TS Changes for atk.basic in azure and atk.oauth

packages/cli/configs/atk/basic/python/.vscode/launch.json

@@ -49,6 +49,7 @@
         "name": "Start",
         "type": "debugpy",
         "request": "launch",
+        "python": "${workspaceFolder}/.venv/bin/python",
         "program": "${workspaceFolder}/src/main.py",
         "console": "integratedTerminal"
     },

packages/cli/configs/atk/basic/typescript/env/.env.dev

@@ -10,8 +10,10 @@ AZURE_RESOURCE_GROUP_NAME=
 RESOURCE_SUFFIX=
 
 # Generated during provision, you can also add your own variables.
-BOT_ID=
 TEAMS_APP_ID=
+TEAMS_APP_TENANT_ID=
+BOT_ID=
+AAD_APP_OBJECT_ID=
+AAD_APP_TENANT_ID=
 BOT_AZURE_APP_SERVICE_RESOURCE_ID=
 BOT_DOMAIN=
-BOT_TENANT_ID=

packages/cli/configs/atk/basic/typescript/infra/azure.bicep

@@ -3,21 +3,23 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
+@description('Required when create Azure Bot service')
+param botAadAppClientId string
+
+@secure()
+@description('Required by Bot Framework package in your bot project')
+param botAadAppClientSecret string
+
 param webAppSKU string
+param tenantId string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
-param identityName string = resourceBaseName
 param location string = resourceGroup().location
 
-resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  location: location
-  name: identityName
-}
-
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
   kind: 'app'
@@ -41,7 +43,7 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
       appSettings: [
         {
           name: 'WEBSITE_RUN_FROM_PACKAGE'
-          value: '1' // Run Azure App Service from a package file
+          value: '1' // Run Azure APP Service from a package file
         }
         {
           name: 'WEBSITE_NODE_DEFAULT_VERSION'
@@ -53,43 +55,34 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
         }
         {
           name: 'CLIENT_ID'
-          value: identity.properties.clientId
+          value: botAadAppClientId
         }
         {
-          name: 'TENANT_ID'
-          value: identity.properties.tenantId
+          name: 'CLIENT_SECRET'
+          value: botAadAppClientSecret
         }
         {
-          name: 'BOT_TYPE'
-          value: 'UserAssignedMsi'
+          name: 'TENANT_ID'
+          value: tenantId
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${identity.id}': {}
-    }
-  }
 }
 
 // Register your web service as a bot with the Bot Framework
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
   params: {
     resourceBaseName: resourceBaseName
-    identityClientId: identity.properties.clientId
-    identityResourceId: identity.id
-    identityTenantId: identity.properties.tenantId
+    botAadAppClientId: botAadAppClientId
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
+    tenantId: tenantId
   }
 }
 
 // The output will be persisted in .env.{envName}. Visit https://aka.ms/teamsfx-actions/arm-deploy for more details.
 output BOT_AZURE_APP_SERVICE_RESOURCE_ID string = webApp.id
 output BOT_DOMAIN string = webApp.properties.defaultHostName
-output BOT_ID string = identity.properties.clientId
-output BOT_TENANT_ID string = identity.properties.tenantId

packages/cli/configs/atk/basic/typescript/infra/azure.parameters.json.hbs

@@ -8,6 +8,15 @@
     "webAppSKU": {
       "value": "B1"
     },
+    "botAadAppClientId": {
+      "value": "$\{{BOT_ID}}"
+    },
+    "botAadAppClientSecret": {
+      "value": "$\{{SECRET_BOT_PASSWORD}}"
+    },
+    "tenantId": {
+      "value": "$\{{AAD_APP_TENANT_ID}}"
+    },
     "botDisplayName": {
       "value": "{{ toPascalCase name }}Infra"
     }

packages/cli/configs/atk/basic/typescript/infra/botRegistration/azurebot.bicep

@@ -8,10 +8,9 @@ param botDisplayName string
 
 param botServiceName string = resourceBaseName
 param botServiceSku string = 'F0'
-param identityResourceId string
-param identityClientId string
-param identityTenantId string
+param botAadAppClientId string
 param botAppDomain string
+param tenantId string
 
 // Register your web service as a bot with the Bot Framework
 resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
@@ -21,10 +20,9 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
   properties: {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
-    msaAppId: identityClientId
-    msaAppMSIResourceId: identityResourceId
-    msaAppTenantId:identityTenantId
-    msaAppType:'UserAssignedMSI'
+    msaAppId: botAadAppClientId
+    msaAppType: 'SingleTenant'
+    msaAppTenantId: tenantId
   }
   sku: {
     name: botServiceSku

packages/cli/configs/atk/basic/typescript/teamsapp.yml.hbs

@@ -20,25 +20,52 @@ provision:
     writeToEnvironmentFile:
       teamsAppId: TEAMS_APP_ID
 
-  # Automates the creation an Azure AD app registration which is required for a bot.
-  # The Bot ID (AAD app client ID) and Bot Password (AAD app client secret) are saved to an environment file.
-  - uses: botAadApp/create
+  # Creates a new Microsoft Entra app to authenticate users if
+  # the environment variable that stores clientId is empty
+  - uses: aadApp/create
     with:
       name: {{ toPascalCase name }}$\{{APP_NAME_SUFFIX}}
+      # Note: when you run aadApp/update, the Microsoft Entra app name will be updated
+      # based on the definition in manifest. If you don't want to change the
+      # name, make sure the name in Microsoft Entra manifest is the same with the name
+      # defined here.
+      # If the value is false, the driver will not generate client secret for you
+      generateClientSecret: true
+      # organization's Microsoft Entra tenant (for example, single tenant).
+      signInAudience: AzureADMultipleOrgs
+    # Write the information of created resources into environment file for the
+    # specified environment variable(s).
     writeToEnvironmentFile:
-      botId: BOT_ID
-      botPassword: SECRET_BOT_PASSWORD
+      clientId: BOT_ID
+      # Environment variable that starts with `SECRET_` will be stored to the
+      # .env.{envName}.user environment file
+      clientSecret: SECRET_BOT_PASSWORD
+      objectId: AAD_APP_OBJECT_ID
+      tenantId: AAD_APP_TENANT_ID
 
-  # Automates the creation of infrastructure defined in ARM templates to host the bot.
-  # The created resource IDs are saved to an environment file.
-  - uses: arm/deploy
+  - uses: arm/deploy # Deploy given ARM templates parallelly.
     with:
+      # AZURE_SUBSCRIPTION_ID is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select a subscription.
+      # Referencing other environment variables with empty values
+      # will skip the subscription selection prompt.
       subscriptionId: $\{{AZURE_SUBSCRIPTION_ID}}
+      # AZURE_RESOURCE_GROUP_NAME is a built-in environment variable,
+      # if its value is empty, TeamsFx will prompt you to select or create one
+      # resource group.
+      # Referencing other environment variables with empty values
+      # will skip the resource group selection prompt.
       resourceGroupName: $\{{AZURE_RESOURCE_GROUP_NAME}}
       templates:
-        - path: ./infra/azure.bicep
+        - path: ./infra/azure.bicep # Relative path to this file
+          # Relative path to this yaml file.
+          # Placeholders will be replaced with corresponding environment
+          # variable before ARM deployment.
           parameters: ./infra/azure.parameters.json
-          deploymentName: Create-resources-for-tab
+          # Required when deploying ARM template
+          deploymentName: Create-resources-for-bot
+      # M365 Agents Toolkit will download this bicep CLI version from github for you,
+      # will use bicep CLI in PATH if you remove this config.
       bicepCliVersion: v0.9.1
 
   # Optional: Automates schema and error checking of the Teams app manifest and outputs the results in the console.

packages/cli/configs/atk/oauth/python/.vscode/launch.json

@@ -49,6 +49,7 @@
         "name": "Start",
         "type": "debugpy",
         "request": "launch",
+        "python": "${workspaceFolder}/.venv/bin/python",
         "program": "${workspaceFolder}/src/main.py",
         "console": "integratedTerminal"
     }

packages/cli/configs/atk/oauth/typescript/env/.env.dev

@@ -0,0 +1,16 @@
+# Built-in environment variables
+TEAMSFX_ENV=dev
+APP_NAME_SUFFIX=dev
+
+# Updating AZURE_SUBSCRIPTION_ID or AZURE_RESOURCE_GROUP_NAME after provision may also require an update to RESOURCE_SUFFIX, because some services require a globally unique name across subscriptions/resource groups.
+AZURE_SUBSCRIPTION_ID=
+AZURE_RESOURCE_GROUP_NAME=
+RESOURCE_SUFFIX=
+
+TEAMS_APP_ID=
+TEAMS_APP_TENANT_ID=
+BOT_ID=
+AAD_APP_OBJECT_ID=
+AAD_APP_TENANT_ID=
+BOT_AZURE_APP_SERVICE_RESOURCE_ID=
+BOT_DOMAIN=

packages/cli/configs/atk/oauth/typescript/infra/azure.bicep

@@ -3,21 +3,23 @@
 @description('Used to generate names for all resources in this file')
 param resourceBaseName string
 
+@description('Required when create Azure Bot service')
+param botAadAppClientId string
+
+@secure()
+@description('Required by Bot Framework package in your bot project')
+param botAadAppClientSecret string
+
 param webAppSKU string
 
 @maxLength(42)
 param botDisplayName string
 
 param serverfarmsName string = resourceBaseName
 param webAppName string = resourceBaseName
-param identityName string = resourceBaseName
 param location string = resourceGroup().location
 param oauthConnectionName string
-
-resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
-  location: location
-  name: identityName
-}
+param tenantId string
 
 // Compute resources for your Web App
 resource serverfarm 'Microsoft.Web/serverfarms@2021-02-01' = {
@@ -53,31 +55,21 @@ resource webApp 'Microsoft.Web/sites@2021-02-01' = {
           value: '1'
         }
         {
-          name: 'BOT_ID'
-          value: identity.properties.clientId
+          name: 'CLIENT_ID'
+          value: botAadAppClientId
         }
         {
-          name: 'BOT_TENANT_ID'
-          value: identity.properties.tenantId
-        }
-        { 
-          name: 'BOT_TYPE' 
-          value: 'UserAssignedMsi'
+          name: 'CLIENT_SECRET'
+          value: botAadAppClientSecret
         }
         {
-          name: 'OAUTH_CONNECTION_NAME'
-          value: oauthConnectionName
+          name: 'TENANT_ID'
+          value: tenantId
         }
       ]
       ftpsState: 'FtpsOnly'
     }
   }
-  identity: {
-    type: 'UserAssigned'
-    userAssignedIdentities: {
-      '${identity.id}': {}
-    }
-  }
 }
 
 // Register your web service as a bot with the Bot Framework
@@ -86,9 +78,11 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
   params: {
     resourceBaseName: resourceBaseName
     botAadAppClientId: botAadAppClientId
+    botAddAppClientSecret: botAadAppClientSecret
     botAppDomain: webApp.properties.defaultHostName
     botDisplayName: botDisplayName
     oauthConnectionName: oauthConnectionName
+    tenantId: tenantId
   }
 }
 

packages/cli/configs/atk/oauth/typescript/infra/azure.local.bicep

@@ -15,6 +15,7 @@ param botDisplayName string
 
 param botAppDomain string
 param oauthConnectionName string
+param tenantId string
 
 module azureBotRegistration './botRegistration/azurebot.bicep' = {
   name: 'Azure-Bot-registration'
@@ -25,5 +26,6 @@ module azureBotRegistration './botRegistration/azurebot.bicep' = {
     botDisplayName: botDisplayName
     botAddAppClientSecret: botAadAppClientSecret
     oauthConnectionName: oauthConnectionName
+    tenantId: tenantId
   }
 }

packages/cli/configs/atk/oauth/typescript/infra/azure.parameters.json.hbs

@@ -19,6 +19,9 @@
     },
     "oauthConnectionName": {
       "value": "$\{{OAUTH_CONNECTION_NAME}}"
+    },
+    "tenantId": {
+      "value": "$\{{AAD_APP_TENANT_ID}}"
     }
   }
 }

packages/cli/configs/atk/oauth/typescript/infra/azure.parameters.local.json.hbs

@@ -19,6 +19,9 @@
     },
     "oauthConnectionName": {
       "value": "$\{{OAUTH_CONNECTION_NAME}}"
+    },
+    "tenantId": {
+      "value": "$\{{AAD_APP_TENANT_ID}}"
     }
   }
 }

packages/cli/configs/atk/oauth/typescript/infra/botRegistration/azurebot.bicep

@@ -11,6 +11,7 @@ param botServiceSku string = 'F0'
 param botAadAppClientId string
 param botAppDomain string
 param oauthConnectionName string
+param tenantId string
 
 @secure()
 param botAddAppClientSecret string
@@ -24,6 +25,8 @@ resource botService 'Microsoft.BotService/botServices@2021-03-01' = {
     displayName: botDisplayName
     endpoint: 'https://${botAppDomain}/api/messages'
     msaAppId: botAadAppClientId
+    msaAppType: 'SingleTenant'
+    msaAppTenantId: tenantId
   }
   sku: {
     name: botServiceSku

packages/cli/configs/atk/oauth/typescript/teamsapp.local.yml.hbs

@@ -41,8 +41,6 @@ provision:
           clientSecret: SECRET_BOT_PASSWORD
           objectId: AAD_APP_OBJECT_ID
           tenantId: AAD_APP_TENANT_ID
-          authority: AAD_APP_OAUTH_AUTHORITY
-          authorityHost: AAD_APP_OAUTH_AUTHORITY_HOST
 
     # Apply the Microsoft Entra manifest to an existing Microsoft Entra app. Will use the object id in
     # manifest file to determine which Microsoft Entra app to update.
@@ -114,5 +112,6 @@ deploy:
               PORT: 3978
               CLIENT_ID: $\{{BOT_ID}}
               CLIENT_SECRET: $\{{SECRET_BOT_PASSWORD}}
+              TENANT_ID: $\{{AAD_APP_TENANT_ID}}
               # an arbitrary name for the connection
               OAUTH_CONNECTION_NAME: graph

packages/cli/configs/atk/oauth/typescript/teamsapp.yml.hbs

@@ -42,8 +42,6 @@ provision:
       clientSecret: SECRET_BOT_PASSWORD
       objectId: AAD_APP_OBJECT_ID
       tenantId: AAD_APP_TENANT_ID
-      authority: AAD_APP_OAUTH_AUTHORITY
-      authorityHost: AAD_APP_OAUTH_AUTHORITY_HOST
 
   # Apply the Microsoft Entra manifest to an existing Microsoft Entra app. Will use the object id in
   # manifest file to determine which Microsoft Entra app to update.