Merge branch 'main' into patch-1

Author: rodrigobr-msft

experimental/bicep-scripts/README.md

@@ -0,0 +1,29 @@
+## Scripts
+
+- `decompose.ps1`
+    - This command will configuration details for the Azure Bot Service resource, including its Connections and Channels. If an application ID is provided, the script will also print the configuration of the App Registration.
+    - Usage:
+```bash
+    ./decompose.ps1 -g RESOURCE_GROUP -n BOT_NAME -APP_ID  OPTIONAL_APP_ID
+```
+
+
+- `gen_teams_manifest.ps1`
+    - This command will create the file `./bot/manifest.json`, allowing you to zip the contents of the `./bot` directory and import the Agent into teams.
+    - Usage:
+```
+    ./gen_teams_manifest.ps1 -APP_ID APP_ID
+```
+
+
+
+## Directories
+
+- `bicep`: common bicep scripts used by the samples provisioning scripts
+
+- `samples`
+    - `quickstart`: provisioning script for the Quickstart sample
+    - `auto-signin`: provisioning scripts for the Auto Sign-In sample
+    - `obo-authorization`: provisioning scripts for the OBO Authorization sample
+
+- `bot`: Destination of `manifest.json` file created by `gen_teams_manifest.ps1`. The resulting contents can be used to deploy an Agent to Teams.

experimental/bicep-scripts/bicep/bicepconfig.json

@@ -0,0 +1,9 @@
+{
+    "experimentalFeaturesEnabled": {
+        "extensibility": true
+    },
+    // specify an alias for the version of the v1.0 dynamic types package you want to use
+    "extensions": {
+      "microsoftGraphV1": "br:mcr.microsoft.com/bicep/extensions/microsoftgraph/v1.0:0.2.0-preview"
+    }
+}

experimental/bicep-scripts/bicep/bot.bicep

@@ -0,0 +1,36 @@
+@description('The name of the Azure Bot resource.')
+param botName string
+
+@description('The ID for an existing App Registration')
+param appId string
+
+@description('The endpoint for the bot service.')
+param endpoint string
+
+@description('The location for the bot service.')
+param location string
+
+resource azureBot 'microsoft.botService/botServices@2023-09-15-preview' = {
+  name: botName
+  location: location
+  kind: 'azurebot'
+  properties: {
+    displayName: botName
+    msaAppId: appId
+    endpoint: endpoint
+    msaAppType: 'SingleTenant'
+    msaAppTenantId: tenant().tenantId
+    // schemaTransformationVersion: '1.3'
+  }
+}
+
+resource msteams 'microsoft.botService/botServices/channels@2023-09-15-preview' = {
+  parent: azureBot
+  location: location
+  name: 'MsTeamsChannel'
+  properties: {
+    channelName: 'MsTeamsChannel'
+  }
+}
+
+output appId string = azureBot.id

experimental/bicep-scripts/bicep/oauth_app.bicep

@@ -0,0 +1,137 @@
+extension microsoftGraphV1
+
+param endpoint string
+param botName string
+
+@allowed([
+  'aadv2'
+])
+param oauthType string = 'aadv2' // for later
+var appName = '${botName}-oauth-app'
+
+// for when creating a brand new app registration
+// we need to be able to access the app ID
+resource appRegistrationBase 'Microsoft.Graph/[email protected]' = {
+  displayName: appName
+  uniqueName: appName
+  signInAudience: 'AzureADMyOrg'
+  owners: {
+    relationships: [ deployer().objectId ]
+  }
+
+  // Corresponds to "Authentication" section
+  web: {
+    homePageUrl: '${endpoint}/api/messages'
+    implicitGrantSettings: {
+      enableAccessTokenIssuance: true
+      enableIdTokenIssuance: true
+    }
+    redirectUris: [
+      'https://token.botframework.com/.auth/web/redirect'
+    ]
+  }
+  publicClient: {
+    redirectUris: [
+      'http://localhost'
+      'msal79e090f7-bb8e-4b24-b966-1e88178962c6://auth'
+      'https://login.live.com/oauth20_desktop.srf'
+      '${environment().authentication.loginEndpoint}common/oauth2/nativeclient'
+    ]
+  }
+  isFallbackPublicClient: true // idk what this does
+
+  // Corresponds to "Expose an API" section
+  api: {
+    oauth2PermissionScopes: [
+      {
+        adminConsentDescription: 'defaultScope'
+        adminConsentDisplayName: 'defaultScope'
+        id: guid(resourceGroup().id, botName, 'defaultScope')
+        isEnabled: true
+        type: 'User'
+        userConsentDescription: 'Allows the bot to access your data.'
+        userConsentDisplayName: 'Access your data'
+        value: 'defaultScope'
+      }
+    ]
+    preAuthorizedApplications: [
+      {
+        appId: '5e3ce6c0-2b1f-4285-8d4b-75ee78787346' // Teams web application
+        delegatedPermissionIds: [
+          guid(resourceGroup().id, botName, 'defaultScope')
+        ]
+      }
+      {
+        appId: '1fec8e78-bce4-4aaf-ab1b-5451cc387264' // Teams mobile/desktop application
+        delegatedPermissionIds: [
+          guid(resourceGroup().id, botName, 'defaultScope')
+        ]
+      }
+    ]
+  }
+
+  // Corresponds to "API permmissions" section
+  requiredResourceAccess: [
+    {
+      resourceAppId: '8578e004-a5c6-46e7-913e-12f58912df43' // Power Platform API
+      resourceAccess: [
+        {
+          id: '204440d3-c1d0-4826-b570-99eb6f5e2aeb' // CopilotStudio.Copilots.Invoke
+          type: 'Scope'
+        }
+      ]
+    }
+    {
+      resourceAppId: '00000003-0000-0000-c000-000000000000' // Microsoft Graph
+      resourceAccess: [
+        {
+          id: 'e1fe6dd8-ba31-4d61-89e7-88639da4683d' // User.Read
+          type: 'Scope'
+        }
+        {
+          id: '14dad69e-099b-42c9-810b-d002981feec1' // profile
+          type: 'Scope'
+        }
+        {
+          id: '37f7f235-527c-4136-accd-4a02d197296e' // openid
+          type: 'Scope'
+        }
+      ]
+    }
+    {
+      resourceAppId: '00000007-0000-0000-c000-000000000000' // Dynamics CRM
+      resourceAccess: [
+        {
+          id: '78ce3f0f-a1ce-49c2-8cde-64b5c0896db4' // user_impersonation
+          type: 'Scope'
+        }
+      ]
+    }
+  ]
+}
+
+resource servicePrincipal 'Microsoft.Graph/[email protected]' = {
+  appId: appRegistrationBase.appId
+  accountEnabled: true
+  servicePrincipalType: 'Application'
+}
+
+// use existing app ID to set up API
+// should overwrite existing app registration
+resource appRegistration 'Microsoft.Graph/[email protected]' = {
+  displayName: appName
+  uniqueName: appName
+  signInAudience: appRegistrationBase.signInAudience
+  web: appRegistrationBase.web
+  publicClient: appRegistrationBase.publicClient
+  isFallbackPublicClient: appRegistrationBase.isFallbackPublicClient
+  api: appRegistrationBase.api
+  requiredResourceAccess: appRegistrationBase.requiredResourceAccess
+
+  // Application ID URI from "Expose an API"
+  identifierUris: [
+    'api://botid-${appRegistrationBase.appId}'
+  ]
+}
+
+output appId string = appRegistration.appId

experimental/bicep-scripts/bicep/simple_app.bicep

@@ -0,0 +1,20 @@
+extension microsoftGraphV1
+
+param botName string
+
+resource app 'Microsoft.Graph/[email protected]' = {
+  displayName: '${botName}-app'
+  uniqueName: '${botName}-app'
+  signInAudience: 'AzureADMyOrg'
+  owners: {
+    relationships: [ deployer().objectId ]
+  }
+}
+
+resource servicePrincipal 'Microsoft.Graph/[email protected]' = {
+  appId: app.appId
+  accountEnabled: true
+  servicePrincipalType: 'Application'
+}
+
+output appId string = app.appId

experimental/bicep-scripts/bot/color.png

@@ -0,0 +1,64 @@
+{
+  "$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v/MicrosoftTeams.schema.json",
+  "version": "1.0.0",
+  "manifestVersion": "",
+  "id": "643bbcc0-be45-46d5-838c-b8390347bf49",
+  "name": {
+    "short": "Testing Teams SSO Auth",
+    "full": "Testing Teams Single Sign On Sample"
+  },
+  "developer": {
+    "name": "Microsoft",
+    "mpnId": "",
+    "websiteUrl": "https://example.azurewebsites.net",
+    "privacyUrl": "https://example.azurewebsites.net/privacy",
+    "termsOfUseUrl": "https://example.azurewebsites.net/termsofuse"
+  },
+  "description": {
+    "short": "1Test Teams SSO Auth",
+    "full": "1This is a bot for testing Single Sign on for Teams"
+  },
+  "icons": {
+    "outline": "outline.png",
+    "color": "color.png"
+  },
+  "accentColor": "#FFFFFF",
+  "staticTabs": [
+    {
+      "entityId": "conversations",
+      "name": "Chat",
+      "scopes": [
+        "personal"
+      ]
+    },
+    {
+      "entityId": "about",
+      "name": "",
+      "scopes": [
+        "personal"
+      ]
+    }
+  ],
+  "bots": [
+    {
+      "botId": "79e090f7-bb8e-4b24-b966-1e88178962c6",
+      "scopes": [
+        "personal",
+        "team",
+        "groupchat"
+      ],
+      "isNotificationOnly": false,
+      "supportsCalling": false,
+      "supportsVideo": false,
+      "supportsFiles": false
+    }
+  ],
+  "validDomains": [
+    "token.botframework.com",
+    "ngrok.io"
+  ],
+  "webApplicationInfo": {
+    "id": "79e090f7-bb8e-4b24-b966-1e88178962c6",
+    "resource": "api://botid-79e090f7-bb8e-4b24-b966-1e88178962c6/access_as_user"
+  }
+}

experimental/bicep-scripts/bot/manifest.json

@@ -0,0 +1,38 @@
+# References for ARM and Graph resource types
+# https://learn.microsoft.com/en-us/azure/templates/microsoft.botservice/botservices?pivots=deployment-language-bicep
+# https://learn.microsoft.com/en-us/graph/templates/bicep/reference/applications?view=graph-bicep-1.0
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory=$true)]
+    [Alias('g')]
+    [string]$RESOURCE_GROUP,
+
+    [Parameter(Mandatory=$true)]
+    [Alias('n')]
+    [string]$BOT_NAME,
+
+    [string]$APP_ID=''
+)
+
+if ($APP_ID -ne '') {
+    Write-Output 'Showing App Registration Details:\n'
+    az ad app show --id $APP_ID
+    Write-Output '\nAssociated federated-credential list:'
+    az ad app federated-credential list --id $APP_ID
+}
+
+$CHANNEL_NAME_LIST = @('msteams', 'webchat', 'directline')
+
+# Azure Bot Service Channels
+Write-Output 'Showing configured channels (from a non-exhaustive list)'
+foreach($channel_name in $CHANNEL_NAME_LIST) {
+    Write-Output "Channel: $channel_name"
+    az bot $CHANNEL_NAME show -n $BOT_NAME -g $RESOURCE_GROUP
+    Write-Output '\n'
+}
+
+# Azure Bot Service Connections
+Write-Output 'Showing connections'
+az bot authsetting list -n $BOT_NAME -g $RESOURCE_GROUP
+Write-Output '\n'