import { AzureAuthorityHosts, type DeviceCodeCredentialOptions, type InteractiveBrowserCredentialNodeOptions, type TokenCredential } from '@azure/identity';
import type { ITerminal } from '@rushstack/terminal';
import { CredentialCache } from '@rushstack/rush-sdk';
import type { ICredentialCacheEntry } from '@rushstack/rush-sdk';
/**
 * @public
 */
export type ExpiredCredentialBehavior = 'logWarning' | 'throwError' | 'ignore';
/**
 * @public
 */
export interface ITryGetCachedCredentialOptionsBase {
    /**
     * The behavior to take when the cached credential has expired.
     * Defaults to 'throwError'
     */
    expiredCredentialBehavior?: ExpiredCredentialBehavior;
    terminal?: ITerminal;
}
/**
 * @public
 */
export interface ITryGetCachedCredentialOptionsLogWarning extends ITryGetCachedCredentialOptionsBase {
    /**
     * {@inheritdoc ITryGetCachedCredentialOptionsBase.expiredCredentialBehavior}
     */
    expiredCredentialBehavior: 'logWarning';
    terminal: ITerminal;
}
/**
 * @public
 */
export interface ITryGetCachedCredentialOptionsThrow extends ITryGetCachedCredentialOptionsBase {
    /**
     * {@inheritdoc ITryGetCachedCredentialOptionsBase.expiredCredentialBehavior}
     */
    expiredCredentialBehavior: 'throwError';
}
/**
 * @public
 */
export interface ITryGetCachedCredentialOptionsIgnore extends ITryGetCachedCredentialOptionsBase {
    /**
     * {@inheritdoc ITryGetCachedCredentialOptionsBase.expiredCredentialBehavior}
     */
    expiredCredentialBehavior: 'ignore';
}
export type ITryGetCachedCredentialOptions = ITryGetCachedCredentialOptionsLogWarning | ITryGetCachedCredentialOptionsThrow | ITryGetCachedCredentialOptionsIgnore;
/**
 * @public
 */
export type AzureEnvironmentName = keyof typeof AzureAuthorityHosts;
/**
 * @public
 */
export type LoginFlowType = 'DeviceCode' | 'InteractiveBrowser' | 'AdoCodespacesAuth' | 'VisualStudioCode' | 'AzureCli' | 'AzureDeveloperCli' | 'AzurePowerShell';
/**
 * @public
 */
export interface IAzureAuthenticationBaseOptions {
    azureEnvironment?: AzureEnvironmentName;
    credentialUpdateCommandForLogging?: string | undefined;
    loginFlow?: LoginFlowType;
    /**
     * A map to define the failover order for login flows. When a login flow fails to get a credential,
     * the next login flow in the map will be attempted. If the login flow fails and there is no next
     * login flow, the error will be thrown.
     *
     * @defaultValue
     * ```json
     * {
     *   "AdoCodespacesAuth": "VisualStudioCode",
     *   "VisualStudioCode": "AzureCli",
     *   "AzureCli": "AzureDeveloperCli",
     *   "AzureDeveloperCli": "AzurePowerShell",
     *   "AzurePowerShell": "InteractiveBrowser",
     *   "InteractiveBrowser": "DeviceCode",
     *   "DeviceCode": undefined
     * }
     * ```
     */
    loginFlowFailover?: {
        [key in LoginFlowType]?: LoginFlowType;
    };
}
/**
 * @public
 */ export interface ICredentialResult {
    credentialString: string;
    expiresOn?: Date;
    credentialMetadata?: object;
}
/**
 * @public
 */
export declare abstract class AzureAuthenticationBase {
    protected abstract readonly _credentialNameForCache: string;
    protected abstract readonly _credentialKindForLogging: string;
    protected readonly _credentialUpdateCommandForLogging: string | undefined;
    protected readonly _additionalDeviceCodeCredentialOptions: DeviceCodeCredentialOptions | undefined;
    protected readonly _additionalInteractiveCredentialOptions: InteractiveBrowserCredentialNodeOptions | undefined;
    protected readonly _azureEnvironment: AzureEnvironmentName;
    protected readonly _loginFlow: LoginFlowType;
    protected readonly _failoverOrder: {
        [key in LoginFlowType]?: LoginFlowType;
    } | undefined;
    private __credentialCacheId;
    protected get _credentialCacheId(): string;
    constructor(options: IAzureAuthenticationBaseOptions);
    updateCachedCredentialAsync(terminal: ITerminal, credential: string): Promise<void>;
    /**
     * Launches an interactive flow to renew a cached credential.
     *
     * @param terminal - The terminal to log output to
     * @param onlyIfExistingCredentialExpiresBefore - If specified, and a cached credential exists, action will only
     * be taken if the cached credential expires before the specified date.
     */
    updateCachedCredentialInteractiveAsync(terminal: ITerminal, onlyIfExistingCredentialExpiresBefore?: Date): Promise<void>;
    deleteCachedCredentialsAsync(terminal: ITerminal): Promise<void>;
    tryGetCachedCredentialAsync(options?: ITryGetCachedCredentialOptionsThrow | ITryGetCachedCredentialOptionsIgnore): Promise<ICredentialCacheEntry | undefined>;
    tryGetCachedCredentialAsync(options: ITryGetCachedCredentialOptionsLogWarning): Promise<ICredentialCacheEntry | undefined>;
    /**
     * Get parts of the cache ID that are specific to the credential type. Note that this should
     * not contain the Azure environment or the {@link AzureAuthenticationBase._credentialNameForCache}
     * value, as those are added automatically.
     */
    protected abstract _getCacheIdParts(): string[];
    protected abstract _getCredentialFromTokenAsync(terminal: ITerminal, tokenCredential: TokenCredential, credentialsCache: CredentialCache): Promise<ICredentialResult>;
    private _getCredentialAsync;
}
//# sourceMappingURL=AzureAuthenticationBase.d.ts.map