login.d.ts 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448
  1. import * as adal from "adal-node";
  2. import { Environment } from "@azure/ms-rest-azure-env";
  3. import { TokenCredentialsBase } from "./credentials/tokenCredentialsBase";
  4. import { ApplicationTokenCredentials } from "./credentials/applicationTokenCredentials";
  5. import { ApplicationTokenCertificateCredentials } from "./credentials/applicationTokenCertificateCredentials";
  6. import { DeviceTokenCredentials } from "./credentials/deviceTokenCredentials";
  7. import { UserTokenCredentials } from "./credentials/userTokenCredentials";
  8. import { TokenAudience } from "./util/authConstants";
  9. import { LinkedSubscription } from "./subscriptionManagement/subscriptionUtils";
  10. import { MSIVmTokenCredentials, MSIVmOptions } from "./credentials/msiVmTokenCredentials";
  11. import { MSIAppServiceTokenCredentials, MSIAppServiceOptions } from "./credentials/msiAppServiceTokenCredentials";
  12. /**
  13. * @interface AzureTokenCredentialsOptions - Describes optional parameters for serviceprincipal/secret authentication.
  14. */
  15. export interface AzureTokenCredentialsOptions {
  16. /**
  17. * @property {TokenAudience} [tokenAudience] - The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  18. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  19. */
  20. tokenAudience?: TokenAudience;
  21. /**
  22. * @property {AzureEnvironment} [environment] - The Azure environment to authenticate with.
  23. */
  24. environment?: Environment;
  25. /**
  26. * @property {TokenCache} [tokenCache] - The token cache. Default value is MemoryCache from adal.
  27. */
  28. tokenCache?: adal.TokenCache;
  29. }
  30. /**
  31. * @interface LoginWithUsernamePasswordOptions - Describes optional parameters for username/password authentication.
  32. */
  33. export interface LoginWithUsernamePasswordOptions extends AzureTokenCredentialsOptions {
  34. /**
  35. * @property {string} [clientId] - The active directory application client id.
  36. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  37. * for an example.
  38. */
  39. clientId?: string;
  40. /**
  41. * @property {string} [domain] - The domain or tenant id containing this application. Default value is "common".
  42. */
  43. domain?: string;
  44. }
  45. /**
  46. * @interface InteractiveLoginOptions - Describes optional parameters for interactive authentication.
  47. */
  48. export interface InteractiveLoginOptions extends LoginWithUsernamePasswordOptions {
  49. /**
  50. * @property {object|function} [userCodeResponseLogger] A logger that logs the user code response message required for interactive login. When
  51. * this option is specified the usercode response message will not be logged to console.
  52. */
  53. userCodeResponseLogger?: any;
  54. /**
  55. * @property {string} [language] The language code specifying how the message should be localized to. Default value "en-us".
  56. */
  57. language?: string;
  58. }
  59. /**
  60. * @interface AuthResponse - Describes the authentication response.
  61. */
  62. export interface AuthResponse {
  63. /**
  64. * @property {TokenCredentialsBase} credentials - The credentials object.
  65. */
  66. credentials: TokenCredentialsBase;
  67. /**
  68. * @property {Array<LinkedSubscription>} [subscriptions] List of associated subscriptions.
  69. */
  70. subscriptions?: LinkedSubscription[];
  71. }
  72. /**
  73. * @interface LoginWithAuthFileOptions - Describes optional parameters for login withAuthFile.
  74. */
  75. export interface LoginWithAuthFileOptions {
  76. /**
  77. * @property {string} [filePath] - Absolute file path to the auth file. If not provided
  78. * then please set the environment variable AZURE_AUTH_LOCATION.
  79. */
  80. filePath?: string;
  81. /**
  82. * @property {string} [subscriptionEnvVariableName] - The subscriptionId environment variable
  83. * name. Default is "AZURE_SUBSCRIPTION_ID".
  84. */
  85. subscriptionEnvVariableName?: string;
  86. }
  87. /**
  88. * Generic callback type definition.
  89. *
  90. * @property {Error} error - The error occurred if any, while executing the request; otherwise undefined
  91. * @property {TResult} result - Result when call was successful.
  92. */
  93. export declare type Callback<TResult> = (error?: Error, result?: TResult) => void;
  94. /**
  95. * Provides a UserTokenCredentials object and the list of subscriptions associated with that userId across all the applicable tenants.
  96. * This method is applicable only for organizational ids that are not 2FA enabled otherwise please use interactive login.
  97. *
  98. * @param {string} username The user name for the Organization Id account.
  99. * @param {string} password The password for the Organization Id account.
  100. * @param {object} [options] Object representing optional parameters.
  101. * @param {string} [options.clientId] The active directory application client id.
  102. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  103. * for an example.
  104. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  105. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  106. * @param {string} [options.domain] The domain or tenant id containing this application. Default value "common".
  107. * @param {Environment} [options.environment] The azure environment to authenticate with.
  108. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  109. *
  110. * @returns {Promise<AuthResponse>} A Promise that resolves to AuthResponse that contains "credentials" and optional "subscriptions" array and rejects with an Error.
  111. */
  112. export declare function withUsernamePasswordWithAuthResponse(username: string, password: string, options?: LoginWithUsernamePasswordOptions): Promise<AuthResponse>;
  113. /**
  114. * Provides an ApplicationTokenCredentials object and the list of subscriptions associated with that servicePrinicpalId/clientId across all the applicable tenants.
  115. *
  116. * @param {string} clientId The active directory application client id also known as the SPN (ServicePrincipal Name).
  117. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  118. * for an example.
  119. * @param {string} secret The application secret for the service principal.
  120. * @param {string} domain The domain or tenant id containing this application.
  121. * @param {object} [options] Object representing optional parameters.
  122. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  123. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  124. * @param {Environment} [options.environment] The azure environment to authenticate with.
  125. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  126. *
  127. * @returns {Promise<AuthResponse>} A Promise that resolves to AuthResponse that contains "credentials" and optional "subscriptions" array and rejects with an Error.
  128. */
  129. export declare function withServicePrincipalSecretWithAuthResponse(clientId: string, secret: string, domain: string, options?: AzureTokenCredentialsOptions): Promise<AuthResponse>;
  130. /**
  131. * Provides an ApplicationTokenCertificateCredentials object and the list of subscriptions associated with that servicePrinicpalId/clientId across all the applicable tenants.
  132. *
  133. * @param {string} clientId The active directory application client id also known as the SPN (ServicePrincipal Name).
  134. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  135. * for an example.
  136. * @param {string} certificateStringOrFilePath A PEM encoded certificate and private key OR an absolute filepath to the .pem file containing that information. For example:
  137. * - CertificateString: "-----BEGIN PRIVATE KEY-----\n<xxxxx>\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\n<yyyyy>\n-----END CERTIFICATE-----\n"
  138. * - CertificateFilePath: **Absolute** file path of the .pem file.
  139. * @param {string} domain The domain or tenant id containing this application.
  140. * @param {object} [options] Object representing optional parameters.
  141. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  142. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  143. * @param {Environment} [options.environment] The azure environment to authenticate with.
  144. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  145. *
  146. * @returns {Promise<AuthResponse>} A Promise that resolves to AuthResponse that contains "credentials" and optional "subscriptions" array and rejects with an Error.
  147. */
  148. export declare function withServicePrincipalCertificateWithAuthResponse(clientId: string, certificateStringOrFilePath: string, domain: string, options?: AzureTokenCredentialsOptions): Promise<AuthResponse>;
  149. /**
  150. * Before using this method please install az cli from https://github.com/Azure/azure-cli/releases. Then execute `az ad sp create-for-rbac --sdk-auth > ${yourFilename.json}`.
  151. * If you want to create the sp for a different cloud/environment then please execute:
  152. * 1. az cloud list
  153. * 2. az cloud set –n <name of the environment>
  154. * 3. az ad sp create-for-rbac --sdk-auth > auth.json // create sp with secret
  155. * **OR**
  156. * 3. az ad sp create-for-rbac --create-cert --sdk-auth > auth.json // create sp with certificate
  157. * If the service principal is already created then login with service principal info:
  158. * 4. az login --service-principal -u <clientId> -p <clientSecret> -t <tenantId>
  159. * 5. az account show --sdk-auth > auth.json
  160. *
  161. * Authenticates using the service principal information provided in the auth file. This method will set
  162. * the subscriptionId from the auth file to the user provided environment variable in the options
  163. * parameter or the default "AZURE_SUBSCRIPTION_ID".
  164. *
  165. * @param {object} [options] - Optional parameters
  166. * @param {string} [options.filePath] - Absolute file path to the auth file. If not provided
  167. * then please set the environment variable AZURE_AUTH_LOCATION.
  168. * @param {string} [options.subscriptionEnvVariableName] - The subscriptionId environment variable
  169. * name. Default is "AZURE_SUBSCRIPTION_ID".
  170. * @param {function} [optionalCallback] The optional callback.
  171. *
  172. * @returns {Promise<AuthResponse>} A Promise that resolves to AuthResponse that contains "credentials" and optional "subscriptions" array and rejects with an Error.
  173. */
  174. export declare function withAuthFileWithAuthResponse(options?: LoginWithAuthFileOptions): Promise<AuthResponse>;
  175. /**
  176. * Provides a url and code that needs to be copy and pasted in a browser and authenticated over there. If successful, the user will get a
  177. * DeviceTokenCredentials object and the list of subscriptions associated with that userId across all the applicable tenants.
  178. *
  179. * @param {object} [options] Object representing optional parameters.
  180. *
  181. * @param {string} [options.clientId] The active directory application client id.
  182. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  183. * for an example.
  184. *
  185. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid value is "graph".If tokenAudience is provided
  186. * then domain should also be provided its value should not be the default "common" tenant. It must be a string (preferrably in a guid format).
  187. *
  188. * @param {string} [options.domain] The domain or tenant id containing this application. Default value is "common".
  189. *
  190. * @param {Environment} [options.environment] The azure environment to authenticate with. Default environment is "Public Azure".
  191. *
  192. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  193. *
  194. * @param {object} [options.language] The language code specifying how the message should be localized to. Default value "en-us".
  195. *
  196. * @param {object|function} [options.userCodeResponseLogger] A logger that logs the user code response message required for interactive login. When
  197. * this option is specified the usercode response message will not be logged to console.
  198. *
  199. * @param {function} [optionalCallback] The optional callback.
  200. *
  201. * @returns {Promise<AuthResponse>} A Promise that resolves to AuthResponse that contains "credentials" and optional "subscriptions" array and rejects with an Error.
  202. */
  203. export declare function withInteractiveWithAuthResponse(options?: InteractiveLoginOptions): Promise<AuthResponse>;
  204. /**
  205. * Before using this method please install az cli from https://github.com/Azure/azure-cli/releases. Then execute `az ad sp create-for-rbac --sdk-auth > ${yourFilename.json}`.
  206. * If you want to create the sp for a different cloud/environment then please execute:
  207. * 1. az cloud list
  208. * 2. az cloud set –n <name of the environment>
  209. * 3. az ad sp create-for-rbac --sdk-auth > auth.json // create sp with secret
  210. * **OR**
  211. * 3. az ad sp create-for-rbac --create-cert --sdk-auth > auth.json // create sp with certificate
  212. * If the service principal is already created then login with service principal info:
  213. * 4. az login --service-principal -u <clientId> -p <clientSecret> -t <tenantId>
  214. * 5. az account show --sdk-auth > auth.json
  215. *
  216. * Authenticates using the service principal information provided in the auth file. This method will set
  217. * the subscriptionId from the auth file to the user provided environment variable in the options
  218. * parameter or the default "AZURE_SUBSCRIPTION_ID".
  219. *
  220. * @param {object} [options] - Optional parameters
  221. * @param {string} [options.filePath] - Absolute file path to the auth file. If not provided
  222. * then please set the environment variable AZURE_AUTH_LOCATION.
  223. * @param {string} [options.subscriptionEnvVariableName] - The subscriptionId environment variable
  224. * name. Default is "AZURE_SUBSCRIPTION_ID".
  225. * @param {function} [optionalCallback] The optional callback.
  226. *
  227. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  228. *
  229. * {function} optionalCallback(err, credentials)
  230. * {Error} [err] - The Error object if an error occurred, null otherwise.
  231. * {ApplicationTokenCredentials} [credentials] - The ApplicationTokenCredentials object.
  232. * {Array} [subscriptions] - List of associated subscriptions across all the applicable tenants.
  233. * {Promise} A promise is returned.
  234. * @resolve {ApplicationTokenCredentials} The ApplicationTokenCredentials object.
  235. * @reject {Error} - The error object.
  236. */
  237. export declare function withAuthFile(): Promise<TokenCredentialsBase>;
  238. export declare function withAuthFile(options: LoginWithAuthFileOptions): Promise<TokenCredentialsBase>;
  239. export declare function withAuthFile(options: LoginWithAuthFileOptions, callback: {
  240. (err: Error, credentials: ApplicationTokenCredentials, subscriptions: Array<LinkedSubscription>): void;
  241. }): void;
  242. export declare function withAuthFile(callback: any): void;
  243. /**
  244. * Provides a url and code that needs to be copy and pasted in a browser and authenticated over there. If successful, the user will get a
  245. * DeviceTokenCredentials object and the list of subscriptions associated with that userId across all the applicable tenants.
  246. *
  247. * @param {object} [options] Object representing optional parameters.
  248. * @param {string} [options.clientId] The active directory application client id.
  249. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  250. * for an example.
  251. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid value is "graph".If tokenAudience is provided
  252. * then domain should also be provided its value should not be the default "common" tenant. It must be a string (preferrably in a guid format).
  253. * @param {string} [options.domain] The domain or tenant id containing this application. Default value is "common".
  254. * @param {Environment} [options.environment] The azure environment to authenticate with. Default environment is "Public Azure".
  255. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  256. * @param {object} [options.language] The language code specifying how the message should be localized to. Default value "en-us".
  257. * @param {object|function} [options.userCodeResponseLogger] A logger that logs the user code response message required for interactive login. When
  258. * this option is specified the usercode response message will not be logged to console.
  259. * @param {function} [optionalCallback] The optional callback.
  260. *
  261. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  262. *
  263. * {function} optionalCallback(err, credentials)
  264. * {Error} [err] - The Error object if an error occurred, null otherwise.
  265. * {DeviceTokenCredentials} [credentials] - The DeviceTokenCredentials object.
  266. * {Array} [subscriptions] - List of associated subscriptions across all the applicable tenants.
  267. * {Promise} A promise is returned.
  268. * @resolve {DeviceTokenCredentials} The DeviceTokenCredentials object.
  269. * @reject {Error} - The error object.
  270. */
  271. export declare function interactive(): Promise<DeviceTokenCredentials>;
  272. export declare function interactive(options: InteractiveLoginOptions): Promise<DeviceTokenCredentials>;
  273. export declare function interactive(options: InteractiveLoginOptions, callback: {
  274. (err: Error, credentials: DeviceTokenCredentials, subscriptions: Array<LinkedSubscription>): void;
  275. }): void;
  276. export declare function interactive(callback: any): void;
  277. /**
  278. * Provides an ApplicationTokenCredentials object and the list of subscriptions associated with that servicePrinicpalId/clientId across all the applicable tenants.
  279. *
  280. * @param {string} clientId The active directory application client id also known as the SPN (ServicePrincipal Name).
  281. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  282. * for an example.
  283. * @param {string} secret The application secret for the service principal.
  284. * @param {string} domain The domain or tenant id containing this application.
  285. * @param {object} [options] Object representing optional parameters.
  286. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  287. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  288. * @param {Environment} [options.environment] The azure environment to authenticate with.
  289. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  290. * @param {function} [optionalCallback] The optional callback.
  291. *
  292. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  293. *
  294. * {function} optionalCallback(err, credentials)
  295. * {Error} [err] - The Error object if an error occurred, null otherwise.
  296. * {ApplicationTokenCredentials} [credentials] - The ApplicationTokenCredentials object.
  297. * {Array} [subscriptions] - List of associated subscriptions across all the applicable tenants.
  298. * {Promise} A promise is returned.
  299. * @resolve {ApplicationTokenCredentials} The ApplicationTokenCredentials object.
  300. * @reject {Error} - The error object.
  301. */
  302. export declare function withServicePrincipalSecret(clientId: string, secret: string, domain: string): Promise<ApplicationTokenCredentials>;
  303. export declare function withServicePrincipalSecret(clientId: string, secret: string, domain: string, options: AzureTokenCredentialsOptions): Promise<ApplicationTokenCredentials>;
  304. export declare function withServicePrincipalSecret(clientId: string, secret: string, domain: string, options: AzureTokenCredentialsOptions, callback: {
  305. (err: Error, credentials: ApplicationTokenCredentials, subscriptions: Array<LinkedSubscription>): void;
  306. }): void;
  307. export declare function withServicePrincipalSecret(clientId: string, secret: string, domain: string, callback: any): void;
  308. /**
  309. * Provides an ApplicationTokenCertificateCredentials object and the list of subscriptions associated with that servicePrinicpalId/clientId across all the applicable tenants.
  310. *
  311. * @param {string} clientId The active directory application client id also known as the SPN (ServicePrincipal Name).
  312. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  313. * for an example.
  314. * @param {string} certificateStringOrFilePath A PEM encoded certificate and private key OR an absolute filepath to the .pem file containing that information. For example:
  315. * - CertificateString: "-----BEGIN PRIVATE KEY-----\n<xxxxx>\n-----END PRIVATE KEY-----\n-----BEGIN CERTIFICATE-----\n<yyyyy>\n-----END CERTIFICATE-----\n"
  316. * - CertificateFilePath: **Absolute** file path of the .pem file.
  317. * @param {string} domain The domain or tenant id containing this application.
  318. * @param {object} [options] Object representing optional parameters.
  319. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  320. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  321. * @param {Environment} [options.environment] The azure environment to authenticate with.
  322. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  323. * @param {function} [optionalCallback] The optional callback.
  324. *
  325. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  326. *
  327. * {function} optionalCallback(err, credentials)
  328. * {Error} [err] - The Error object if an error occurred, null otherwise.
  329. * {ApplicationTokenCertificateCredentials} [credentials] - The ApplicationTokenCertificateCredentials object.
  330. * {Array} [subscriptions] - List of associated subscriptions across all the applicable tenants.
  331. * {Promise} A promise is returned.
  332. * @resolve {ApplicationTokenCertificateCredentials} The ApplicationTokenCertificateCredentials object.
  333. * @reject {Error} - The error object.
  334. */
  335. export declare function withServicePrincipalCertificate(clientId: string, certificateStringOrFilePath: string, domain: string): Promise<ApplicationTokenCertificateCredentials>;
  336. export declare function withServicePrincipalCertificate(clientId: string, certificateStringOrFilePath: string, domain: string, options: AzureTokenCredentialsOptions): Promise<ApplicationTokenCredentials>;
  337. export declare function withServicePrincipalCertificate(clientId: string, certificateStringOrFilePath: string, domain: string, options: AzureTokenCredentialsOptions, callback: {
  338. (err: Error, credentials: ApplicationTokenCertificateCredentials, subscriptions: Array<LinkedSubscription>): void;
  339. }): void;
  340. export declare function withServicePrincipalCertificate(clientId: string, certificateStringOrFilePath: string, domain: string, callback: any): void;
  341. /**
  342. * Provides a UserTokenCredentials object and the list of subscriptions associated with that userId across all the applicable tenants.
  343. * This method is applicable only for organizational ids that are not 2FA enabled otherwise please use interactive login.
  344. *
  345. * @param {string} username The user name for the Organization Id account.
  346. * @param {string} password The password for the Organization Id account.
  347. * @param {object} [options] Object representing optional parameters.
  348. * @param {string} [options.clientId] The active directory application client id.
  349. * See {@link https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-dotnet/ Active Directory Quickstart for .Net}
  350. * for an example.
  351. * @param {string} [options.tokenAudience] The audience for which the token is requested. Valid values are 'graph', 'batch', or any other resource like 'https://vault.azure.net/'.
  352. * If tokenAudience is 'graph' then domain should also be provided and its value should not be the default 'common' tenant. It must be a string (preferrably in a guid format).
  353. * @param {string} [options.domain] The domain or tenant id containing this application. Default value "common".
  354. * @param {Environment} [options.environment] The azure environment to authenticate with.
  355. * @param {object} [options.tokenCache] The token cache. Default value is the MemoryCache object from adal.
  356. * @param {function} [optionalCallback] The optional callback.
  357. *
  358. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  359. *
  360. * {function} optionalCallback(err, credentials)
  361. * {Error} [err] - The Error object if an error occurred, null otherwise.
  362. * {UserTokenCredentials} [credentials] - The UserTokenCredentials object.
  363. * {Array} [subscriptions] - List of associated subscriptions across all the applicable tenants.
  364. * {Promise} A promise is returned.
  365. * @resolve {UserTokenCredentials} The UserTokenCredentials object.
  366. * @reject {Error} - The error object.
  367. */
  368. export declare function withUsernamePassword(username: string, password: string): Promise<UserTokenCredentials>;
  369. export declare function withUsernamePassword(username: string, password: string, options: LoginWithUsernamePasswordOptions): Promise<UserTokenCredentials>;
  370. export declare function withUsernamePassword(username: string, password: string, callback: any): void;
  371. export declare function withUsernamePassword(username: string, password: string, options: LoginWithUsernamePasswordOptions, callback: {
  372. (err: Error, credentials: UserTokenCredentials, subscriptions: Array<LinkedSubscription>): void;
  373. }): void;
  374. /**
  375. * Before using this method please install az cli from https://github.com/Azure/azure-cli/releases.
  376. * If you have an Azure virtual machine provisioned with az cli and has MSI enabled,
  377. * you can then use this method to get auth tokens from the VM.
  378. *
  379. * To create a new VM, enable MSI, please execute this command:
  380. * az vm create -g <resource_group_name> -n <vm_name> --assign-identity --image <os_image_name>
  381. * Note: the above command enables a service endpoint on the host, with a default port 50342
  382. *
  383. * To enable MSI on a already provisioned VM, execute the following command:
  384. * az vm --assign-identity -g <resource_group_name> -n <vm_name> --port <custom_port_number>
  385. *
  386. * To know more about this command, please execute:
  387. * az vm --assign-identity -h
  388. *
  389. * Authenticates using the identity service running on an Azure virtual machine.
  390. * This method makes a request to the authentication service hosted on the VM
  391. * and gets back an access token.
  392. *
  393. * @param {object} [options] - Optional parameters
  394. * @param {string} [options.port] - port on which the MSI service is running on the host VM. Default port is 50342
  395. * @param {string} [options.resource] - The resource uri or token audience for which the token is needed.
  396. * For e.g. it can be:
  397. * - resourcemanagement endpoint "https://management.azure.com/"(default)
  398. * - management endpoint "https://management.core.windows.net/"
  399. * @param {function} [optionalCallback] The optional callback.
  400. *
  401. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  402. *
  403. * {function} optionalCallback(err, credentials)
  404. * {Error} [err] - The Error object if an error occurred, null otherwise.
  405. * {object} [tokenResponse] - The tokenResponse (tokenType and accessToken are the two important properties)
  406. * {Promise} A promise is returned.
  407. * @resolve {object} - tokenResponse.
  408. * @reject {Error} - error object.
  409. */
  410. export declare function loginWithVmMSI(): Promise<MSIVmTokenCredentials>;
  411. export declare function loginWithVmMSI(options: MSIVmOptions): Promise<MSIVmTokenCredentials>;
  412. export declare function loginWithVmMSI(options: MSIVmOptions, callback: Callback<MSIVmTokenCredentials>): void;
  413. export declare function loginWithVmMSI(callback: Callback<MSIVmTokenCredentials>): void;
  414. /**
  415. * Authenticate using the App Service MSI.
  416. * @param {object} [options] - Optional parameters
  417. * @param {string} [options.msiEndpoint] - The local URL from which your app can request tokens.
  418. * Either provide this parameter or set the environment variable `MSI_ENDPOINT`.
  419. * For example: `MSI_ENDPOINT="http://127.0.0.1:41741/MSI/token/"`
  420. * @param {string} [options.msiSecret] - The secret used in communication between your code and the local MSI agent.
  421. * Either provide this parameter or set the environment variable `MSI_SECRET`.
  422. * For example: `MSI_SECRET="69418689F1E342DD946CB82994CDA3CB"`
  423. * @param {string} [options.resource] - The resource uri or token audience for which the token is needed.
  424. * For example, it can be:
  425. * - resourcemanagement endpoint "https://management.azure.com/"(default)
  426. * - management endpoint "https://management.core.windows.net/"
  427. * @param {string} [options.msiApiVersion] - The api-version of the local MSI agent. Default value is "2017-09-01".
  428. * @param {function} [optionalCallback] - The optional callback.
  429. * @returns {function | Promise} If a callback was passed as the last parameter then it returns the callback else returns a Promise.
  430. *
  431. * {function} optionalCallback(err, credentials)
  432. * {Error} [err] - The Error object if an error occurred, null otherwise.
  433. * {object} [tokenResponse] - The tokenResponse (tokenType and accessToken are the two important properties)
  434. * {Promise} A promise is returned.
  435. * @resolve {object} - tokenResponse.
  436. * @reject {Error} - error object.
  437. */
  438. export declare function loginWithAppServiceMSI(): Promise<MSIAppServiceTokenCredentials>;
  439. export declare function loginWithAppServiceMSI(options: MSIAppServiceOptions): Promise<MSIAppServiceTokenCredentials>;
  440. export declare function loginWithAppServiceMSI(options: MSIAppServiceOptions, callback: Callback<MSIAppServiceTokenCredentials>): void;
  441. export declare function loginWithAppServiceMSI(callback: Callback<MSIAppServiceTokenCredentials>): void;
  442. /**
  443. * Executes the azure cli command and returns the result. It will be `undefined` if the command did
  444. * not return anything or a `JSON object` if the command did return something.
  445. * @param cmd The az cli command to execute.
  446. */
  447. export declare function execAz(cmd: string): Promise<any>;
  448. //# sourceMappingURL=login.d.ts.map