing Key could not be retrieved.');
		}
		if (this.tokenValidationParameters.algorithms) {
		if (this.tokenValidationParameters.algorithms.indexOf(decodedToken.header.alg) === -1) {
		throw new Error(`"Token signing algorithm '${decodedToken.header.alg}' not in allowed list`);
		try {
		const decodedPayload = jwt.verify(jwtToken, metadata.key, this.tokenValidationParameters);
		// enforce endorsements in openIdMetadadata if there is any endorsements associated with the key
		const endorsements = metadata.endorsements;
		if (Array.isArray(endorsements) && endorsements.length !== 0) {
		const isEndorsed = endorsementsValidator_1.EndorsementsValidator.validate(channelId, endorsements);
		if (!isEndorsed) {
		throw new Error(`Could not validate endorsement for key: ${keyId} with endorsements: ${endorsements.join(',')}`);
		}
		}
		if (this.tokenValidationParameters.algorithms) {
		if (this.tokenValidationParameters.algorithms.indexOf(decodedToken.header.alg) === -1) {
		throw new Error(`"Token signing algorithm '${decodedToken.header.alg}' not in allowed list`);
		}
		}
		const claims = Object.keys(decodedPayload).reduce((acc, key) => {
		acc.push({ type: key, value: decodedPayload[key] });
		return acc;
		}, []);
		return new claimsIdentity_1.ClaimsIdentity(claims, true);
		}
		const claims = Object.keys(decodedPayload).reduce((acc, key) => {
		acc.push({ type: key, value: decodedPayload[key] });
		return acc;
		}, []);
		return new claimsIdentity_1.ClaimsIdentity(claims, true);
		}
		catch (err) {
		// tslint:disable-next-line:no-console
		console.error(`Error finding key for token. Available keys: ${metadata.key}`);
		throw err;
		}
		catch (err) {
		// tslint:disable-next-line:no-console
		console.error(`Error finding key for token. Available keys: ${metadata.key}`);
		throw err;
		}
		});
		}
		@@ -105,0 +120,0 @@ }

77

lib/auth/jwtTokenValidation.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -19,40 +28,44 @@ const channelValidation_1 = require("./channelValidation");
		*/
		async function authenticateRequest(activity, authHeader, credentials, channelService) {
		if (!authHeader.trim()) {
		const isAuthDisabled = await credentials.isAuthenticationDisabled();
		if (isAuthDisabled) {
		return new claimsIdentity_1.ClaimsIdentity([], true);
		function authenticateRequest(activity, authHeader, credentials, channelService) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!authHeader.trim()) {
		const isAuthDisabled = yield credentials.isAuthenticationDisabled();
		if (isAuthDisabled) {
		return new claimsIdentity_1.ClaimsIdentity([], true);
		}
		throw new Error('Unauthorized Access. Request is not authorized');
		}
		throw new Error('Unauthorized Access. Request is not authorized');
		}
		const claimsIdentity = await validateAuthHeader(authHeader, credentials, channelService, activity.channelId, activity.serviceUrl);
		microsoftAppCredentials_1.MicrosoftAppCredentials.trustServiceUrl(activity.serviceUrl);
		return claimsIdentity;
		const claimsIdentity = yield validateAuthHeader(authHeader, credentials, channelService, activity.channelId, activity.serviceUrl);
		microsoftAppCredentials_1.MicrosoftAppCredentials.trustServiceUrl(activity.serviceUrl);
		return claimsIdentity;
		});
		}
		JwtTokenValidation.authenticateRequest = authenticateRequest;
		async function validateAuthHeader(authHeader, credentials, channelService, channelId, serviceUrl = '') {
		if (!authHeader.trim()) {
		throw new Error('\'authHeader\' required.');
		}
		const usingEmulator = emulatorValidation_1.EmulatorValidation.isTokenFromEmulator(authHeader);
		if (usingEmulator) {
		return await emulatorValidation_1.EmulatorValidation.authenticateEmulatorToken(authHeader, credentials, channelService, channelId);
		}
		if (isPublicAzure(channelService)) {
		if (serviceUrl.trim()) {
		return await channelValidation_1.ChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId);
		function validateAuthHeader(authHeader, credentials, channelService, channelId, serviceUrl = '') {
		return __awaiter(this, void 0, void 0, function* () {
		if (!authHeader.trim()) {
		throw new Error('\'authHeader\' required.');
		}
		return await channelValidation_1.ChannelValidation.authenticateChannelToken(authHeader, credentials, channelId);
		}
		if (isGovernment(channelService)) {
		const usingEmulator = emulatorValidation_1.EmulatorValidation.isTokenFromEmulator(authHeader);
		if (usingEmulator) {
		return yield emulatorValidation_1.EmulatorValidation.authenticateEmulatorToken(authHeader, credentials, channelService, channelId);
		}
		if (isPublicAzure(channelService)) {
		if (serviceUrl.trim()) {
		return yield channelValidation_1.ChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId);
		}
		return yield channelValidation_1.ChannelValidation.authenticateChannelToken(authHeader, credentials, channelId);
		}
		if (isGovernment(channelService)) {
		if (serviceUrl.trim()) {
		return yield governmentChannelValidation_1.GovernmentChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId);
		}
		return yield governmentChannelValidation_1.GovernmentChannelValidation.authenticateChannelToken(authHeader, credentials, channelId);
		}
		// Otherwise use Enterprise Channel Validation
		if (serviceUrl.trim()) {
		return await governmentChannelValidation_1.GovernmentChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId);
		return yield enterpriseChannelValidation_1.EnterpriseChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId, channelService);
		}
		return await governmentChannelValidation_1.GovernmentChannelValidation.authenticateChannelToken(authHeader, credentials, channelId);
		}
		// Otherwise use Enterprise Channel Validation
		if (serviceUrl.trim()) {
		return await enterpriseChannelValidation_1.EnterpriseChannelValidation.authenticateChannelTokenWithServiceUrl(authHeader, credentials, serviceUrl, channelId, channelService);
		}
		return await enterpriseChannelValidation_1.EnterpriseChannelValidation.authenticateChannelToken(authHeader, credentials, channelId, channelService);
		return yield enterpriseChannelValidation_1.EnterpriseChannelValidation.authenticateChannelToken(authHeader, credentials, channelId, channelService);
		});
		}
		@@ -59,0 +72,0 @@ JwtTokenValidation.validateAuthHeader = validateAuthHeader;

133

lib/auth/microsoftAppCredentials.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -69,69 +78,75 @@ /**
		}
		async signRequest(webResource) {
		if (this.shouldSetToken(webResource)) {
		const token = await this.getToken();
		return new msrest.TokenCredentials(token).signRequest(webResource);
		}
		return webResource;
		signRequest(webResource) {
		return __awaiter(this, void 0, void 0, function* () {
		if (this.shouldSetToken(webResource)) {
		const token = yield this.getToken();
		return new msrest.TokenCredentials(token).signRequest(webResource);
		}
		return webResource;
		});
		}
		async getToken(forceRefresh = false) {
		if (!forceRefresh) {
		// check the global cache for the token. If we have it, and it's valid, we're done.
		const oAuthToken = MicrosoftAppCredentials.cache.get(this.tokenCacheKey);
		if (oAuthToken) {
		// we have the token. Is it valid?
		if (oAuthToken.expiration_time > Date.now()) {
		return oAuthToken.access_token;
		}
		}
		}
		// We need to refresh the token, because:
		// 1. The user requested it via the forceRefresh parameter
		// 2. We have it, but it's expired
		// 3. We don't have it in the cache.
		const res = await this.refreshToken();
		this.refreshingToken = null;
		let oauthResponse;
		if (res.ok) {
		// `res` is equalivent to the results from the cached promise `this.refreshingToken`.
		// Because the promise has been cached, we need to see if the body has been read.
		// If the body has not been read yet, we can call res.json() to get the access_token.
		// If the body has been read, the OAuthResponse for that call should have been cached already,
		// in which case we can return the cache from there. If a cached OAuthResponse does not exist,
		// call getToken() again to retry the authentication process.
		if (!res.bodyUsed) {
		oauthResponse = await res.json();
		// Subtract 5 minutes from expires_in so they'll we'll get a
		// new token before it expires.
		oauthResponse.expiration_time = Date.now() + (oauthResponse.expires_in * 1000) - 300000;
		MicrosoftAppCredentials.cache.set(this.tokenCacheKey, oauthResponse);
		return oauthResponse.access_token;
		}
		else {
		getToken(forceRefresh = false) {
		return __awaiter(this, void 0, void 0, function* () {
		if (!forceRefresh) {
		// check the global cache for the token. If we have it, and it's valid, we're done.
		const oAuthToken = MicrosoftAppCredentials.cache.get(this.tokenCacheKey);
		if (oAuthToken) {
		return oAuthToken.access_token;
		// we have the token. Is it valid?
		if (oAuthToken.expiration_time > Date.now()) {
		return oAuthToken.access_token;
		}
		}
		}
		// We need to refresh the token, because:
		// 1. The user requested it via the forceRefresh parameter
		// 2. We have it, but it's expired
		// 3. We don't have it in the cache.
		const res = yield this.refreshToken();
		this.refreshingToken = null;
		let oauthResponse;
		if (res.ok) {
		// `res` is equalivent to the results from the cached promise `this.refreshingToken`.
		// Because the promise has been cached, we need to see if the body has been read.
		// If the body has not been read yet, we can call res.json() to get the access_token.
		// If the body has been read, the OAuthResponse for that call should have been cached already,
		// in which case we can return the cache from there. If a cached OAuthResponse does not exist,
		// call getToken() again to retry the authentication process.
		if (!res.bodyUsed) {
		oauthResponse = yield res.json();
		// Subtract 5 minutes from expires_in so they'll we'll get a
		// new token before it expires.
		oauthResponse.expiration_time = Date.now() + (oauthResponse.expires_in * 1000) - 300000;
		MicrosoftAppCredentials.cache.set(this.tokenCacheKey, oauthResponse);
		return oauthResponse.access_token;
		}
		else {
		return await this.getToken();
		const oAuthToken = MicrosoftAppCredentials.cache.get(this.tokenCacheKey);
		if (oAuthToken) {
		return oAuthToken.access_token;
		}
		else {
		return yield this.getToken();
		}
		}
		}
		}
		else {
		throw new Error(res.statusText);
		}
		else {
		throw new Error(res.statusText);
		}
		});
		}
		async refreshToken() {
		if (!this.refreshingToken) {
		const params = new FormData();
		params.append('grant_type', 'client_credentials');
		params.append('client_id', this.appId);
		params.append('client_secret', this.appPassword);
		params.append('scope', this.oAuthScope);
		this.refreshingToken = fetch(this.oAuthEndpoint, {
		method: 'POST',
		body: params
		});
		}
		return this.refreshingToken;
		refreshToken() {
		return __awaiter(this, void 0, void 0, function* () {
		if (!this.refreshingToken) {
		const params = new FormData();
		params.append('grant_type', 'client_credentials');
		params.append('client_id', this.appId);
		params.append('client_secret', this.appPassword);
		params.append('scope', this.oAuthScope);
		this.refreshingToken = fetch(this.oAuthEndpoint, {
		method: 'POST',
		body: params
		});
		}
		return this.refreshingToken;
		});
		}
		@@ -138,0 +153,0 @@ shouldSetToken(webResource) {

73

lib/auth/openIdMetadata.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		@@ -19,39 +28,43 @@ /**
		}
		async getKey(keyId) {
		// If keys are more than 5 days old, refresh them
		if (this.lastUpdated < (Date.now() - 1000 * 60 * 60 * 24 * 5)) {
		try {
		await this.refreshCache();
		// Search the cache even if we failed to refresh
		getKey(keyId) {
		return __awaiter(this, void 0, void 0, function* () {
		// If keys are more than 5 days old, refresh them
		if (this.lastUpdated < (Date.now() - 1000 * 60 * 60 * 24 * 5)) {
		try {
		yield this.refreshCache();
		// Search the cache even if we failed to refresh
		const key = this.findKey(keyId);
		return key;
		}
		catch (err) {
		//logger.error('Error retrieving OpenId metadata at ' + this.url + ', error: ' + err.toString());
		// fall through and return cached key on error
		throw err;
		}
		}
		else {
		// Otherwise read from cache
		const key = this.findKey(keyId);
		return key;
		}
		catch (err) {
		//logger.error('Error retrieving OpenId metadata at ' + this.url + ', error: ' + err.toString());
		// fall through and return cached key on error
		throw err;
		}
		}
		else {
		// Otherwise read from cache
		const key = this.findKey(keyId);
		return key;
		}
		});
		}
		async refreshCache() {
		const res = await fetch(this.url);
		if (res.ok) {
		const openIdConfig = await res.json();
		const getKeyResponse = await fetch(openIdConfig.jwks_uri);
		if (getKeyResponse.ok) {
		this.lastUpdated = new Date().getTime();
		this.keys = (await getKeyResponse.json()).keys;
		refreshCache() {
		return __awaiter(this, void 0, void 0, function* () {
		const res = yield fetch(this.url);
		if (res.ok) {
		const openIdConfig = yield res.json();
		const getKeyResponse = yield fetch(openIdConfig.jwks_uri);
		if (getKeyResponse.ok) {
		this.lastUpdated = new Date().getTime();
		this.keys = (yield getKeyResponse.json()).keys;
		}
		else {
		throw new Error(`Failed to load Keys: ${getKeyResponse.status}`);
		}
		}
		else {
		throw new Error(`Failed to load Keys: ${getKeyResponse.status}`);
		throw new Error(`Failed to load openID config: ${res.status}`);
		}
		}
		else {
		throw new Error(`Failed to load openID config: ${res.status}`);
		}
		});
		}
		@@ -58,0 +71,0 @@ findKey(keyId) {

30

lib/connectorApi/operations/conversations.js

		@@ -126,6 +126,3 @@ "use strict";
		parameterPath: "parameters",
		mapper: {
		...Mappers.ConversationParameters,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.ConversationParameters), { required: true })
		},
		@@ -156,6 +153,3 @@ responses: {
		parameterPath: "activity",
		mapper: {
		...Mappers.Activity,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.Activity), { required: true })
		},
		@@ -186,6 +180,3 @@ responses: {
		parameterPath: "history",
		mapper: {
		...Mappers.Transcript,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.Transcript), { required: true })
		},
		@@ -217,6 +208,3 @@ responses: {
		parameterPath: "activity",
		mapper: {
		...Mappers.Activity,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.Activity), { required: true })
		},
		@@ -248,6 +236,3 @@ responses: {
		parameterPath: "activity",
		mapper: {
		...Mappers.Activity,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.Activity), { required: true })
		},
		@@ -383,6 +368,3 @@ responses: {
		parameterPath: "attachmentUpload",
		mapper: {
		...Mappers.AttachmentData,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.AttachmentData), { required: true })
		},
		@@ -389,0 +371,0 @@ responses: {

37

lib/emulatorApiClient.js

		"use strict";
		var __awaiter = (this && this.__awaiter) \|\| function (thisArg, _arguments, P, generator) {
		function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
		return new (P \|\| (P = Promise))(function (resolve, reject) {
		function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
		function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
		function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
		step((generator = generator.apply(thisArg, _arguments \|\| [])).next());
		});
		};
		Object.defineProperty(exports, "__esModule", { value: true });
		class EmulatorApiClient {
		static async emulateOAuthCards(credentials, emulatorUrl, emulate) {
		let token = await credentials.getToken();
		let requestUrl = emulatorUrl + (emulatorUrl.endsWith('/') ? '' : '/') + `api/usertoken/emulateOAuthCards?emulate=${(!!emulate).toString()}`;
		const res = await fetch(requestUrl, {
		method: 'POST',
		headers: {
		Authorization: `Bearer ${token}`
		static emulateOAuthCards(credentials, emulatorUrl, emulate) {
		return __awaiter(this, void 0, void 0, function* () {
		let token = yield credentials.getToken();
		let requestUrl = emulatorUrl + (emulatorUrl.endsWith('/') ? '' : '/') + `api/usertoken/emulateOAuthCards?emulate=${(!!emulate).toString()}`;
		const res = yield fetch(requestUrl, {
		method: 'POST',
		headers: {
		Authorization: `Bearer ${token}`
		}
		});
		if (res.ok) {
		return true;
		}
		else {
		throw new Error(`EmulateOAuthCards failed with status code: ${res.status}`);
		}
		});
		if (res.ok) {
		return true;
		}
		else {
		throw new Error(`EmulateOAuthCards failed with status code: ${res.status}`);
		}
		}
		@@ -20,0 +31,0 @@ }

117

lib/teams/models/mappers.js

		@@ -197,5 +197,3 @@ "use strict";
		className: 'TeamsChannelAccount',
		modelProperties: {
		...exports.ChannelAccount.type.modelProperties,
		givenName: {
		modelProperties: Object.assign(Object.assign({}, exports.ChannelAccount.type.modelProperties), { givenName: {
		serializedName: 'givenName',
		@@ -205,4 +203,3 @@ type: {
		}
		},
		surname: {
		}, surname: {
		serializedName: 'surname',
		@@ -212,4 +209,3 @@ type: {
		}
		},
		email: {
		}, email: {
		serializedName: 'email',
		@@ -219,4 +215,3 @@ type: {
		}
		},
		userPrincipalName: {
		}, userPrincipalName: {
		serializedName: 'userPrincipalName',
		@@ -226,4 +221,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -516,5 +510,3 @@ };
		className: 'O365ConnectorCardViewAction',
		modelProperties: {
		...exports.O365ConnectorCardActionBase.type.modelProperties,
		target: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardActionBase.type.modelProperties), { target: {
		serializedName: 'target',
		@@ -529,4 +521,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -560,5 +551,3 @@ };
		className: 'O365ConnectorCardOpenUri',
		modelProperties: {
		...exports.O365ConnectorCardActionBase.type.modelProperties,
		targets: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardActionBase.type.modelProperties), { targets: {
		serializedName: 'targets',
		@@ -574,4 +563,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -584,5 +572,3 @@ };
		className: 'O365ConnectorCardHttpPOST',
		modelProperties: {
		...exports.O365ConnectorCardActionBase.type.modelProperties,
		body: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardActionBase.type.modelProperties), { body: {
		serializedName: 'body',
		@@ -592,4 +578,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -641,5 +626,3 @@ };
		className: 'O365ConnectorCardActionCard',
		modelProperties: {
		...exports.O365ConnectorCardActionBase.type.modelProperties,
		inputs: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardActionBase.type.modelProperties), { inputs: {
		serializedName: 'inputs',
		@@ -655,4 +638,3 @@ type: {
		}
		},
		actions: {
		}, actions: {
		serializedName: 'actions',
		@@ -668,4 +650,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -678,5 +659,3 @@ };
		className: 'O365ConnectorCardTextInput',
		modelProperties: {
		...exports.O365ConnectorCardInputBase.type.modelProperties,
		isMultiline: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardInputBase.type.modelProperties), { isMultiline: {
		serializedName: 'isMultiline',
		@@ -686,4 +665,3 @@ type: {
		}
		},
		maxLength: {
		}, maxLength: {
		serializedName: 'maxLength',
		@@ -693,4 +671,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -703,5 +680,3 @@ };
		className: 'O365ConnectorCardDateInput',
		modelProperties: {
		...exports.O365ConnectorCardInputBase.type.modelProperties,
		includeTime: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardInputBase.type.modelProperties), { includeTime: {
		serializedName: 'includeTime',
		@@ -711,4 +686,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -742,5 +716,3 @@ };
		className: 'O365ConnectorCardMultichoiceInput',
		modelProperties: {
		...exports.O365ConnectorCardInputBase.type.modelProperties,
		choices: {
		modelProperties: Object.assign(Object.assign({}, exports.O365ConnectorCardInputBase.type.modelProperties), { choices: {
		serializedName: 'choices',
		@@ -756,4 +728,3 @@ type: {
		}
		},
		style: {
		}, style: {
		serializedName: 'style',
		@@ -763,4 +734,3 @@ type: {
		}
		},
		isMultiSelect: {
		}, isMultiSelect: {
		serializedName: 'isMultiSelect',
		@@ -770,4 +740,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -1299,5 +1268,3 @@ };
		className: 'MessagingExtensionAction',
		modelProperties: {
		...exports.TaskModuleRequest.type.modelProperties,
		commandId: {
		modelProperties: Object.assign(Object.assign({}, exports.TaskModuleRequest.type.modelProperties), { commandId: {
		serializedName: 'commandId',
		@@ -1307,4 +1274,3 @@ type: {
		}
		},
		commandContext: {
		}, commandContext: {
		serializedName: 'commandContext',
		@@ -1314,4 +1280,3 @@ type: {
		}
		},
		botMessagePreviewAction: {
		}, botMessagePreviewAction: {
		serializedName: 'botMessagePreviewAction',
		@@ -1321,4 +1286,3 @@ type: {
		}
		},
		botActivityPreview: {
		}, botActivityPreview: {
		serializedName: 'botActivityPreview',
		@@ -1334,4 +1298,3 @@ type: {
		}
		},
		messagePayload: {
		}, messagePayload: {
		serializedName: 'messagePayload',
		@@ -1342,4 +1305,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -1406,5 +1368,3 @@ };
		className: 'MessagingExtensionAttachment',
		modelProperties: {
		...exports.Attachment.type.modelProperties,
		preview: {
		modelProperties: Object.assign(Object.assign({}, exports.Attachment.type.modelProperties), { preview: {
		serializedName: 'preview',
		@@ -1415,4 +1375,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -1750,5 +1709,3 @@ };
		className: 'TaskModuleContinueResponse',
		modelProperties: {
		...exports.TaskModuleResponseBase.type.modelProperties,
		value: {
		modelProperties: Object.assign(Object.assign({}, exports.TaskModuleResponseBase.type.modelProperties), { value: {
		serializedName: 'value',
		@@ -1759,4 +1716,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -1769,5 +1725,3 @@ };
		className: 'TaskModuleMessageResponse',
		modelProperties: {
		...exports.TaskModuleResponseBase.type.modelProperties,
		value: {
		modelProperties: Object.assign(Object.assign({}, exports.TaskModuleResponseBase.type.modelProperties), { value: {
		serializedName: 'value',
		@@ -1777,4 +1731,3 @@ type: {
		}
		}
		}
		} })
		}
		@@ -1781,0 +1734,0 @@ };

5

lib/tokenApi/operations/userToken.js

		@@ -83,6 +83,3 @@ "use strict";
		parameterPath: "aadResourceUrls",
		mapper: {
		...Mappers.AadResourceUrls,
		required: true
		}
		mapper: Object.assign(Object.assign({}, Mappers.AadResourceUrls), { required: true })
		},
		@@ -89,0 +86,0 @@ responses: {

8

package.json

		@@ -5,3 +5,3 @@ {
		"description": "Bot Connector is autorest generated connector client.",
		"version": "4.6.0-preview1",
		"version": "4.6.0",
		"license": "MIT",
		@@ -27,6 +27,5 @@ "keywords": [
		"base64url": "^3.0.0",
		"botframework-schema": "^4.6.0-preview1",
		"botframework-schema": "^4.6.0",
		"form-data": "^2.3.3",
		"jsonwebtoken": "8.0.1",
		"nock": "^10.0.3",
		"node-fetch": "^2.2.1",
		@@ -40,2 +39,3 @@ "rsa-pem-from-mod-exp": "^0.8.4"
		"mocha": "^5.2.0",
		"nock": "^10.0.3",
		"nyc": "^11.4.1",
		@@ -50,3 +50,3 @@ "should": "^13.2.3",
		"clean": "erase /q /s .\\lib",
		"set-version": "npm version --allow-same-version 4.6.0-preview1"
		"set-version": "npm version --allow-same-version 4.6.0"
		},
		@@ -53,0 +53,0 @@ "files": [

lib/auth/channelValidation.js.map