4.51 kBTypeScriptView Raw
1import type { AccessToken, GetTokenOptions, TokenCredential } from "@azure/core-auth";
2import type { CertificateParts } from "../msal/types.js";
3import type { ClientCertificateCredentialOptions } from "./clientCertificateCredentialOptions.js";
4import type { ClientCertificateCredentialPEMConfiguration, ClientCertificatePEMCertificate, ClientCertificatePEMCertificatePath } from "./clientCertificateCredentialModels.js";
5/**
6 * Enables authentication to Microsoft Entra ID using a PEM-encoded
7 * certificate that is assigned to an App Registration. More information
8 * on how to configure certificate authentication can be found here:
9 *
10 * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
11 *
12 */
13export declare class ClientCertificateCredential implements TokenCredential {
14 private tenantId;
15 private additionallyAllowedTenantIds;
16 private certificateConfiguration;
17 private sendCertificateChain?;
18 private msalClient;
19 /**
20 * Creates an instance of the ClientCertificateCredential with the details
21 * needed to authenticate against Microsoft Entra ID with a certificate.
22 *
23 * @param tenantId - The Microsoft Entra tenant (directory) ID.
24 * @param clientId - The client (application) ID of an App Registration in the tenant.
25 * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
26 * @param options - Options for configuring the client which makes the authentication request.
27 */
28 constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
29 /**
30 * Creates an instance of the ClientCertificateCredential with the details
31 * needed to authenticate against Microsoft Entra ID with a certificate.
32 *
33 * @param tenantId - The Microsoft Entra tenant (directory) ID.
34 * @param clientId - The client (application) ID of an App Registration in the tenant.
35 * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
36 * If the type is ignored, we will throw the value of the path to a PEM certificate.
37 * @param options - Options for configuring the client which makes the authentication request.
38 */
39 constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
40 /**
41 * Creates an instance of the ClientCertificateCredential with the details
42 * needed to authenticate against Microsoft Entra ID with a certificate.
43 *
44 * @param tenantId - The Microsoft Entra tenant (directory) ID.
45 * @param clientId - The client (application) ID of an App Registration in the tenant.
46 * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
47 * If the type is ignored, we will throw the value of the PEM-encoded certificate.
48 * @param options - Options for configuring the client which makes the authentication request.
49 */
50 constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
51 /**
52 * Authenticates with Microsoft Entra ID and returns an access token if successful.
53 * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
54 *
55 * @param scopes - The list of scopes for which the token will have access.
56 * @param options - The options used to configure any requests this
57 * TokenCredential implementation might make.
58 */
59 getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
60 private buildClientCertificate;
61}
62/**
63 * Parses a certificate into its relevant parts
64 *
65 * @param certificateConfiguration - The certificate contents or path to the certificate
66 * @param sendCertificateChain - true if the entire certificate chain should be sent for SNI, false otherwise
67 * @returns The parsed certificate parts and the certificate contents
68 */
69export declare function parseCertificate(certificateConfiguration: ClientCertificateCredentialPEMConfiguration, sendCertificateChain: boolean): Promise<Omit<CertificateParts, "privateKey"> & {
70 certificateContents: string;
71}>;
72//# sourceMappingURL=clientCertificateCredential.d.ts.map
\No newline at end of file