Merged
Conversation
Adds support for targeted messages that only a specific recipient can
see in a conversation.
**Usage**
```
// Target the sender from context
await context.Send(
new MessageActivity("Only you see this!")
.WithTargetedRecipient(true)
);
// Target a specific user
await context.Send(
new MessageActivity("Private message")
.WithTargetedRecipient("user-id")
);
```
**Key Changes**
- SDK appends ?isTargetedActivity=true to API calls, so backend services
handles the messages accordingly
- Supports create, update, delete, and reply operations
- Includes tests and sample bot
This pull request introduces comprehensive support for passing `CancellationToken` to activity and command handler registrations throughout the Microsoft Teams app framework. This enhancement allows for improved cancellation and timeout handling in asynchronous operations, making the codebase more robust and responsive. Additionally, a new constructor for `ApiClient` enables explicit control over cancellation tokens, and a local settings file is added for permission configuration. ### Enhanced handler registration with `CancellationToken` support **Activity handler improvements:** * Added overloads to `OnActivity` and related methods in `Activity.cs` to accept handler functions with a `CancellationToken` parameter, supporting both generic and non-generic versions, and selector-based registrations. This enables proper cancellation management in all activity handler scenarios. [[1]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R32-R54) [[2]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R72-R88) [[3]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R102-R114) [[4]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R132-R148) [[5]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R162-R174) [[6]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R192-R208) [[7]](diffhunk://#diff-3c8a7200d4052a66f516d17cd3ab173ea1355038fcbaaefc99c72f40e3fa1a61R221-R233) **Command and result handler improvements:** * Added `CancellationToken`-aware overloads for `OnCommand` in `CommandActivity.cs` and `OnCommandResult` in `CommandResultActivity.cs`, allowing command handlers to respond to cancellation requests. [[1]](diffhunk://#diff-f10af99e19ce61b4820c61da75c4ced9b7d8c26602bcce2292bf0c69c71f9e50R33-R49) [[2]](diffhunk://#diff-ff06a772342a8a4657771f9c36062da9cbdf4dac199f57fa0bc31df04c3afd9fR33-R49) **Conversation and channel event handler improvements:** * Introduced `CancellationToken`-enabled overloads for channel and conversation event handlers, including channel created, deleted, member added/removed, renamed/restored/shared/unshared, and conversation end, ensuring all event handlers can properly handle cancellation. [[1]](diffhunk://#diff-01102755dd66a255ee0a5a7c4a7e4677b1c5932489c553f05b824c48b90050eaR52-R76) [[2]](diffhunk://#diff-6cfe39d138f2e13ab7d07b2bbd3dd438564fec2e049a06ae86ef1e809a1a2ea6R52-R76) [[3]](diffhunk://#diff-11e6e6b74eef0f2807cab9d40f22d389ca75b90cb3863ace280569c3d7461a2aR49-R73) [[4]](diffhunk://#diff-2120e2ed85a0c25cd1f43bc50ab7a4f1c426d3a42002607e80a25fd61a46858dR49-R73) [[5]](diffhunk://#diff-143d245e0798a73a9924c8bbbb40bab86aadab61f696eb139ac6c9139a01ac84R52-R76) [[6]](diffhunk://#diff-f8ef8b7f69eda3893dc55aceb60bcccaaa155d2a45d89b897818ac4d5085538aR52-R76) [[7]](diffhunk://#diff-b292ecaf09e449d7fb6a34f27d5072ab28a177d95b68d3d573ee8ade8234d393R49-R73) [[8]](diffhunk://#diff-603a0ee7edecd08023ffa5cbe3d8d1a49925910e53a67898f6b61c088c05b433R49-R73) [[9]](diffhunk://#diff-c163f6c08b3d0e64812ff6b8d265a93e6080cf1b2e4a143a0783d4657684e035R36-R52) ### API and plugin enhancements * Added a new constructor to `ApiClient` that accepts an explicit `CancellationToken`, allowing consumers to manage cancellation more granularly when instantiating API clients. * Updated the `Close` method in `TestPlugin.Stream.cs` to accept an optional `CancellationToken`, aligning plugin operations with the new cancellation pattern. ### Configuration * Added `.claude/settings.local.json` file to configure permissions for specific Bash commands, supporting local development and testing needs. --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
- Add `publish-preview.yaml`, a script for triggering manual internal OR public preview publishes - Add `sign-and-pack.yaml`: shared publish template for `publish.yml` and `publish-preview.yaml` - Publish run's test results, where logged - CI: Replace internal feed publish with publishing artifacts - Add public preview information to `README.md` - Add `RELEASE.md` info regarding releases - Add clarity to CI/CD scripts, + a few edits for script parity - Lint --------- Co-authored-by: Corina Gum <>
This pull request updates configuration files across multiple sample projects to streamline settings and improve consistency. The main changes include removing development-specific configuration and launch settings files, updating logging levels, and standardizing Teams-related configuration fields in the main `appsettings.json` files. **Configuration cleanup and simplification:** * Removed all `appsettings.Development.json` files from sample projects to reduce redundancy and potential confusion between environments. [[1]](diffhunk://#diff-5439b95ce389013d33ee448a25be2878a6dd9218522b6814f69373c5a5f37975L1-L15) [[2]](diffhunk://#diff-e30c9cce15f0322c962681d558e51870fdeb2abf7dc4d598af1b8142f063cab5L1-L20) [[3]](diffhunk://#diff-ba85b9b96e11104b6c9e0e82ddf2aec9019051c614a2a251f16df6cf0e2e7fb7L1-L16) [[4]](diffhunk://#diff-ca0bf0e5331d6d35f4e656f8230521df028678e065438985bce2fe4062b416e1L1-L17) [[5]](diffhunk://#diff-2693161e51a2890a939c3b50a513fdba1fbc9cf501921db3a24e359e8ec58107L1-L17) [[6]](diffhunk://#diff-ddc8854b36950fca8d32941e6ce48a2d2d90047e83e92835f3c87f579290870aL1-L12) * Deleted all `launchSettings.json` files from the `Properties` folders of sample projects, simplifying project startup configuration. [[1]](diffhunk://#diff-df03406aed8846b4a9d367ea99464d6ad0fff57883bb992c4e2b30077c0a749bL1-L14) [[2]](diffhunk://#diff-15e178976322d0652b9210c1fa7b633388c82e58f318e82a427863a3f4812721L1-L15) **Logging and Teams configuration standardization:** * Updated the `Microsoft.Teams` logging level from `"debug"` to `"info"` in all `appsettings.json` files for consistency, and added or standardized the `Enable` property. [[1]](diffhunk://#diff-1bf7a48b908c94fa2249e41fa85a1406d1dec0a7229dbb65b3e0ad93f4f5f9b6L9-R15) [[2]](diffhunk://#diff-bb20d2fb788efcde359dda566fe30442bd9b4e3d98a189be8e027df064d1d725L9-R16) [[3]](diffhunk://#diff-053ffab9386ea0b28b1a2b0047c6a97b768c0ee18bc2761f5c44700ffd2eda32R6-R16) * Unified the `Teams` configuration section in `appsettings.json` across samples by adding `TenantId` and ensuring all relevant fields are present. [[1]](diffhunk://#diff-053ffab9386ea0b28b1a2b0047c6a97b768c0ee18bc2761f5c44700ffd2eda32R6-R16) [[2]](diffhunk://#diff-bb20d2fb788efcde359dda566fe30442bd9b4e3d98a189be8e027df064d1d725L9-R16) **General configuration cleanup:** * Removed the `AllowedHosts` property from `appsettings.json` files where it was previously included, as it is not needed for these samples. [[1]](diffhunk://#diff-053ffab9386ea0b28b1a2b0047c6a97b768c0ee18bc2761f5c44700ffd2eda32R6-R16) [[2]](diffhunk://#diff-bb20d2fb788efcde359dda566fe30442bd9b4e3d98a189be8e027df064d1d725L9-R16) [[3]](diffhunk://#diff-1bf7a48b908c94fa2249e41fa85a1406d1dec0a7229dbb65b3e0ad93f4f5f9b6L9-R15) These changes help ensure that sample projects are easier to configure, maintain, and understand.
This pull request refactors how targeted messages are handled in the Teams API SDK, consolidating targeted message logic into the `WithRecipient` method and removing the older `WithTargetedRecipient` methods. The changes streamline the API, improve clarity, and update documentation and tests to reflect the new approach. **Targeted message API refactor:** * The `WithTargetedRecipient` methods in `MessageActivity` are removed and replaced with an updated `WithRecipient` method that accepts an `Account` and an optional `isTargeted` parameter. This centralizes targeted message logic and simplifies usage. [[1]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dL221-L247) [[2]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR149-R155) * The `IsTargeted` property is moved from `MessageActivity` to the base `Activity` class and is now a non-nullable `bool`, ensuring consistent handling across activity types. [[1]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aR148-R150) [[2]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dL67-L73) * The `WithRecipient` method in both `Activity` and `MessageActivity` is updated to support the `isTargeted` flag, replacing previous targeted recipient APIs. [[1]](diffhunk://#diff-875c3804dbdc89735553c417d023929c307dcfbead113a1b7a1e47871cab636aL224-R230) [[2]](diffhunk://#diff-05c926d7e09179d91c9c54a68c6b5efffb854bfddb70b431df77d6b2d280c44dR149-R155) **Documentation and sample updates:** * All code samples and documentation in `Samples.TargetedMessages` are updated to use the new `WithRecipient(..., true)` pattern instead of `WithTargetedRecipient`. [[1]](diffhunk://#diff-fb8b297c63493ae97cc825e8ca804ff337fbdd797c7bfda4d466fa7d87b1a78dL32-R32) [[2]](diffhunk://#diff-fb8b297c63493ae97cc825e8ca804ff337fbdd797c7bfda4d466fa7d87b1a78dL45-R45) [[3]](diffhunk://#diff-fb8b297c63493ae97cc825e8ca804ff337fbdd797c7bfda4d466fa7d87b1a78dL59-R59) [[4]](diffhunk://#diff-fb8b297c63493ae97cc825e8ca804ff337fbdd797c7bfda4d466fa7d87b1a78dL81-R81) [[5]](diffhunk://#diff-fb8b297c63493ae97cc825e8ca804ff337fbdd797c7bfda4d466fa7d87b1a78dL112-R112) [[6]](diffhunk://#diff-75e89258d7593bb275cee67b5b18f50627f33899143d6913ae44dc5dcf9bdcdaL100-R100) [[7]](diffhunk://#diff-75e89258d7593bb275cee67b5b18f50627f33899143d6913ae44dc5dcf9bdcdaL113-R113) [[8]](diffhunk://#diff-75e89258d7593bb275cee67b5b18f50627f33899143d6913ae44dc5dcf9bdcdaL123-R123) **Test suite improvements:** * Unit tests are refactored to validate the new `WithRecipient` API for targeted messages, replacing tests for `WithTargetedRecipient`. New tests confirm fluent chaining and correct property assignment. [[1]](diffhunk://#diff-9893d0b4b2ecbdda9027a251e08702b2922792adfa9f3c369674bfc6e099392aL478-R510) [[2]](diffhunk://#diff-9893d0b4b2ecbdda9027a251e08702b2922792adfa9f3c369674bfc6e099392aR528-R543) * The test for sending a targeted message without a recipient proactively is removed, as the new API enforces recipient assignment. **Validation and error handling:** * Error messages are updated to clarify that targeted messages sent proactively must specify an explicit recipient ID. * Logic for inferring recipients in reactive contexts is removed, as the new API requires explicit recipient assignment for targeted messages. --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This pull request makes a small change to the `App` class in `App.cs`. The `Id` property is now nullable and no longer required, which allows for scenarios where the `Id` may be missing or not set. Confirmed by APX
…type hierarchy (#340) Fixes #339 ### Refactoring of `Value` property implementation * Updated the `Value` property in multiple activity classes (e.g., `ActionActivity`, `HandoffActivity`, `AnonQueryLinkActivity`, `FetchTaskActivity`, `QueryActivity`, `QueryLinkActivity`, `QuerySettingUrlActivity`, `SettingActivity`, `SubmitActionActivity`, `SearchActivity`, `TokenExchangeActivity`, `VerifyStateActivity`, `FetchActivity` in Tabs and Tasks, and `SubmitActivity` in Tabs and Tasks) to use explicit getter and setter methods that interact with the base class property, ensuring correct casting and assignment. [[1]](diffhunk://#diff-8039eb42926eb743d838475a9692396f17a72ef33f1fdbc1883b59524835ef72L28-R32) [[2]](diffhunk://#diff-cf9ec41b68de548f026e472cc44faea40af2f9415d91e56baba5eab6849c7243L23-R27) [[3]](diffhunk://#diff-2e64b26a5c79daa8c735a79d1d0ef7b177757824825771d0e555d0175e0e105fL28-R32) [[4]](diffhunk://#diff-f0921d5ad7f9df3408669c99b9d12809568feddde82f1521621301ad84cd21f0L28-R32) [[5]](diffhunk://#diff-4e9096be6b887ce77a34e383237d3d0af57fbd15e26bece75f10101647598acaL28-R32) [[6]](diffhunk://#diff-dce16d2ea38f685c8311b1287751df0cdba979f396d93c48fa6eb0bdc30670a6L28-R32) [[7]](diffhunk://#diff-bb471df45859442cdc1c702229cb2340885541f7ef7b4b26f271077bf1b50a13L28-R32) [[8]](diffhunk://#diff-e2820d39a6ddcf5655767155eacadd6bff5ac4499a2555cc120c5a126a9defddL28-R32) [[9]](diffhunk://#diff-495dc37cfa2a7a0d856d64f7bf05e23f34ff4be4c743584ec9c650a161931b91L28-R32) [[10]](diffhunk://#diff-f51f0dc619458e7e89bd283be37d740d90de576430be78b4de035d97bee1b882L28-R32) [[11]](diffhunk://#diff-78a74e7dcddfc59241917d274e79cb9e30956b593ef2e5d029995885374f70dfL21-R25) [[12]](diffhunk://#diff-a6b0b7d4988875422d8f55e64697168b72caca077e0c693481ed4cbcd0976b47L28-R32) [[13]](diffhunk://#diff-2770d22cc226a5614f278d31d674008e878ce2957f9a9729d3f57fb5dcbca5bcL28-R32) [[14]](diffhunk://#diff-69ad11ff2ce6008e8347e2d761583a953c7f8537a9ea49955e7ab76adfeaa279L28-R32) [[15]](diffhunk://#diff-b860b82a6d765bcd680235d1ca158e920f724ecfbe64c3e16b7110307d31f155L28-R32) [[16]](diffhunk://#diff-bd9e787560f194c0762ec6569c826be27a4909cf0de85c770e2f5c5bf29dae57L28-R32) [[17]](diffhunk://#diff-6d3ff4d45717581a00ce1242fdd46a51dfa9281f4566bf6c1f17c8cc8285b451L28-R32) ### Test improvements * Added unit tests to verify that the `Value` property is accessible and correctly typed both from derived activity types and from their base types for AdaptiveCards, MessageExtensions, and Tasks activities. [[1]](diffhunk://#diff-827db1a719d06fd2eb4520a0c6ff89d1a6ed559f2bbcaa84d11f8d26fb2eef9eR3-R7) [[2]](diffhunk://#diff-827db1a719d06fd2eb4520a0c6ff89d1a6ed559f2bbcaa84d11f8d26fb2eef9eR37-R55) [[3]](diffhunk://#diff-0f79f44b8daa1f524ea40288c99b308181f74943b5338e895e9362563210e412R3-R7) [[4]](diffhunk://#diff-0f79f44b8daa1f524ea40288c99b308181f74943b5338e895e9362563210e412R37-R55) [[5]](diffhunk://#diff-d9b6aab080be155ee949023bb782faaae6cd87d85c935f3948bb8d40e0e71d91R3-R7) [[6]](diffhunk://#diff-d9b6aab080be155ee949023bb782faaae6cd87d85c935f3948bb8d40e0e71d91R37-R54) E2E Test: ``` teams.OnInvoke(async (context, cancellationToken) => { InvokeActivity activity = context.Activity; context.Log.Info("[CARD_ACTION] Card action received"); var value = activity.Value; context.Log.Info($"[CARD_ACTION] Raw data: {JsonSerializer.Serialize(value)}"); return new ActionResponse.Message("Action processed successfully") { StatusCode = 200 }; }); ``` ``` [CARD_ACTION] Raw data: {"action":{"type":"Action.Execute","id":null,"verb":null,"data":{"action":"submit_basic","notify":"false"}},"authentication":null,"state":null,"trigger":"manual"} ```
This pull request introduces a new `ReactionClient` to the API, adds richer support for message reactions (including new reaction types), and provides a sample project demonstrating usage. It also removes several helper methods related to reactions from the activity model, shifting reaction management responsibilities to the new client. Test code and solution files are updated accordingly. **API Enhancements:** * Added a new `ReactionClient` class to encapsulate operations for creating, updating, and deleting message reactions via HTTP requests. This client is now accessible through the `ConversationClient` as the `Reactions` property. [[1]](diffhunk://#diff-a8342e9455458a689b62822dd62558213dc5e8418ca8f689f9497bd5f1395bf6R1-R93) [[2]](diffhunk://#diff-aad328d6be5c2acc005e534ddc0a3aae3e50d04e088908e5dc1f24962eac2e57R16-R47) * Exposed the underlying `IHttpClient` as a property on `ApiClient` for easier access in advanced scenarios. **Message Reaction Model Changes:** * Removed `AddReaction` and `RemoveReaction` helper methods from `MessageReactionActivity`, making reaction management the responsibility of the new client rather than the activity model itself. * Expanded the `ReactionType` class to include additional reaction types (e.g., checkmark, hourglass, pushpin, exclamation) with descriptive comments and emoji representations. **Sample and Solution Updates:** * Added a new sample project, `Samples.Reactions`, demonstrating how to use the new `ReactionClient` to add and remove reactions in response to messages. Included relevant configuration and project files. [[1]](diffhunk://#diff-afe58f386ff9b0335838a88f6ac0a768e7564b5d14444e3fc9b2bca4a233e426R1-R39) [[2]](diffhunk://#diff-b18ba74e29f08c05a266c30c76d4800eb500501635a30142c5333b157ab95fbcR1-R14) [[3]](diffhunk://#diff-a2de76327395f320a4303d64b737f9ae6876bcfaefb28e19764034e83309b194R1-R16) [[4]](diffhunk://#diff-0921c3cbcbd5b15cdb4d1e937b7cd220c212b7c85e9ffc6fc962dcc13d7b205aR1-R9) [[5]](diffhunk://#diff-b3307e994975a0a2adffd4c28543c61e372a1dfbb0457a88d7a3eda6f0650325R92-R93) [[6]](diffhunk://#diff-b3307e994975a0a2adffd4c28543c61e372a1dfbb0457a88d7a3eda6f0650325R548-R559) [[7]](diffhunk://#diff-b3307e994975a0a2adffd4c28543c61e372a1dfbb0457a88d7a3eda6f0650325R605) **Test and Serialization Updates:** * Updated tests and JSON fixtures for `MessageReactionActivity` to remove reliance on the deleted helper methods and reflect the new approach to reaction handling. [[1]](diffhunk://#diff-f910c0b82b1b3e29d557f6c19ac4b1aa7845c457d943d5eb0002960c31993152L32-R32) [[2]](diffhunk://#diff-f910c0b82b1b3e29d557f6c19ac4b1aa7845c457d943d5eb0002960c31993152L77-R69) [[3]](diffhunk://#diff-f910c0b82b1b3e29d557f6c19ac4b1aa7845c457d943d5eb0002960c31993152L122-R106) [[4]](diffhunk://#diff-f910c0b82b1b3e29d557f6c19ac4b1aa7845c457d943d5eb0002960c31993152L169-R145) [[5]](diffhunk://#diff-f910c0b82b1b3e29d557f6c19ac4b1aa7845c457d943d5eb0002960c31993152L207-R175) [[6]](diffhunk://#diff-10aa8e1c8b2e9dff0a5634fffed022513ef2b93dadf1edecde6ecba9495b1a93L18-L27) **Miscellaneous:** * Fixed a minor formatting issue in the solution file's Visual Studio version line. --------- Co-authored-by: Alex Acebo <aacebowork@gmail.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Resolves #346 Route and handle `signin/failure` invoke activities that Teams sends when SSO token exchange fails. Adds a system default handler that logs actionable warnings and emits error events, plus a signin.failure route for developer overrides. Previously, when Teams sent a `signin/failure` invoke (e.g., due to an SSO misconfiguration), the SDKs silently swallowed the failure with no logging, no error events, and no developer notification. This made SSO configuration issues extremely difficult to diagnose. User: hi (No response from app) ## The Problem When a Teams app uses SSO (Single Sign-On) with a Token Exchange URL configured in the OAuth connection settings, Teams attempts a silent token exchange. If this fails -- for example, because the Entra app registration's "Expose an API" configuration doesn't match the Token Exchange URL -- Teams sends a `signin/failure` invoke activity with details like: ```json { "type": "invoke", "name": "signin/failure", "value": { "code": "resourcematchfailed", "message": "Resource match failed" } } ``` Before this change, none of the three SDKs routed or handled this invoke. The failure was invisible to the user, SDK, and the developer. The user saw no sign-in card, no error message, and no indication of what went wrong. Now, sign in failures with send a warning, emits error event, and return HTTP 200 by default. Developers can also register custom handlers if desired, for example: **C#:** ```csharp app.OnFailure(async (context) => { var failure = context.Activity.Value; Console.WriteLine($"Sign-in failed: {failure.Code} - {failure.Message}"); return new Response(HttpStatusCode.OK); }); ``` Example log on `signin/failure`: ``` [WARNING] @teams/app Sign-in failed for user 29:xxxxx in conversation a:1_xxxxx: resourcematchfailed — Resource match failed. If the code is 'resourcematchfailed', verify that your Entra app registration has 'Expose an API' configured with the correct Application ID URI matching your OAuth connection's Token Exchange URL. ``` Note that the default behavior will still appear to fail silently for the user. There will be logs, but it will be up to the developer to determine how the user experiences the sign-in failure. `'resourcematchfailed'` is an example of a setup error, however, and should not be an error that a 'real' user experiences. If desired, we could potentially modify the default behavior to send something to the user, but I'm disinclined to make that decision on the behalf of the developer. Feature work tested and verified in C#, PY, and TS. --------- Co-authored-by: Corina Gum <>
To avoid the risk of future namespace collisions, rename `OnFailureActivity` to `OnSignInFailureActivity`. - Renamed the protected default handler `OnFailureActivity` to `OnSignInFailureActivity` to match naming convention & reduce risk of naming collisions - Align with updated messaging across SDKs to update sign-in failure sample string --------- Co-authored-by: Corina Gum <>
Add preview diagnostics for reactions (ExperimentalTeamsReactions) and targeted messages (ExperimentalTeamsTargeted). Customers will be required to opt-in in csproj: ```xml <PropertyGroup> <NoWarn>$(NoWarn);ExperimentalTeamsReactions;ExperimentalTeamsTargeted</NoWarn> </PropertyGroup> ``` --------- Co-authored-by: Corina Gum <>
This pull request updates the CodeQL workflow configuration to ensure advanced code analysis runs on both the `main` and `next/core` branches. This helps maintain code quality across more development branches. Workflow configuration update: * [`.github/workflows/codeql.yml`](diffhunk://#diff-12783128521e452af0cfac94b99b8d250413c516ec71fe6d97dbea666ff7ba27L16-R18): Modified the `push` and `pull_request` triggers to include the `next/core` branch alongside `main`, so CodeQL checks will run for both branches.
Upgraded System.IdentityModel.Tokens.Jwt to version 8.16.0 in Microsoft.Teams.Api.csproj and Microsoft.Teams.Plugins.AspNetCore.DevTools.csproj, replacing previous versions (8.5.0 and 8.8.0). No other changes were made.
- Moved IsTargeted from Activity to Account and made it serializable, so it's present in the JSON payload as Recipient.IsTargeted. - Updated routing logic to read from Recipient.IsTargeted instead of Activity.IsTargeted
I attest that I have verified
All async methods in `Microsoft.Teams.Api.Clients` used a single
`_cancellationToken` baked in at construction time, making per-call
cancellation impossible and shared-instance cancellation a blunt
instrument. `ReactionClient` already had the correct pattern; this
brings all other clients into alignment.
## Changes
- Added `CancellationToken cancellationToken = default` to every async
method in: `ActivityClient`, `BotSignInClient`, `BotTokenClient`,
`ConversationClient`, `MeetingClient`, `MemberClient`, `TeamClient`,
`UserTokenClient`
- Each method resolves the effective token using the same fallback
pattern already established in `ReactionClient`:
```csharp
// Before
public async Task<Resource?> CreateAsync(string conversationId, IActivity activity)
{
var res = await _http.SendAsync(req, _cancellationToken);
...
}
// After
public async Task<Resource?> CreateAsync(
string conversationId,
IActivity activity,
CancellationToken cancellationToken = default)
{
var token = cancellationToken != default ? cancellationToken : _cancellationToken;
var res = await _http.SendAsync(req, token);
...
}
```
- Updated `Samples.TargetedMessages` and `Samples.Reactions` to pass the
handler's `cancellationToken` to all `context.Api.*` client method
calls, using the new per-call overloads.
Fully backwards-compatible — existing callers are unaffected since the
parameter defaults to `default`.
<!-- START COPILOT CODING AGENT TIPS -->
---
💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: rido-min <14916339+rido-min@users.noreply.github.com>
Introduce [Obsolete] overloads for OnActivity, OnInvoke, and related handler registration methods without CancellationToken to maintain backward compatibility. Update internal handler methods and usage examples to use cancellation-aware signatures. Encourages migration to new handler signatures for improved cancellation support.
This pull request migrates the `.azdo/publish-preview.yaml` and `.azdo/publish.yml` Azure Pipelines to use the standardized 1ESPT templates. --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
- Ubuntu-24.04 doesn't ship with mono which means the `Nuget` tasks. - SDL analysis (Guardian tasks) don't work on linux so have to configure a windows image for that stage --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Add publish credentials that was removed from before --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
…bility (#412) Since this is a protected method it could've been overriden, adding the default param ensures that the cancellation token need not be provided. This prevents breaking when bumping from < 2.0.6 versions where the param was not there in the first place.
- Fixes error where cards would not render in mobile when AC version was not set - default version 1.5 will be applied - Updated generated Adaptive Cards core file `Core.cs` from latest codegen output - Updated `InvokeAction.cs` to use new `IUnion` type for `InvokeSubmitActionData` value parameter - Marked `IMBackAction`, `InvokeAction`, `MessageBackAction`, `SignInAction`, and `TaskFetchAction` with [Obsolete], pointing to their generated replacements - Other default values added: isEnabled, action mode defaults to "primary", action style "default, requires defaults to new HostCapabilities. - `msteams` added to several types: `AdaptiveCard`, `SubmitAction`, `Image`, `SubmitActionData` - New required constructor parameters: `AdaptiveCard(body)`, `ChoiceSetInput(choices)` - `StyleEnum` class removed (replaced by `ChoiceSetInputStyle`) --------- Co-authored-by: Corina Gum <>
## Summary
Update version.json files to `2.0.7-preview.{height}` for the next
development cycle.
## Changes
- Updated `version.json` in root
- Updated `version.json` in Microsoft.Teams.Plugins.External.Mcp
- Updated `version.json` in Microsoft.Teams.Plugins.External.McpClient
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
#410) ## Summary - Adds `OpenDialogData` class that extends `SubmitActionData` and abstracts away the `msteams: { type: 'task/fetch' }` protocol detail for opening dialogs. Takes a `dialogId` and optional extra data. - Adds `SubmitData` class that extends `SubmitActionData` with a convenience constructor accepting an `action` identifier for handler routing. Aligns with [web form `action` attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/form#action). - Updates dialogs and cards samples to use the new classes. - Updates dialogs sample handler to read `dialog_id` (the reserved field set by `OpenDialogData`) instead of `opendialogtype`. - Regenerated Core.cs from latest codegen: `params IList<T>` replaced with `params T[]` for .NET 8 compatibility, `IList<T>` overloads added for backward compat, parameterless constructors added for System.Text.Json deserialization. - New generated types: CollabStageInvokeDataValue, OpenUrlDialogAction, PopoverAction, ProgressBar, ProgressRing, Resources, StringResource, TabInfo. - Matches Python SDK implementation (microsoft/teams.py#222). **Note:** Identifier-based handler routing is not included in this PR and will be scoped separately. ## Test plan - [x] Build succeeds on .NET 8 and .NET 10 (0 errors) - [x] 588/588 tests pass on .NET 10 - [x] 11/11 cards tests pass on .NET 8 - [x] E2E: dialogs sample tested against Teams on .NET 8 - [x] E2E: cards sample tested against Teams on .NET 8 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary
- Consolidates `publish-preview.yaml` and `publish.yml` into a single
`publish.yaml` pipeline
- Updates RELEASE.md documentation with correct pipeline names and
branching strategy
- Removes redundant `publish.yml` file
## Details
Since versioning is determined by Nerdbank.GitVersioning (nbgv) from
`version.json`, we don't need separate pipelines for preview and
production releases. The same pipeline can handle both based on the
branch and version.json configuration.
### Changes Made
1. **Renamed** `.azdo/publish-preview.yaml` → `.azdo/publish.yaml`
- Updated comments and display names to remove "preview-only" language
- Changed artifact names from `PreviewPackages` to `Packages`
- Kept the `Internal`/`Public` parameter structure
2. **Deleted** `.azdo/publish.yml` (now redundant)
3. **Updated** `RELEASE.md`
- Corrected pipeline names: `Teams.NET-ESRP` and `Teams.NET-PR`
- Documented branching strategy:
- **Preview releases**: publish from `main` branch
- **Stable releases**: publish from `releases/v2` branch (merge main →
releases/v2, update version.json)
- Consolidated documentation from two pipelines into one
## Test plan
- [x] Verify pipeline appears correctly in Azure DevOps as
`Teams.NET-ESRP`
- [x] Test Internal publish from `main` branch (preview version) [Kavin:
released 2.0.7-preview.0001]
- [x] Test Public publish from `main` branch (preview version) [Kavin:
released 2.0.6 preview version
- [x] Test publish from `releases/v2` branch (stable version) when ready
for release [Kavin: released 2.0.6]
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
## Summary
- Introduces `CloudEnvironment` class (`Microsoft.Teams.Api.Auth`)
bundling all cloud-specific service endpoints with predefined static
instances: `Public`, `USGov` (GCCH), `USGovDoD`, and `China` (21Vianet)
- Threads cloud environment through `ClientCredentials`,
`BotTokenClient`, `UserTokenClient`, `BotSignInClient`, `App`,
`TeamsValidationSettings`, and DI host builders so all previously
hardcoded endpoints are configurable per cloud
- Adds `Cloud` property to `AppOptions` (programmatic) and
`TeamsSettings` (appsettings.json) for easy configuration
- Adds individual endpoint override properties to `TeamsSettings` for
scenarios requiring per-endpoint customization
- Adds `GraphScope` to `CloudEnvironment` for cloud-aware Microsoft
Graph token acquisition
- Adds `ActiveBotScope` and `ActiveGraphScope` instance properties on
`BotTokenClient` (static `BotScope` and `GraphScope` preserved for
backwards compatibility)
- Adds `AppBuilder.AddCloud()` for the AppBuilder host builder path
- Syncs `ClientCredentials.Cloud` when credentials are provided
programmatically
- Input validation: `TrimEnd('/')` on base URLs, null/whitespace guards
on `FromName()` and `ResolveCloud()`
### Note
`graphBaseUrl` (Graph API endpoint per cloud) is intentionally deferred.
This PR focuses on auth/token acquisition. Graph API routing is a
separate concern and the Graph client already accepts a `baseUrlRoot`
override.
### Sources
- Bot Framework GCCH/DoD endpoints:
https://learn.microsoft.com/en-us/azure/bot-service/how-to-deploy-gov-cloud-high
- Bot Framework China endpoints:
https://learn.microsoft.com/en-us/azure/bot-service/how-to-deploy-china-cloud
- OAuth URLs:
https://learn.microsoft.com/en-us/azure/bot-service/ref-oauth-redirect-urls
- Graph national cloud deployments:
https://learn.microsoft.com/en-us/graph/deployments
## Test plan
- [x] `dotnet build` -- 0 errors
- [x] `dotnet test` -- 625 tests pass
- [x] E2E: Echo bot with `Cloud: USGov` against real GCCH tenant -- JWT
validated, echo reply sent
- [x] Copilot review feedback addressed
🤖 Generated with [Claude Code](https://claude.com/claude-code)
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Corina Gum <14900841+corinagum@users.noreply.github.com>
## Summary - Add `Reply()` overloads on `App` for proactive thread sends (generic, string, AdaptiveCard — 2-arg and 3-arg forms) - Add `Conversation.ToThreadedConversationId()` for constructing threaded conversation IDs - `supportsThreading` inline check covers channels (`@thread.tacv2`/`@thread.skype`) and 1:1 (`@unq.gbl.spaces`) - Update `Context.Send()` and `Context.Reply()` doc comments - Add threading sample ## Test plan - [x] Unit tests for `ToThreadedConversationId()` (10 tests) and `Reply()` (3 tests) - [x] E2E: All commands tested in 1:1 and channel (top-level + existing thread) - [x] `dotnet build` 0 errors, `dotnet test` all passed 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
## Summary Security hardening for token validation, service URL handling, and development tooling. - **Service URL validation**: Validate inbound `ServiceUrl` against allowed hostnames from the configured `CloudEnvironment` preset. Configurable via `AdditionalAllowedDomains` on `AppOptions` (also settable in `appsettings.json`). - **Issuer validation**: Log a warning when Entra token validation is configured without a tenant ID, making the silent issuer validation skip visible. - **DevTools**: Prevent the DevTools plugin from starting in production environments. ## Test plan - Unit tests for `ServiceUrlValidator` (cloud preset FQDNs, rejected domains, localhost, empty/null, invalid URLs, additional domains, wildcard, cross-cloud rejection, botframework.com rejected by default) - E2E validated in Teams -- no regressions - E2E validated DevTools blocked on `ASPNETCORE_ENVIRONMENT=Production`
Custom Feedback Context: [Learn Doc](https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/bot-messages-ai-generated-content?tabs=desktop%2Cjs%2Cbotmessage#feedback-buttons) - previously we had a flag called feedbackLoopEnabled which only enables the default feedback form - now, we have a param called feedbackLoop that can either be default or custom. - updated AI sample to feature the custom feedback loop - also included the normalization to feedbackLoop when using withChannelData.. - py equivalent: microsoft/teams.py#349 - ts equivalent: microsoft/teams.ts#522 --------- Co-authored-by: lilydu <lilydu+odspmdb@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## Summary - Remove `supportsThreading` guard from `Reply()` 3-arg form -- always calls `Conversation.ToThreadedConversationId()` when messageId is provided - Update `test manual` example to remove conversation type guard - Threading support is now determined by the service, not the SDK **Why:** Threading support is expanding (channels, 1:1, group chats). Maintaining an allowlist of conversation ID suffixes creates a maintenance burden and can block developers from using newly supported scopes until the SDK is updated. ## Test plan - [x] dotnet build: 0 errors - [x] dotnet test: 558 passed 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.