1 | import { AccessToken } from '@azure/core-auth';
|
2 | import { AzureLogger } from '@azure/logger';
|
3 | import { CommonClientOptions } from '@azure/core-client';
|
4 | import { GetTokenOptions } from '@azure/core-auth';
|
5 | import { LogPolicyOptions } from '@azure/core-rest-pipeline';
|
6 | import { TokenCredential } from '@azure/core-auth';
|
7 |
|
8 | export { AccessToken }
|
9 |
|
10 | /**
|
11 | * Provides an `errors` array containing {@link AuthenticationError} instance
|
12 | * for authentication failures from credentials in a {@link ChainedTokenCredential}.
|
13 | */
|
14 | export declare class AggregateAuthenticationError extends Error {
|
15 | /**
|
16 | * The array of error objects that were thrown while trying to authenticate
|
17 | * with the credentials in a {@link ChainedTokenCredential}.
|
18 | */
|
19 | errors: any[];
|
20 | constructor(errors: any[], errorMessage?: string);
|
21 | }
|
22 |
|
23 | /**
|
24 | * The Error.name value of an AggregateAuthenticationError
|
25 | */
|
26 | export declare const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
|
27 |
|
28 | /**
|
29 | * Provides details about a failure to authenticate with Azure Active
|
30 | * Directory. The `errorResponse` field contains more details about
|
31 | * the specific failure.
|
32 | */
|
33 | export declare class AuthenticationError extends Error {
|
34 | /**
|
35 | * The HTTP status code returned from the authentication request.
|
36 | */
|
37 | readonly statusCode: number;
|
38 | /**
|
39 | * The error response details.
|
40 | */
|
41 | readonly errorResponse: ErrorResponse;
|
42 | constructor(statusCode: number, errorBody: object | string | undefined | null);
|
43 | }
|
44 |
|
45 | /**
|
46 | * The Error.name value of an AuthenticationError
|
47 | */
|
48 | export declare const AuthenticationErrorName = "AuthenticationError";
|
49 |
|
50 | /**
|
51 | * The record to use to find the cached tokens in the cache.
|
52 | */
|
53 | export declare interface AuthenticationRecord {
|
54 | /**
|
55 | * The associated authority, if used.
|
56 | */
|
57 | authority: string;
|
58 | /**
|
59 | * The home account Id.
|
60 | */
|
61 | homeAccountId: string;
|
62 | /**
|
63 | * The associated client ID.
|
64 | */
|
65 | clientId: string;
|
66 | /**
|
67 | * The associated tenant ID.
|
68 | */
|
69 | tenantId: string;
|
70 | /**
|
71 | * The username of the logged in account.
|
72 | */
|
73 | username: string;
|
74 | }
|
75 |
|
76 | /**
|
77 | * Error used to enforce authentication after trying to retrieve a token silently.
|
78 | */
|
79 | export declare class AuthenticationRequiredError extends Error {
|
80 | /**
|
81 | * The list of scopes for which the token will have access.
|
82 | */
|
83 | scopes: string[];
|
84 | /**
|
85 | * The options passed to the getToken request.
|
86 | */
|
87 | getTokenOptions?: GetTokenOptions;
|
88 | constructor(
|
89 | /**
|
90 | * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
|
91 | */
|
92 | options: AuthenticationRequiredErrorOptions);
|
93 | }
|
94 |
|
95 | /**
|
96 | * Optional parameters to the { AuthenticationRequiredError}
|
97 | */
|
98 | export declare interface AuthenticationRequiredErrorOptions {
|
99 | /**
|
100 | * The list of scopes for which the token will have access.
|
101 | */
|
102 | scopes: string[];
|
103 | /**
|
104 | * The options passed to the getToken request.
|
105 | */
|
106 | getTokenOptions?: GetTokenOptions;
|
107 | /**
|
108 | * The message of the error.
|
109 | */
|
110 | message?: string;
|
111 | }
|
112 |
|
113 | /**
|
114 | * Provides options to configure how the Identity library
|
115 | * does authority validation during authentication requests
|
116 | * to Azure Active Directory.
|
117 | */
|
118 | export declare interface AuthorityValidationOptions {
|
119 | /**
|
120 | * The field determines whether instance discovery is performed when attempting to authenticate.
|
121 | * Setting this to `true` will completely disable both instance discovery and authority validation.
|
122 | * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
|
123 | * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
|
124 | * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
|
125 | */
|
126 | disableInstanceDiscovery?: boolean;
|
127 | }
|
128 |
|
129 | /**
|
130 | * Enables authentication to Azure Active Directory using an authorization code
|
131 | * that was obtained through the authorization code flow, described in more detail
|
132 | * in the Azure Active Directory documentation:
|
133 | *
|
134 | * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
|
135 | */
|
136 | export declare class AuthorizationCodeCredential implements TokenCredential {
|
137 | private msalFlow;
|
138 | private disableAutomaticAuthentication?;
|
139 | private authorizationCode;
|
140 | private redirectUri;
|
141 | private tenantId?;
|
142 | private additionallyAllowedTenantIds;
|
143 | /**
|
144 | * Creates an instance of AuthorizationCodeCredential with the details needed
|
145 | * to request an access token using an authentication that was obtained
|
146 | * from Azure Active Directory.
|
147 | *
|
148 | * It is currently necessary for the user of this credential to initiate
|
149 | * the authorization code flow to obtain an authorization code to be used
|
150 | * with this credential. A full example of this flow is provided here:
|
151 | *
|
152 | * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
|
153 | *
|
154 | * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
|
155 | * 'common' may be used when dealing with multi-tenant scenarios.
|
156 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
157 | * @param clientSecret - A client secret that was generated for the App Registration
|
158 | * @param authorizationCode - An authorization code that was received from following the
|
159 | authorization code flow. This authorization code must not
|
160 | have already been used to obtain an access token.
|
161 | * @param redirectUri - The redirect URI that was used to request the authorization code.
|
162 | Must be the same URI that is configured for the App Registration.
|
163 | * @param options - Options for configuring the client which makes the access token request.
|
164 | */
|
165 | constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
|
166 | /**
|
167 | * Creates an instance of AuthorizationCodeCredential with the details needed
|
168 | * to request an access token using an authentication that was obtained
|
169 | * from Azure Active Directory.
|
170 | *
|
171 | * It is currently necessary for the user of this credential to initiate
|
172 | * the authorization code flow to obtain an authorization code to be used
|
173 | * with this credential. A full example of this flow is provided here:
|
174 | *
|
175 | * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
|
176 | *
|
177 | * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
|
178 | * 'common' may be used when dealing with multi-tenant scenarios.
|
179 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
180 | * @param authorizationCode - An authorization code that was received from following the
|
181 | authorization code flow. This authorization code must not
|
182 | have already been used to obtain an access token.
|
183 | * @param redirectUri - The redirect URI that was used to request the authorization code.
|
184 | Must be the same URI that is configured for the App Registration.
|
185 | * @param options - Options for configuring the client which makes the access token request.
|
186 | */
|
187 | constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
|
188 | /**
|
189 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
190 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
191 | *
|
192 | * @param scopes - The list of scopes for which the token will have access.
|
193 | * @param options - The options used to configure any requests this
|
194 | * TokenCredential implementation might make.
|
195 | */
|
196 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
197 | }
|
198 |
|
199 | /**
|
200 | * Options for the { AuthorizationCodeCredential}
|
201 | */
|
202 | export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
203 | }
|
204 |
|
205 | /**
|
206 | * A list of known Azure authority hosts
|
207 | */
|
208 | export declare enum AzureAuthorityHosts {
|
209 | /**
|
210 | * China-based Azure Authority Host
|
211 | */
|
212 | AzureChina = "https://login.chinacloudapi.cn",
|
213 | /**
|
214 | * Germany-based Azure Authority Host
|
215 | */
|
216 | AzureGermany = "https://login.microsoftonline.de",
|
217 | /**
|
218 | * US Government Azure Authority Host
|
219 | */
|
220 | AzureGovernment = "https://login.microsoftonline.us",
|
221 | /**
|
222 | * Public Cloud Azure Authority Host
|
223 | */
|
224 | AzurePublicCloud = "https://login.microsoftonline.com"
|
225 | }
|
226 |
|
227 | /**
|
228 | * This credential will use the currently logged-in user login information
|
229 | * via the Azure CLI ('az') commandline tool.
|
230 | * To do so, it will read the user access token and expire time
|
231 | * with Azure CLI command "az account get-access-token".
|
232 | */
|
233 | export declare class AzureCliCredential implements TokenCredential {
|
234 | private tenantId?;
|
235 | private additionallyAllowedTenantIds;
|
236 | private timeout?;
|
237 | /**
|
238 | * Creates an instance of the {@link AzureCliCredential}.
|
239 | *
|
240 | * To use this credential, ensure that you have already logged
|
241 | * in via the 'az' tool using the command "az login" from the commandline.
|
242 | *
|
243 | * @param options - Options, to optionally allow multi-tenant requests.
|
244 | */
|
245 | constructor(options?: AzureCliCredentialOptions);
|
246 | /**
|
247 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
248 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
249 | *
|
250 | * for which the token will have access.
scopes - The list of scopes |
251 | * any requests this
options - The options used to configure |
252 | * TokenCredential implementation might make.
|
253 | */
|
254 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
255 | }
|
256 |
|
257 | /**
|
258 | * Options for the {@link AzureCliCredential}
|
259 | */
|
260 | export declare interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
|
261 | /**
|
262 | * Allows specifying a tenant ID
|
263 | */
|
264 | tenantId?: string;
|
265 | /**
|
266 | * Process timeout configurable for making token requests, provided in milliseconds
|
267 | */
|
268 | processTimeoutInMs?: number;
|
269 | }
|
270 |
|
271 | /**
|
272 | * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
|
273 | * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
|
274 | * to Azure developers. It allows users to authenticate as a user and/or a service principal against
|
275 | * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Azure Active Directory (Azure AD)
|
276 | * </a>. The AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
|
277 | * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
|
278 | * service principal and executes an Azure CLI command underneath to authenticate the application against
|
279 | * Azure Active Directory.
|
280 | *
|
281 | * <h2> Configure AzureDeveloperCliCredential </h2>
|
282 | *
|
283 | * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
|
284 | * commands below:
|
285 | *
|
286 | * <ol>
|
287 | * <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
|
288 | * <li>Run "azd auth login --client-id clientID --client-secret clientSecret
|
289 | * --tenant-id tenantID" to authenticate as a service principal.</li>
|
290 | * </ol>
|
291 | *
|
292 | * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
|
293 | * organization. Generally, the refresh token validity period is a few weeks to a few months.
|
294 | * AzureDeveloperCliCredential will prompt you to sign in again.
|
295 | */
|
296 | export declare class AzureDeveloperCliCredential implements TokenCredential {
|
297 | private tenantId?;
|
298 | private additionallyAllowedTenantIds;
|
299 | private timeout?;
|
300 | /**
|
301 | * Creates an instance of the {@link AzureDeveloperCliCredential}.
|
302 | *
|
303 | * To use this credential, ensure that you have already logged
|
304 | * in via the 'azd' tool using the command "azd auth login" from the commandline.
|
305 | *
|
306 | * @param options - Options, to optionally allow multi-tenant requests.
|
307 | */
|
308 | constructor(options?: AzureDeveloperCliCredentialOptions);
|
309 | /**
|
310 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
311 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
312 | *
|
313 | * for which the token will have access.
scopes - The list of scopes |
314 | * any requests this
options - The options used to configure |
315 | * TokenCredential implementation might make.
|
316 | */
|
317 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
318 | }
|
319 |
|
320 | /**
|
321 | * Options for the {@link AzureDeveloperCliCredential}
|
322 | */
|
323 | export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
|
324 | /**
|
325 | * Allows specifying a tenant ID
|
326 | */
|
327 | tenantId?: string;
|
328 | /**
|
329 | * Process timeout configurable for making token requests, provided in milliseconds
|
330 | */
|
331 | processTimeoutInMs?: number;
|
332 | }
|
333 |
|
334 | /**
|
335 | * This credential will use the currently logged-in user information from the
|
336 | * Azure PowerShell module. To do so, it will read the user access token and
|
337 | * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
|
338 | */
|
339 | export declare class AzurePowerShellCredential implements TokenCredential {
|
340 | private tenantId?;
|
341 | private additionallyAllowedTenantIds;
|
342 | private timeout?;
|
343 | /**
|
344 | * Creates an instance of the {@link AzurePowerShellCredential}.
|
345 | *
|
346 | * To use this credential:
|
347 | * - Install the Azure Az PowerShell module with:
|
348 | * `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
|
349 | * - You have already logged in to Azure PowerShell using the command
|
350 | * `Connect-AzAccount` from the command line.
|
351 | *
|
352 | * @param options - Options, to optionally allow multi-tenant requests.
|
353 | */
|
354 | constructor(options?: AzurePowerShellCredentialOptions);
|
355 | /**
|
356 | * Gets the access token from Azure PowerShell
|
357 | * @param resource - The resource to use when getting the token
|
358 | */
|
359 | private getAzurePowerShellAccessToken;
|
360 | /**
|
361 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
362 | * If the authentication cannot be performed through PowerShell, a { CredentialUnavailableError} will be thrown.
|
363 | *
|
364 | * for which the token will have access.
scopes - The list of scopes |
365 | * any requests this TokenCredential implementation might make.
options - The options used to configure |
366 | */
|
367 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
368 | }
|
369 |
|
370 | /**
|
371 | * Options for the {@link AzurePowerShellCredential}
|
372 | */
|
373 | export declare interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
|
374 | /**
|
375 | * Allows specifying a tenant ID
|
376 | */
|
377 | tenantId?: string;
|
378 | /**
|
379 | * Process timeout configurable for making token requests, provided in milliseconds
|
380 | */
|
381 | processTimeoutInMs?: number;
|
382 | }
|
383 |
|
384 | /**
|
385 | * (Browser-only feature)
|
386 | * The "login style" to use in the authentication flow:
|
387 | * - "redirect" redirects the user to the authentication page and then
|
388 | * redirects them back to the page once authentication is completed.
|
389 | * - "popup" opens a new browser window through with the redirect flow
|
390 | * is initiated. The user's existing browser window does not leave
|
391 | * the current page
|
392 | */
|
393 | export declare type BrowserLoginStyle = "redirect" | "popup";
|
394 |
|
395 | /**
|
396 | * Enables multiple `TokenCredential` implementations to be tried in order
|
397 | * until one of the getToken methods returns an access token.
|
398 | */
|
399 | export declare class ChainedTokenCredential implements TokenCredential {
|
400 | private _sources;
|
401 | /**
|
402 | * Creates an instance of ChainedTokenCredential using the given credentials.
|
403 | *
|
404 | * @param sources - `TokenCredential` implementations to be tried in order.
|
405 | *
|
406 | * Example usage:
|
407 | * ```javascript
|
408 | * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
|
409 | * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
|
410 | * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
|
411 | * ```
|
412 | */
|
413 | constructor(...sources: TokenCredential[]);
|
414 | /**
|
415 | * Returns the first access token returned by one of the chained
|
416 | * `TokenCredential` implementations. Throws an { AggregateAuthenticationError}
|
417 | * when one or more credentials throws an { AuthenticationError} and
|
418 | * no credentials have returned an access token.
|
419 | *
|
420 | * This method is called automatically by Azure SDK client libraries. You may call this method
|
421 | * directly, but you must also handle token caching and token refreshing.
|
422 | *
|
423 | * for which the token will have access.
scopes - The list of scopes |
424 | * any requests this
options - The options used to configure |
425 | * `TokenCredential` implementation might make.
|
426 | */
|
427 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
428 | private getTokenInternal;
|
429 | }
|
430 |
|
431 | /**
|
432 | * Authenticates a service principal with a JWT assertion.
|
433 | */
|
434 | export declare class ClientAssertionCredential implements TokenCredential {
|
435 | private msalFlow;
|
436 | private tenantId;
|
437 | private additionallyAllowedTenantIds;
|
438 | private clientId;
|
439 | private options;
|
440 | /**
|
441 | * Creates an instance of the ClientAssertionCredential with the details
|
442 | * needed to authenticate against Azure Active Directory with a client
|
443 | * assertion provided by the developer through the `getAssertion` function parameter.
|
444 | *
|
445 | * @param tenantId - The Azure Active Directory tenant (directory) ID.
|
446 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
447 | * @param getAssertion - A function that retrieves the assertion for the credential to use.
|
448 | * @param options - Options for configuring the client which makes the authentication request.
|
449 | */
|
450 | constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
|
451 | /**
|
452 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
453 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
454 | *
|
455 | * for which the token will have access.
scopes - The list of scopes |
456 | * any requests this
options - The options used to configure |
457 | * TokenCredential implementation might make.
|
458 | */
|
459 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
460 | }
|
461 |
|
462 | /**
|
463 | * Options for the {@link ClientAssertionCredential}
|
464 | */
|
465 | export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
466 | }
|
467 |
|
468 | /**
|
469 | * Enables authentication to Azure Active Directory using a PEM-encoded
|
470 | * certificate that is assigned to an App Registration. More information
|
471 | * on how to configure certificate authentication can be found here:
|
472 | *
|
473 | * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
|
474 | *
|
475 | */
|
476 | export declare class ClientCertificateCredential implements TokenCredential {
|
477 | private tenantId;
|
478 | private additionallyAllowedTenantIds;
|
479 | private msalFlow;
|
480 | /**
|
481 | * Creates an instance of the ClientCertificateCredential with the details
|
482 | * needed to authenticate against Azure Active Directory with a certificate.
|
483 | *
|
484 | * @param tenantId - The Azure Active Directory tenant (directory) ID.
|
485 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
486 | * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
|
487 | * @param options - Options for configuring the client which makes the authentication request.
|
488 | */
|
489 | constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
|
490 | /**
|
491 | * Creates an instance of the ClientCertificateCredential with the details
|
492 | * needed to authenticate against Azure Active Directory with a certificate.
|
493 | *
|
494 | * @param tenantId - The Azure Active Directory tenant (directory) ID.
|
495 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
496 | * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
|
497 | * If the type is ignored, we will throw the value of the path to a PEM certificate.
|
498 | * @param options - Options for configuring the client which makes the authentication request.
|
499 | */
|
500 | constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
|
501 | /**
|
502 | * Creates an instance of the ClientCertificateCredential with the details
|
503 | * needed to authenticate against Azure Active Directory with a certificate.
|
504 | *
|
505 | * @param tenantId - The Azure Active Directory tenant (directory) ID.
|
506 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
507 | * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
|
508 | * If the type is ignored, we will throw the value of the PEM-encoded certificate.
|
509 | * @param options - Options for configuring the client which makes the authentication request.
|
510 | */
|
511 | constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
|
512 | /**
|
513 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
514 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
515 | *
|
516 | * @param scopes - The list of scopes for which the token will have access.
|
517 | * @param options - The options used to configure any requests this
|
518 | * TokenCredential implementation might make.
|
519 | */
|
520 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
521 | }
|
522 |
|
523 | /**
|
524 | * Optional parameters for the {@link ClientCertificateCredential} class.
|
525 | */
|
526 | export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
|
527 | /**
|
528 | * Option to include x5c header for SubjectName and Issuer name authorization.
|
529 | * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
|
530 | */
|
531 | sendCertificateChain?: boolean;
|
532 | }
|
533 |
|
534 | /**
|
535 | * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
|
536 | */
|
537 | export declare type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
|
538 |
|
539 | /**
|
540 | * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
|
541 | */
|
542 | export declare interface ClientCertificatePEMCertificate {
|
543 | /**
|
544 | * The PEM-encoded public/private key certificate on the filesystem.
|
545 | */
|
546 | certificate: string;
|
547 | /**
|
548 | * The password for the certificate file.
|
549 | */
|
550 | certificatePassword?: string;
|
551 | }
|
552 |
|
553 | /**
|
554 | * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
|
555 | */
|
556 | export declare interface ClientCertificatePEMCertificatePath {
|
557 | /**
|
558 | * The path to the PEM-encoded public/private key certificate on the filesystem.
|
559 | */
|
560 | certificatePath: string;
|
561 | /**
|
562 | * The password for the certificate file.
|
563 | */
|
564 | certificatePassword?: string;
|
565 | }
|
566 |
|
567 | /**
|
568 | * Enables authentication to Azure Active Directory using a client secret
|
569 | * that was generated for an App Registration. More information on how
|
570 | * to configure a client secret can be found here:
|
571 | *
|
572 | * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
|
573 | *
|
574 | */
|
575 | export declare class ClientSecretCredential implements TokenCredential {
|
576 | private tenantId;
|
577 | private additionallyAllowedTenantIds;
|
578 | private msalFlow;
|
579 | /**
|
580 | * Creates an instance of the ClientSecretCredential with the details
|
581 | * needed to authenticate against Azure Active Directory with a client
|
582 | * secret.
|
583 | *
|
584 | * @param tenantId - The Azure Active Directory tenant (directory) ID.
|
585 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
586 | * @param clientSecret - A client secret that was generated for the App Registration.
|
587 | * @param options - Options for configuring the client which makes the authentication request.
|
588 | */
|
589 | constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
|
590 | /**
|
591 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
592 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
593 | *
|
594 | * for which the token will have access.
scopes - The list of scopes |
595 | * any requests this
options - The options used to configure |
596 | * TokenCredential implementation might make.
|
597 | */
|
598 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
599 | }
|
600 |
|
601 | /**
|
602 | * Optional parameters for the {@link ClientSecretCredential} class.
|
603 | */
|
604 | export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
|
605 | }
|
606 |
|
607 | /**
|
608 | * Shared configuration options for credentials that support persistent token
|
609 | * caching.
|
610 | */
|
611 | export declare interface CredentialPersistenceOptions {
|
612 | /**
|
613 | * Options to provide to the persistence layer (if one is available) when
|
614 | * storing credentials.
|
615 | *
|
616 | * You must first register a persistence provider plugin. See the
|
617 | * `@azure/identity-cache-persistence` package on NPM.
|
618 | *
|
619 | * Example:
|
620 | *
|
621 | * ```javascript
|
622 | * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
|
623 | * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
|
624 | *
|
625 | * useIdentityPlugin(cachePersistencePlugin);
|
626 | *
|
627 | * async function main() {
|
628 | * const credential = new DeviceCodeCredential({
|
629 | * tokenCachePersistenceOptions: {
|
630 | * enabled: true
|
631 | * }
|
632 | * });
|
633 | * }
|
634 | *
|
635 | * main().catch((error) => {
|
636 | * console.error("An error occurred:", error);
|
637 | * process.exit(1);
|
638 | * });
|
639 | * ```
|
640 | */
|
641 | tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
|
642 | }
|
643 |
|
644 | /**
|
645 | * This signifies that the credential that was tried in a chained credential
|
646 | * was not available to be used as the credential. Rather than treating this as
|
647 | * an error that should halt the chain, it's caught and the chain continues
|
648 | */
|
649 | export declare class CredentialUnavailableError extends Error {
|
650 | constructor(message?: string);
|
651 | }
|
652 |
|
653 | /**
|
654 | * The Error.name value of an CredentialUnavailable
|
655 | */
|
656 | export declare const CredentialUnavailableErrorName = "CredentialUnavailableError";
|
657 |
|
658 | /**
|
659 | * Provides a default { ChainedTokenCredential} configuration that should
|
660 | * work for most applications that use the Azure SDK.
|
661 | */
|
662 | export declare class DefaultAzureCredential extends ChainedTokenCredential {
|
663 | /**
|
664 | * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}
|
665 | *
|
666 | * This credential provides a default {@link ChainedTokenCredential} configuration that should
|
667 | * work for most applications that use the Azure SDK.
|
668 | *
|
669 | * The following credential types will be tried, in order:
|
670 | *
|
671 | * - {@link EnvironmentCredential}
|
672 | * - {@link WorkloadIdentityCredential}
|
673 | * - {@link ManagedIdentityCredential}
|
674 | * - {@link AzureDeveloperCliCredential}
|
675 | * - {@link AzureCliCredential}
|
676 | * - {@link AzurePowerShellCredential}
|
677 | *
|
678 | * Consult the documentation of these credential types for more information
|
679 | * on how they attempt authentication.
|
680 | *
|
681 | * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.
|
682 | */
|
683 | constructor(options?: DefaultAzureCredentialClientIdOptions);
|
684 | /**
|
685 | * Creates an instance of the DefaultAzureCredential class with { DefaultAzureCredentialResourceIdOptions}
|
686 | *
|
687 | * This credential provides a default { ChainedTokenCredential} configuration that should
|
688 | * work for most applications that use the Azure SDK.
|
689 | *
|
690 | * The following credential types will be tried, in order:
|
691 | *
|
692 | * - { EnvironmentCredential}
|
693 | * - { WorkloadIdentityCredential}
|
694 | * - { ManagedIdentityCredential}
|
695 | * - { AzureDeveloperCliCredential}
|
696 | * - { AzureCliCredential}
|
697 | * - { AzurePowerShellCredential}
|
698 | *
|
699 | * Consult the documentation of these credential types for more information
|
700 | * on how they attempt authentication.
|
701 | *
|
702 | * options - Optional parameters. See { DefaultAzureCredentialResourceIdOptions}.
|
703 | */
|
704 | constructor(options?: DefaultAzureCredentialResourceIdOptions);
|
705 | /**
|
706 | * Creates an instance of the DefaultAzureCredential class with { DefaultAzureCredentialOptions}
|
707 | *
|
708 | * This credential provides a default { ChainedTokenCredential} configuration that should
|
709 | * work for most applications that use the Azure SDK.
|
710 | *
|
711 | * The following credential types will be tried, in order:
|
712 | *
|
713 | * - { EnvironmentCredential}
|
714 | * - { WorkloadIdentityCredential}
|
715 | * - { ManagedIdentityCredential}
|
716 | * - { AzureDeveloperCliCredential}
|
717 | * - { AzureCliCredential}
|
718 | * - { AzurePowerShellCredential}
|
719 | *
|
720 | * Consult the documentation of these credential types for more information
|
721 | * on how they attempt authentication.
|
722 | *
|
723 | * options - Optional parameters. See { DefaultAzureCredentialOptions}.
|
724 | */
|
725 | constructor(options?: DefaultAzureCredentialOptions);
|
726 | }
|
727 |
|
728 | /**
|
729 | * Provides options to configure the {class.
DefaultAzureCredential} |
730 | * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.
|
731 | */
|
732 | export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {
|
733 | /**
|
734 | * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
|
735 | * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
|
736 | */
|
737 | managedIdentityClientId?: string;
|
738 | /**
|
739 | * Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.
|
740 | * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
|
741 | */
|
742 | workloadIdentityClientId?: string;
|
743 | }
|
744 |
|
745 | /**
|
746 | * Provides options to configure the {@link DefaultAzureCredential} class.
|
747 | */
|
748 | export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
749 | /**
|
750 | * Optionally pass in a Tenant ID to be used as part of the credential.
|
751 | * By default it may use a generic tenant ID depending on the underlying credential.
|
752 | */
|
753 | tenantId?: string;
|
754 | /**
|
755 | * Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},
|
756 | * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.
|
757 | * Process timeout for credentials should be provided in milliseconds.
|
758 | */
|
759 | processTimeoutInMs?: number;
|
760 | }
|
761 |
|
762 | /**
|
763 | * Provides options to configure the {@link DefaultAzureCredential} class.
|
764 | * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.
|
765 | */
|
766 | export declare interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {
|
767 | /**
|
768 | * Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.
|
769 | * In scenarios such as when user assigned identities are created using an ARM template,
|
770 | * where the resource Id of the identity is known but the client Id can't be known ahead of time,
|
771 | * this parameter allows programs to use these user assigned identities
|
772 | * without having to first determine the client Id of the created identity.
|
773 | */
|
774 | managedIdentityResourceId: string;
|
775 | }
|
776 |
|
777 | /**
|
778 | * Deserializes a previously serialized authentication record from a string into an object.
|
779 | *
|
780 | * The input string must contain the following properties:
|
781 | *
|
782 | * - "authority"
|
783 | * - "homeAccountId"
|
784 | * - "clientId"
|
785 | * - "tenantId"
|
786 | * - "username"
|
787 | * - "version"
|
788 | *
|
789 | * If the version we receive is unsupported, an error will be thrown.
|
790 | *
|
791 | * At the moment, the only available version is: "1.0", which is always set when the authentication record is serialized.
|
792 | *
|
793 | * @param serializedRecord - Authentication record previously serialized into string.
|
794 | * @returns AuthenticationRecord.
|
795 | */
|
796 | export declare function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord;
|
797 |
|
798 | /**
|
799 | * Enables authentication to Azure Active Directory using a device code
|
800 | * that the user can enter into https://microsoft.com/devicelogin.
|
801 | */
|
802 | export declare class DeviceCodeCredential implements TokenCredential {
|
803 | private tenantId?;
|
804 | private additionallyAllowedTenantIds;
|
805 | private msalFlow;
|
806 | private disableAutomaticAuthentication?;
|
807 | /**
|
808 | * Creates an instance of DeviceCodeCredential with the details needed
|
809 | * to initiate the device code authorization flow with Azure Active Directory.
|
810 | *
|
811 | * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
|
812 | *
|
813 | * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
|
814 | *
|
815 | * ```js
|
816 | * const credential = new DeviceCodeCredential({
|
817 | * tenantId: env.AZURE_TENANT_ID,
|
818 | * clientId: env.AZURE_CLIENT_ID,
|
819 | * userPromptCallback: (info) => {
|
820 | * console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
|
821 | * }
|
822 | * });
|
823 | * ```
|
824 | *
|
825 | * @param options - Options for configuring the client which makes the authentication requests.
|
826 | */
|
827 | constructor(options?: DeviceCodeCredentialOptions);
|
828 | /**
|
829 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
830 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
831 | *
|
832 | * If the user provided the option `disableAutomaticAuthentication`,
|
833 | * once the token can't be retrieved silently,
|
834 | * this method won't attempt to request user interaction to retrieve the token.
|
835 | *
|
836 | * for which the token will have access.
scopes - The list of scopes |
837 | * any requests this
options - The options used to configure |
838 | * TokenCredential implementation might make.
|
839 | */
|
840 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
841 | /**
|
842 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
843 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
844 | *
|
845 | * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
|
846 | *
|
847 | * @param scopes - The list of scopes for which the token will have access.
|
848 | * @param options - The options used to configure any requests this
|
849 | * TokenCredential implementation might make.
|
850 | */
|
851 | authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<AuthenticationRecord | undefined>;
|
852 | }
|
853 |
|
854 | /**
|
855 | * Defines options for the InteractiveBrowserCredential class for Node.js.
|
856 | */
|
857 | export declare interface DeviceCodeCredentialOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
|
858 | /**
|
859 | * The Azure Active Directory tenant (directory) ID.
|
860 | */
|
861 | tenantId?: string;
|
862 | /**
|
863 | * The client (application) ID of an App Registration in the tenant.
|
864 | */
|
865 | clientId?: string;
|
866 | /**
|
867 | * A callback function that will be invoked to show {@link DeviceCodeInfo} to the user.
|
868 | * If left unassigned, we will automatically log the device code information
|
869 | * and the authentication instructions in the console.
|
870 | */
|
871 | userPromptCallback?: DeviceCodePromptCallback;
|
872 | }
|
873 |
|
874 | /**
|
875 | * Provides the user code and verification URI where the code must be
|
876 | * entered. Also provides a message to display to the user which
|
877 | * contains an instruction with these details.
|
878 | */
|
879 | export declare interface DeviceCodeInfo {
|
880 | /**
|
881 | * The device code that the user must enter into the verification page.
|
882 | */
|
883 | userCode: string;
|
884 | /**
|
885 | * The verification URI to which the user must navigate to enter the device
|
886 | * code.
|
887 | */
|
888 | verificationUri: string;
|
889 | /**
|
890 | * A message that may be shown to the user to instruct them on how to enter
|
891 | * the device code in the page specified by the verification URI.
|
892 | */
|
893 | message: string;
|
894 | }
|
895 |
|
896 | /**
|
897 | * Defines the signature of a callback which will be passed to
|
898 | * DeviceCodeCredential for the purpose of displaying authentication
|
899 | * details to the user.
|
900 | */
|
901 | export declare type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;
|
902 |
|
903 | /**
|
904 | * Enables authentication to Azure Active Directory using a client secret or certificate, or as a user
|
905 | * with a username and password.
|
906 | */
|
907 | export declare class EnvironmentCredential implements TokenCredential {
|
908 | private _credential?;
|
909 | /**
|
910 | * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
|
911 | *
|
912 | * Required environment variables:
|
913 | * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
|
914 | * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
|
915 | *
|
916 | * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
|
917 | * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
|
918 | *
|
919 | * Environment variables used for client credential authentication:
|
920 | * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
|
921 | * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
|
922 | * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
|
923 | *
|
924 | * Alternatively, users can provide environment variables for username and password authentication:
|
925 | * - `AZURE_USERNAME`: Username to authenticate with.
|
926 | * - `AZURE_PASSWORD`: Password to authenticate with.
|
927 | *
|
928 | * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.
|
929 | * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.
|
930 | *
|
931 | * @param options - Options for configuring the client which makes the authentication request.
|
932 | */
|
933 | constructor(options?: EnvironmentCredentialOptions);
|
934 | /**
|
935 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
936 | *
|
937 | * @param scopes - The list of scopes for which the token will have access.
|
938 | * @param options - Optional parameters. See { GetTokenOptions}.
|
939 | */
|
940 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
941 | }
|
942 |
|
943 | /**
|
944 | * Enables authentication to Azure Active Directory depending on the available environment variables.
|
945 | * Defines options for the EnvironmentCredential class.
|
946 | */
|
947 | export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
948 | }
|
949 |
|
950 | /**
|
951 | * See the official documentation for more details:
|
952 | *
|
953 | * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1
|
954 | *
|
955 | * NOTE: This documentation is for v1 OAuth support but the same error
|
956 | * response details still apply to v2.
|
957 | */
|
958 | export declare interface ErrorResponse {
|
959 | /**
|
960 | * The string identifier for the error.
|
961 | */
|
962 | error: string;
|
963 | /**
|
964 | * The error's description.
|
965 | */
|
966 | errorDescription: string;
|
967 | /**
|
968 | * An array of codes pertaining to the error(s) that occurred.
|
969 | */
|
970 | errorCodes?: number[];
|
971 | /**
|
972 | * The timestamp at which the error occurred.
|
973 | */
|
974 | timestamp?: string;
|
975 | /**
|
976 | * The trace identifier for this error occurrence.
|
977 | */
|
978 | traceId?: string;
|
979 | /**
|
980 | * The correlation ID to be used for tracking the source of the error.
|
981 | */
|
982 | correlationId?: string;
|
983 | }
|
984 |
|
985 | /**
|
986 | * Returns a new instance of the {@link DefaultAzureCredential}.
|
987 | */
|
988 | export declare function getDefaultAzureCredential(): TokenCredential;
|
989 |
|
990 | export { GetTokenOptions }
|
991 |
|
992 | /**
|
993 | * The type of an Azure Identity plugin, a function accepting a plugin
|
994 | * context.
|
995 | */
|
996 | export declare type IdentityPlugin = (context: unknown) => void;
|
997 |
|
998 | /**
|
999 | * Enables authentication to Azure Active Directory inside of the web browser
|
1000 | * using the interactive login flow.
|
1001 | */
|
1002 | export declare class InteractiveBrowserCredential implements TokenCredential {
|
1003 | private tenantId?;
|
1004 | private additionallyAllowedTenantIds;
|
1005 | private msalFlow;
|
1006 | private disableAutomaticAuthentication?;
|
1007 | /**
|
1008 | * Creates an instance of InteractiveBrowserCredential with the details needed.
|
1009 | *
|
1010 | * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
|
1011 | * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
|
1012 | * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
|
1013 | *
|
1014 | * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
|
1015 | * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
|
1016 | *
|
1017 | * @param options - Options for configuring the client which makes the authentication requests.
|
1018 | */
|
1019 | constructor(options?: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions);
|
1020 | /**
|
1021 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1022 | * If authentication fails, a {with the details of the failure.
CredentialUnavailableError} will be thrown |
1023 | *
|
1024 | * If the user provided the option `disableAutomaticAuthentication`,
|
1025 | * once the token can't be retrieved silently,
|
1026 | * this method won't attempt to request user interaction to retrieve the token.
|
1027 | *
|
1028 | * for which the token will have access.
scopes - The list of scopes |
1029 | * any requests this
options - The options used to configure |
1030 | * TokenCredential implementation might make.
|
1031 | */
|
1032 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
1033 | /**
|
1034 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1035 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
1036 | *
|
1037 | * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
|
1038 | *
|
1039 | * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.
|
1040 | * PKCE is a security feature that mitigates authentication code interception attacks.
|
1041 | *
|
1042 | * @param scopes - The list of scopes for which the token will have access.
|
1043 | * @param options - The options used to configure any requests this
|
1044 | * TokenCredential implementation might make.
|
1045 | */
|
1046 | authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<AuthenticationRecord | undefined>;
|
1047 | }
|
1048 |
|
1049 | /**
|
1050 | * Defines the common options for the InteractiveBrowserCredential class.
|
1051 | */
|
1052 | export declare interface InteractiveBrowserCredentialInBrowserOptions extends InteractiveCredentialOptions {
|
1053 | /**
|
1054 | * Gets the redirect URI of the application. This should be same as the value
|
1055 | * in the application registration portal. Defaults to `window.location.href`.
|
1056 | */
|
1057 | redirectUri?: string | (() => string);
|
1058 | /**
|
1059 | * The Azure Active Directory tenant (directory) ID.
|
1060 | */
|
1061 | tenantId?: string;
|
1062 | /**
|
1063 | * The client (application) ID of an App Registration in the tenant.
|
1064 | * This parameter is required on the browser.
|
1065 | */
|
1066 | clientId: string;
|
1067 | /**
|
1068 | * Specifies whether a redirect or a popup window should be used to
|
1069 | * initiate the user authentication flow. Possible values are "redirect"
|
1070 | * or "popup" (default) for browser and "popup" (default) for node.
|
1071 | *
|
1072 | */
|
1073 | loginStyle?: BrowserLoginStyle;
|
1074 | /**
|
1075 | * loginHint allows a user name to be pre-selected for interactive logins.
|
1076 | * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
|
1077 | */
|
1078 | loginHint?: string;
|
1079 | }
|
1080 |
|
1081 | /**
|
1082 | * Defines the common options for the InteractiveBrowserCredential class.
|
1083 | */
|
1084 | export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
|
1085 | /**
|
1086 | * Gets the redirect URI of the application. This should be same as the value
|
1087 | * in the application registration portal. Defaults to `window.location.href`.
|
1088 | */
|
1089 | redirectUri?: string | (() => string);
|
1090 | /**
|
1091 | * The Azure Active Directory tenant (directory) ID.
|
1092 | */
|
1093 | tenantId?: string;
|
1094 | /**
|
1095 | * The client (application) ID of an App Registration in the tenant.
|
1096 | */
|
1097 | clientId?: string;
|
1098 | /**
|
1099 | * loginHint allows a user name to be pre-selected for interactive logins.
|
1100 | * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
|
1101 | */
|
1102 | loginHint?: string;
|
1103 | }
|
1104 |
|
1105 | /**
|
1106 | * Common constructor options for the Identity credentials that requires user interaction.
|
1107 | */
|
1108 | export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
1109 | /**
|
1110 | * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
|
1111 | * This is necessary to provide in case the application wants to work with more than one account per
|
1112 | * Client ID and Tenant ID pair.
|
1113 | *
|
1114 | * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:
|
1115 | *
|
1116 | * const authenticationRecord = await credential.authenticate();
|
1117 | *
|
1118 | */
|
1119 | authenticationRecord?: AuthenticationRecord;
|
1120 | /**
|
1121 | * Makes getToken throw if a manual authentication is necessary.
|
1122 | * Developers will need to call to `authenticate()` to control when to manually authenticate.
|
1123 | */
|
1124 | disableAutomaticAuthentication?: boolean;
|
1125 | }
|
1126 |
|
1127 | /**
|
1128 | * The AzureLogger used for all clients within the identity package
|
1129 | */
|
1130 | export declare const logger: AzureLogger;
|
1131 |
|
1132 | /**
|
1133 | * Attempts authentication using a managed identity available at the deployment environment.
|
1134 | * This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
|
1135 | * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
|
1136 | *
|
1137 | * More information about configuring managed identities can be found here:
|
1138 | * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
|
1139 | */
|
1140 | export declare class ManagedIdentityCredential implements TokenCredential {
|
1141 | private identityClient;
|
1142 | private clientId;
|
1143 | private resourceId;
|
1144 | private isEndpointUnavailable;
|
1145 | private isAvailableIdentityClient;
|
1146 | private confidentialApp;
|
1147 | private isAppTokenProviderInitialized;
|
1148 | /**
|
1149 | * Creates an instance of ManagedIdentityCredential with the client ID of a
|
1150 | * user-assigned identity, or app registration (when working with AKS pod-identity).
|
1151 | *
|
1152 | * @param clientId - The client ID of the user-assigned identity, or app registration (when working with AKS pod-identity).
|
1153 | * @param options - Options for configuring the client which makes the access token request.
|
1154 | */
|
1155 | constructor(clientId: string, options?: TokenCredentialOptions);
|
1156 | /**
|
1157 | * Creates an instance of ManagedIdentityCredential with clientId
|
1158 | *
|
1159 | * @param options - Options for configuring the client which makes the access token request.
|
1160 | */
|
1161 | constructor(options?: ManagedIdentityCredentialClientIdOptions);
|
1162 | /**
|
1163 | * Creates an instance of ManagedIdentityCredential with Resource Id
|
1164 | *
|
1165 | * @param options - Options for configuring the resource which makes the access token request.
|
1166 | */
|
1167 | constructor(options?: ManagedIdentityCredentialResourceIdOptions);
|
1168 | private cachedMSI;
|
1169 | private cachedAvailableMSI;
|
1170 | private authenticateManagedIdentity;
|
1171 | /**
|
1172 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1173 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
1174 | * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
|
1175 | *
|
1176 | * @param scopes - The list of scopes for which the token will have access.
|
1177 | * @param options - The options used to configure any requests this
|
1178 | * TokenCredential implementation might make.
|
1179 | */
|
1180 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
1181 | /**
|
1182 | * Handles the MSAL authentication result.
|
1183 | * If the result has an account, we update the local account reference.
|
1184 | * If the token received is invalid, an error will be thrown depending on what's missing.
|
1185 | */
|
1186 | private handleResult;
|
1187 | /* Excluded from this release type: ensureValidMsalToken */
|
1188 | }
|
1189 |
|
1190 | /**
|
1191 | * Options to send on the {@link ManagedIdentityCredential} constructor.
|
1192 | * This variation supports `clientId` and not `resourceId`, since only one of both is supported.
|
1193 | */
|
1194 | export declare interface ManagedIdentityCredentialClientIdOptions extends TokenCredentialOptions {
|
1195 | /**
|
1196 | * The client ID of the user - assigned identity, or app registration(when working with AKS pod - identity).
|
1197 | */
|
1198 | clientId?: string;
|
1199 | }
|
1200 |
|
1201 | /**
|
1202 | * Options to send on the {@link ManagedIdentityCredential} constructor.
|
1203 | * This variation supports `resourceId` and not `clientId`, since only one of both is supported.
|
1204 | */
|
1205 | export declare interface ManagedIdentityCredentialResourceIdOptions extends TokenCredentialOptions {
|
1206 | /**
|
1207 | * Allows specifying a custom resource Id.
|
1208 | * In scenarios such as when user assigned identities are created using an ARM template,
|
1209 | * where the resource Id of the identity is known but the client Id can't be known ahead of time,
|
1210 | * this parameter allows programs to use these user assigned identities
|
1211 | * without having to first determine the client Id of the created identity.
|
1212 | */
|
1213 | resourceId: string;
|
1214 | }
|
1215 |
|
1216 | /**
|
1217 | * Options for multi-tenant applications which allows for additionally allowed tenants.
|
1218 | */
|
1219 | export declare interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {
|
1220 | /**
|
1221 | * For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
|
1222 | * Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
|
1223 | */
|
1224 | additionallyAllowedTenants?: string[];
|
1225 | }
|
1226 |
|
1227 | /**
|
1228 | * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
|
1229 | */
|
1230 | export declare class OnBehalfOfCredential implements TokenCredential {
|
1231 | private options;
|
1232 | private tenantId;
|
1233 | private additionallyAllowedTenantIds;
|
1234 | private msalFlow;
|
1235 | /**
|
1236 | * Creates an instance of the {@link OnBehalfOfCredential} with the details
|
1237 | * needed to authenticate against Azure Active Directory with path to a PEM certificate,
|
1238 | * and an user assertion.
|
1239 | *
|
1240 | * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
1241 | *
|
1242 | * ```ts
|
1243 | * const tokenCredential = new OnBehalfOfCredential({
|
1244 | * tenantId,
|
1245 | * clientId,
|
1246 | * certificatePath: "/path/to/certificate.pem",
|
1247 | * userAssertionToken: "access-token"
|
1248 | * });
|
1249 | * const client = new KeyClient("vault-url", tokenCredential);
|
1250 | *
|
1251 | * await client.getKey("key-name");
|
1252 | * ```
|
1253 | *
|
1254 | * @param options - Optional parameters, generally common across credentials.
|
1255 | */
|
1256 | constructor(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
|
1257 | /**
|
1258 | * Creates an instance of the {@link OnBehalfOfCredential} with the details
|
1259 | * needed to authenticate against Azure Active Directory with a client
|
1260 | * secret and an user assertion.
|
1261 | *
|
1262 | * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
|
1263 | *
|
1264 | * ```ts
|
1265 | * const tokenCredential = new OnBehalfOfCredential({
|
1266 | * tenantId,
|
1267 | * clientId,
|
1268 | * clientSecret,
|
1269 | * userAssertionToken: "access-token"
|
1270 | * });
|
1271 | * const client = new KeyClient("vault-url", tokenCredential);
|
1272 | *
|
1273 | * await client.getKey("key-name");
|
1274 | * ```
|
1275 | *
|
1276 | * @param options - Optional parameters, generally common across credentials.
|
1277 | */
|
1278 | constructor(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
|
1279 | /**
|
1280 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1281 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
1282 | *
|
1283 | * @param scopes - The list of scopes for which the token will have access.
|
1284 | * @param options - The options used to configure the underlying network requests.
|
1285 | */
|
1286 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
1287 | }
|
1288 |
|
1289 | /**
|
1290 | * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.
|
1291 | */
|
1292 | export declare interface OnBehalfOfCredentialCertificateOptions {
|
1293 | /**
|
1294 | * The Azure Active Directory tenant (directory) ID.
|
1295 | */
|
1296 | tenantId: string;
|
1297 | /**
|
1298 | * The client (application) ID of an App Registration in the tenant.
|
1299 | */
|
1300 | clientId: string;
|
1301 | /**
|
1302 | * The path to a PEM-encoded public/private key certificate on the filesystem.
|
1303 | */
|
1304 | certificatePath: string;
|
1305 | /**
|
1306 | * The user assertion for the On-Behalf-Of flow.
|
1307 | */
|
1308 | userAssertionToken: string;
|
1309 | /**
|
1310 | * Option to include x5c header for SubjectName and Issuer name authorization.
|
1311 | * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
|
1312 | */
|
1313 | sendCertificateChain?: boolean;
|
1314 | }
|
1315 |
|
1316 | /**
|
1317 | * Optional parameters for the {@link OnBehalfOfCredential} class.
|
1318 | */
|
1319 | export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions & AuthorityValidationOptions;
|
1320 |
|
1321 | /**
|
1322 | * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
|
1323 | */
|
1324 | export declare interface OnBehalfOfCredentialSecretOptions {
|
1325 | /**
|
1326 | * The Azure Active Directory tenant (directory) ID.
|
1327 | */
|
1328 | tenantId: string;
|
1329 | /**
|
1330 | * The client (application) ID of an App Registration in the tenant.
|
1331 | */
|
1332 | clientId: string;
|
1333 | /**
|
1334 | * A client secret that was generated for the App Registration.
|
1335 | */
|
1336 | clientSecret: string;
|
1337 | /**
|
1338 | * The user assertion for the On-Behalf-Of flow.
|
1339 | */
|
1340 | userAssertionToken: string;
|
1341 | }
|
1342 |
|
1343 | /**
|
1344 | * Serializes an `AuthenticationRecord` into a string.
|
1345 | *
|
1346 | * The output of a serialized authentication record will contain the following properties:
|
1347 | *
|
1348 | * - "authority"
|
1349 | * - "homeAccountId"
|
1350 | * - "clientId"
|
1351 | * - "tenantId"
|
1352 | * - "username"
|
1353 | * - "version"
|
1354 | *
|
1355 | * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.
|
1356 | */
|
1357 | export declare function serializeAuthenticationRecord(record: AuthenticationRecord): string;
|
1358 |
|
1359 | /**
|
1360 | * Parameters that enable token cache persistence in the Identity credentials.
|
1361 | */
|
1362 | export declare interface TokenCachePersistenceOptions {
|
1363 | /**
|
1364 | * If set to true, persistent token caching will be enabled for this credential instance.
|
1365 | */
|
1366 | enabled: boolean;
|
1367 | /**
|
1368 | * Unique identifier for the persistent token cache.
|
1369 | *
|
1370 | * Based on this identifier, the persistence file will be located in any of the following places:
|
1371 | * - Darwin: '/Users/user/.IdentityService/<name>'
|
1372 | * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'
|
1373 | * - Linux: '/home/user/.IdentityService/<name>'
|
1374 | */
|
1375 | name?: string;
|
1376 | /**
|
1377 | * If set to true, the cache will be stored without encryption if no OS level user encryption is available.
|
1378 | * When set to false, the PersistentTokenCache will throw an error if no OS level user encryption is available.
|
1379 | */
|
1380 | unsafeAllowUnencryptedStorage?: boolean;
|
1381 | }
|
1382 |
|
1383 | export { TokenCredential }
|
1384 |
|
1385 | /**
|
1386 | * Provides options to configure how the Identity library makes authentication
|
1387 | * requests to Azure Active Directory.
|
1388 | */
|
1389 | export declare interface TokenCredentialOptions extends CommonClientOptions {
|
1390 | /**
|
1391 | * The authority host to use for authentication requests.
|
1392 | * Possible values are available through {@link AzureAuthorityHosts}.
|
1393 | * The default is "https://login.microsoftonline.com".
|
1394 | */
|
1395 | authorityHost?: string;
|
1396 | /**
|
1397 | * Allows logging account information once the authentication flow succeeds.
|
1398 | */
|
1399 | loggingOptions?: LogPolicyOptions & {
|
1400 | allowLoggingAccountIdentifiers?: boolean;
|
1401 | };
|
1402 | }
|
1403 |
|
1404 | /**
|
1405 | * Extend Azure Identity with additional functionality. Pass a plugin from
|
1406 | * a plugin package, such as:
|
1407 | *
|
1408 | * - `@azure/identity-cache-persistence`: provides persistent token caching
|
1409 | * - `@azure/identity-vscode`: provides the dependencies of
|
1410 | * `VisualStudioCodeCredential` and enables it
|
1411 | *
|
1412 | * Example:
|
1413 | *
|
1414 | * ```javascript
|
1415 | * import { cachePersistencePlugin } from "@azure/identity-cache-persistence";
|
1416 | *
|
1417 | * import { useIdentityPlugin, DefaultAzureCredential } from "@azure/identity";
|
1418 | * useIdentityPlugin(cachePersistencePlugin);
|
1419 | *
|
1420 | * // The plugin has the capability to extend `DefaultAzureCredential` and to
|
1421 | * // add middleware to the underlying credentials, such as persistence.
|
1422 | * const credential = new DefaultAzureCredential({
|
1423 | * tokenCachePersistenceOptions: {
|
1424 | * enabled: true
|
1425 | * }
|
1426 | * });
|
1427 | * ```
|
1428 | *
|
1429 | * @param plugin - the plugin to register
|
1430 | */
|
1431 | export declare function useIdentityPlugin(plugin: IdentityPlugin): void;
|
1432 |
|
1433 | /**
|
1434 | * Enables authentication to Azure Active Directory with a user's
|
1435 | * username and password. This credential requires a high degree of
|
1436 | * trust so you should only use it when other, more secure credential
|
1437 | * types can't be used.
|
1438 | */
|
1439 | export declare class UsernamePasswordCredential implements TokenCredential {
|
1440 | private tenantId;
|
1441 | private additionallyAllowedTenantIds;
|
1442 | private msalFlow;
|
1443 | /**
|
1444 | * Creates an instance of the UsernamePasswordCredential with the details
|
1445 | * needed to authenticate against Azure Active Directory with a username
|
1446 | * and password.
|
1447 | *
|
1448 | * @param tenantId - The Azure Active Directory tenant (directory).
|
1449 | * @param clientId - The client (application) ID of an App Registration in the tenant.
|
1450 | * @param username - The user account's e-mail address (user name).
|
1451 | * @param password - The user account's account password
|
1452 | * @param options - Options for configuring the client which makes the authentication request.
|
1453 | */
|
1454 | constructor(tenantId: string, clientId: string, username: string, password: string, options?: UsernamePasswordCredentialOptions);
|
1455 | /**
|
1456 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1457 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
1458 | *
|
1459 | * If the user provided the option `disableAutomaticAuthentication`,
|
1460 | * once the token can't be retrieved silently,
|
1461 | * this method won't attempt to request user interaction to retrieve the token.
|
1462 | *
|
1463 | * @param scopes - The list of scopes for which the token will have access.
|
1464 | * @param options - The options used to configure any requests this
|
1465 | * TokenCredential implementation might make.
|
1466 | */
|
1467 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
1468 | }
|
1469 |
|
1470 | /**
|
1471 | * Defines options for the {@link UsernamePasswordCredential} class.
|
1472 | */
|
1473 | export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
|
1474 | }
|
1475 |
|
1476 | /**
|
1477 | * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
|
1478 | * Once the user has logged in via the extension, this credential can share the same refresh token
|
1479 | * that is cached by the extension.
|
1480 | *
|
1481 | * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't
|
1482 | * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
|
1483 | * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider
|
1484 | * authenticating with {@link AzureCliCredential}.
|
1485 | */
|
1486 | export declare class VisualStudioCodeCredential implements TokenCredential {
|
1487 | private identityClient;
|
1488 | private tenantId;
|
1489 | private additionallyAllowedTenantIds;
|
1490 | private cloudName;
|
1491 | /**
|
1492 | * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
|
1493 | *
|
1494 | * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
|
1495 | * `@azure/identity-vscode`. If this package is not installed and registered
|
1496 | * using the plugin API (`useIdentityPlugin`), then authentication using
|
1497 | * `VisualStudioCodeCredential` will not be available.
|
1498 | *
|
1499 | * @param options - Options for configuring the client which makes the authentication request.
|
1500 | */
|
1501 | constructor(options?: VisualStudioCodeCredentialOptions);
|
1502 | /**
|
1503 | * Runs preparations for any further getToken request.
|
1504 | */
|
1505 | private prepare;
|
1506 | /**
|
1507 | * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.
|
1508 | */
|
1509 | private preparePromise;
|
1510 | /**
|
1511 | * Runs preparations for any further getToken, but only once.
|
1512 | */
|
1513 | private prepareOnce;
|
1514 | /**
|
1515 | * Returns the token found by searching VSCode's authentication cache or
|
1516 | * returns null if no token could be found.
|
1517 | *
|
1518 | * @param scopes - The list of scopes for which the token will have access.
|
1519 | * @param options - The options used to configure any requests this
|
1520 | * `TokenCredential` implementation might make.
|
1521 | */
|
1522 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
|
1523 | }
|
1524 |
|
1525 | /**
|
1526 | * Provides options to configure the Visual Studio Code credential.
|
1527 | */
|
1528 | export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
|
1529 | /**
|
1530 | * Optionally pass in a Tenant ID to be used as part of the credential
|
1531 | */
|
1532 | tenantId?: string;
|
1533 | }
|
1534 |
|
1535 | /**
|
1536 | * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
|
1537 | * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
|
1538 | * authentication, applications authenticate themselves using their own identity, rather than using a shared service
|
1539 | * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
|
1540 | * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
|
1541 | * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
|
1542 | * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
|
1543 | * need to worry about storing and securing sensitive credentials themselves.
|
1544 | * The WorkloadIdentityCredential supports Azure workload identity authentication on Azure Kubernetes and acquires
|
1545 | * a token using the SACs available in the Azure Kubernetes environment.
|
1546 | * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Azure Active Directory
|
1547 | * Workload Identity</a> for more information.
|
1548 | */
|
1549 | export declare class WorkloadIdentityCredential implements TokenCredential {
|
1550 | private client;
|
1551 | private azureFederatedTokenFileContent;
|
1552 | private cacheDate;
|
1553 | private federatedTokenFilePath;
|
1554 | /**
|
1555 | * WorkloadIdentityCredential supports Azure workload identity on Kubernetes.
|
1556 | *
|
1557 | * @param options - The identity client options to use for authentication.
|
1558 | */
|
1559 | constructor(options?: WorkloadIdentityCredentialOptions);
|
1560 | /**
|
1561 | * Authenticates with Azure Active Directory and returns an access token if successful.
|
1562 | * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
|
1563 | *
|
1564 | * @param scopes - The list of scopes for which the token will have access.
|
1565 | * @param options - The options used to configure any requests this
|
1566 | * TokenCredential implementation might make.
|
1567 | */
|
1568 | getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
|
1569 | private readFileContents;
|
1570 | }
|
1571 |
|
1572 | /**
|
1573 | * Options for the {@link WorkloadIdentityCredential}
|
1574 | */
|
1575 | export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
|
1576 | /**
|
1577 | * ID of the application's Azure Active Directory tenant. Also called its directory ID.
|
1578 | */
|
1579 | tenantId?: string;
|
1580 | /**
|
1581 | * The client ID of an Azure AD app registration.
|
1582 | */
|
1583 | clientId?: string;
|
1584 | /**
|
1585 | * The path to a file containing a Kubernetes service account token that authenticates the identity.
|
1586 | */
|
1587 | tokenFilePath?: string;
|
1588 | }
|
1589 |
|
1590 | export { }
|
1591 |
|
\ | No newline at end of file |