adal.d.ts 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438
  1. import * as http from "http";
  2. /**
  3. * Describes the available logging levels.
  4. * ERROR: 0,
  5. * WARN: 1,
  6. * INFO: 2,
  7. * VERBOSE: 3
  8. * @type {number}
  9. */
  10. export type LoggingLevel = 0 | 1 | 2 | 3;
  11. /**
  12. * @callback LoggingCallback
  13. * @memberOf Logging
  14. * @param {LoggingLevel} level The level of this log entry.
  15. * @param {string} message The text content of the log entry.
  16. * @param {Error} [error] An Error object if this is an {@link Logging.LOGGING_LEVEL.ERROR|ERROR} level log entry.
  17. */
  18. type LoggingCallback = (level: LoggingLevel, message: string, error?: Error) => void;
  19. /**
  20. * @typedef LoggingOptions
  21. * @memberOf Logging
  22. * @property {LoggingCallback} [log] The function to call when ADAL generates a log entry.
  23. * @property {LoggingLevel} [level] The maximum level of log entries to generate.
  24. * @property {boolean} [loggingWithPII] This value indicts if personal identity related information such as token and claims should be logged. The default value is false.
  25. */
  26. interface LoggingOptions {
  27. log?: LoggingCallback;
  28. level?: LoggingLevel;
  29. loggingWithPII?: boolean;
  30. }
  31. export class Logging {
  32. /**
  33. * @property {LoggingLevel} LOGGING_LEVEL Provides information about the logging levels.
  34. * ERROR: 0,
  35. * WARN: 1,
  36. * INFO: 2,
  37. * VERBOSE: 3
  38. */
  39. static LOGGING_LEVEL: LoggingLevel;
  40. /**
  41. * Sets global logging options for ADAL.
  42. * @param {LoggingOptions} options
  43. */
  44. static setLoggingOptions(options: LoggingOptions): void;
  45. /**
  46. * Get's the current global logging options.
  47. * @return {LoggingOptions}
  48. */
  49. static getLoggingOptions(): LoggingOptions;
  50. }
  51. export function setGlobalADALOptions(): any; // TODO
  52. export function getGlobalADALOptions(): any; // TODO
  53. /**
  54. * Contains tokens and metadata upon successful completion of an acquireToken call.
  55. * @typedef TokenResponse
  56. */
  57. export interface TokenResponse {
  58. /**
  59. * @property {string} tokenType The type of token returned. Example 'Bearer'.
  60. */
  61. tokenType: string;
  62. /**
  63. * @property {int} expiresIn The amount of time, in seconds, for which the token is valid.
  64. */
  65. expiresIn: number;
  66. /**
  67. * @property {Date} expiresOn The Date on which the access token expires.
  68. */
  69. expiresOn: Date | string;
  70. /**
  71. * @property {string} resource The resource for which the token was requested for. Example: 'https://management.core.windows.net/'.
  72. */
  73. resource: string;
  74. /**
  75. * @property {string} accessToken The returned access token.
  76. */
  77. accessToken: string;
  78. /**
  79. * @property {string} [refreshToken] A refresh token.
  80. */
  81. refreshToken?: string;
  82. /**
  83. * @property {Date} [createdOn] The date on which the access token was created.
  84. */
  85. createdOn?: Date | string;
  86. /**
  87. * @property {string} [userId] An id for the user. May be a displayable value if is_user_id_displayable is true.
  88. */
  89. userId?: string;
  90. /**
  91. * @property {boolean} [isUserIdDisplayable] Indicates whether the user_id property will be meaningful if displayed to a user.
  92. */
  93. isUserIdDisplayable?: boolean;
  94. /**
  95. * @property {string} [tenantId] The identifier of the tenant under which the access token was issued.
  96. */
  97. tenantId?: string;
  98. /**
  99. * @property {string} [oid] The object id of the user in the tenant
  100. */
  101. oid?: string;
  102. /**
  103. * @property {string} [givenName] The given name of the principal represented by the access token.
  104. */
  105. givenName?: string;
  106. /**
  107. * @property {string} [familyName] The family name of the principal represented by the access token.
  108. */
  109. familyName?: string;
  110. /**
  111. * @property {string} [identityProvider] Identifies the identity provider that issued the access token.
  112. */
  113. identityProvider?: string;
  114. /**
  115. * @property {any} [error] Provides information about error if any.
  116. */
  117. error?: any;
  118. /**
  119. * @property {any} [errorDescription] Short description about error if any.
  120. */
  121. errorDescription?: any;
  122. [x: string]: any;
  123. }
  124. /**
  125. * This will be returned in case the OAuth 2 service returns an error.
  126. * @typedef ErrorResponse
  127. * @property {string} [error] A server error.
  128. * @property {string} [errorDescription] A description of the error returned.
  129. */
  130. export interface ErrorResponse {
  131. error: string;
  132. errorDescription: string;
  133. }
  134. /**
  135. * This is the callback that is passed to all acquireToken variants below.
  136. * @callback AcquireTokenCallback
  137. * @param {Error} [error] If the request fails this parameter will contain an Error object.
  138. * @param {TokenResponse|ErrorResponse} [response] On a succesful request returns a {@link TokenResposne}.
  139. */
  140. export type AcquireTokenCallback = (error: Error, response: TokenResponse | ErrorResponse) => void;
  141. /**
  142. * This is the callback that is passed to all acquireUserCode method below.
  143. * @callback AcquireTokenCallback
  144. * @param {Error} [error] If the request fails this parameter will contain an Error object.
  145. * @param {UserCodeInfo} [response] On a succesful request returns a {@link UserCodeInfo}.
  146. */
  147. export type AcquireUserCodeCallback = (error: Error, response: UserCodeInfo) => void;
  148. /**
  149. * This is an interface that can be implemented to provide custom token cache persistence.
  150. * @public
  151. * @interface TokenCache
  152. */
  153. export interface TokenCache {
  154. /**
  155. * Removes a collection of entries from the cache in a single batch operation.
  156. * @param {Array} entries An array of cache entries to remove.
  157. * @param {Function} callback This function is called when the operation is complete. Any error is provided as the
  158. * first parameter.
  159. */
  160. remove(entires: TokenResponse[], callback: { (err: Error, result: null): void }): void;
  161. /**
  162. * Adds a collection of entries to the cache in a single batch operation.
  163. * @param {Array} entries An array of entries to add to the cache.
  164. * @param {Function} callback This function is called when the operation is complete. Any error is provided as the
  165. * first parameter.
  166. */
  167. add(entries: TokenResponse[], callback: { (err: Error, result: boolean): void }): void;
  168. /**
  169. * Finds all entries in the cache that match all of the passed in values.
  170. * @param {object} query This object will be compared to each entry in the cache. Any entries that
  171. * match all of the values in this object will be returned. All the values
  172. * in the passed in object must match values in a potentialy returned object
  173. * exactly. The returned object may have more values than the passed in query
  174. * object. Please take a look at http://underscorejs.org/#where for an example
  175. * on how to provide query.
  176. * @param {TokenCacheFindCallback} callback
  177. */
  178. find(query: any, callback: { (err: Error, results: any[]): void }): void
  179. }
  180. /**
  181. * @class MemoryCache - Describes the in memory implementation of the token cache.
  182. */
  183. export class MemoryCache implements TokenCache {
  184. /**
  185. * @private
  186. * @property {Array<TokenResponse>} _entries An array of entries in the TokenCache.
  187. */
  188. private _entries: TokenResponse[];
  189. /**
  190. * @constructor Creates an instance of MemoryCache
  191. */
  192. constructor();
  193. /**
  194. * Removes a collection of entries from the cache in a single batch operation.
  195. * @param {Array} entries An array of cache entries to remove.
  196. * @param {Function} callback This function is called when the operation is complete. Any error is provided as the
  197. * first parameter.
  198. */
  199. remove(entires: TokenResponse[], callback: { (err: Error, result: null): void }): void;
  200. /**
  201. * Adds a collection of entries to the cache in a single batch operation.
  202. * @param {Array} entries An array of entries to add to the cache.
  203. * @param {Function} callback This function is called when the operation is complete. Any error is provided as the
  204. * first parameter.
  205. */
  206. add(entries: TokenResponse[], callback: { (err: Error, result: boolean): void }): void;
  207. /**
  208. * Finds all entries in the cache that match all of the passed in values.
  209. * @param {object} query This object will be compared to each entry in the cache. Any entries that
  210. * match all of the values in this object will be returned. All the values
  211. * in the passed in object must match values in a potentialy returned object
  212. * exactly. The returned object may have more values than the passed in query
  213. * object. Please take a look at http://underscorejs.org/#where for an example
  214. * on how to provide query.
  215. * @param {TokenCacheFindCallback} callback
  216. */
  217. find(query: any, callback: { (err: Error, results: any[]): void }): void
  218. }
  219. export class AuthenticationContext {
  220. /**
  221. * @property {string} authority A URL that identifies a token authority.
  222. */
  223. public authority: string;
  224. /**
  225. * @property {string} correlationId The correlation id that will be used for the next acquireToken request.
  226. */
  227. public correlationId: string;
  228. /**
  229. * @property {any} options Options that are applied to requests generated by this AuthenticationContext instance.
  230. */
  231. public options: any;
  232. /**
  233. * @property {TokenCache} cache The token cache used by this AuthenticationContext instance
  234. */
  235. public cache: TokenCache;
  236. /**
  237. * Creates a new AuthenticationContext object. By default the authority will be checked against
  238. * a list of known Azure Active Directory authorities. If the authority is not recognized as
  239. * one of these well known authorities then token acquisition will fail. This behavior can be
  240. * turned off via the validateAuthority parameter below.
  241. * @constructor
  242. * @param {string} authority A URL that identifies a token authority.
  243. * @param {bool} [validateAuthority] Turns authority validation on or off. This parameter default to true.
  244. * @param {TokenCache} [cache] Sets the token cache used by this AuthenticationContext instance. If this parameter is not set
  245. * then a default, in memory cache is used. The default in memory cache is global to the process and is
  246. * shared by all AuthenticationContexts that are created with an empty cache parameter. To control the
  247. * scope and lifetime of a cache you can either create a {@link MemoryCache} instance and pass it when
  248. * constructing an AuthenticationContext or implement a custom {@link TokenCache} and pass that. Cache
  249. * instances passed at AuthenticationContext construction time are only used by that instance of
  250. * the AuthenticationContext and are not shared unless it has been manually passed during the
  251. * construction of other AuthenticationContexts.
  252. *
  253. */
  254. constructor(authority: string, validateAuthority?: boolean, cache?: TokenCache);
  255. /**
  256. * Gets a token for a given resource.
  257. * @param {string} resource A URI that identifies the resource for which the token is valid.
  258. * @param {string} clientId The OAuth client id of the calling application.
  259. * @param {string} clientSecret The OAuth client secret of the calling application.
  260. * @param {AcquireTokenCallback} callback The callback function.
  261. */
  262. public acquireTokenWithClientCredentials(resource: string, clientId: string, clientSecret: string, callback: AcquireTokenCallback): void;
  263. /**
  264. * Gets a token for a given resource.
  265. * @param {string} resource A URI that identifies the resource for which the token is valid.
  266. * @param {string} username The username of the user on behalf this application is authenticating.
  267. * @param {string} password The password of the user named in the username parameter.
  268. * @param {string} clientId The OAuth client id of the calling application.
  269. * @param {AcquireTokenCallback} callback The callback function.
  270. */
  271. public acquireTokenWithUsernamePassword(resource: string, username: string, password: string, clientId: string, callback: AcquireTokenCallback): void;
  272. /**
  273. * Gets a token for a given resource.
  274. * @param {string} authorizationCode An authorization code returned from a client.
  275. * @param {string} redirectUri The redirect uri that was used in the authorize call.
  276. * @param {string} resource A URI that identifies the resource for which the token is valid.
  277. * @param {string} clientId The OAuth client id of the calling application.
  278. * @param {string} clientSecret The OAuth client secret of the calling application.
  279. * @param {AcquireTokenCallback} callback The callback function.
  280. */
  281. public acquireTokenWithAuthorizationCode(authorizationCode: string, redirectUri: string, resource: string, clientId: string, clientSecret: string, callback: AcquireTokenCallback): void;
  282. /**
  283. * Gets a new access token via a previously issued refresh token.
  284. * @param {string} refreshToken A refresh token returned in a tokne response from a previous invocation of acquireToken.
  285. * @param {string} clientId The OAuth client id of the calling application.
  286. * @param {string} [clientSecret] The OAuth client secret of the calling application. (Note: this parameter is a late addition.
  287. * This parameter may be ommitted entirely so that applications built before this change will continue
  288. * to work unchanged.)
  289. * @param {string} resource The OAuth resource for which a token is being request. This parameter is optional and can be set to null.
  290. * @param {AcquireTokenCallback} callback The callback function.
  291. */
  292. public acquireTokenWithRefreshToken(refreshToken: string, clientId: string, resource: string, callback: AcquireTokenCallback): void;
  293. public acquireTokenWithRefreshToken(refreshToken: string, clientId: string, clientSecret: string, resource: string, callback: AcquireTokenCallback): void;
  294. /**
  295. * Gets a token for a given resource.
  296. * @param {string} resource A URI that identifies the resource for which the token is valid.
  297. * @param {string} userId The username of the user on behalf this application is authenticating.
  298. * @param {string} clientId The OAuth client id of the calling application.
  299. * @param {AcquireTokenCallback} callback The callback function.
  300. */
  301. public acquireToken(resource: string, userId: string, clientId: string, callback: AcquireTokenCallback): void
  302. /**
  303. * Gets the userCodeInfo which contains user_code, device_code for authenticating user on device.
  304. * @param {string} resource A URI that identifies the resource for which the device_code and user_code is valid for.
  305. * @param {string} clientId The OAuth client id of the calling application.
  306. * @param {string} language The language code specifying how the message should be localized to.
  307. * @param {AcquireUserCodeCallback} callback The callback function.
  308. */
  309. public acquireUserCode(resource: string, clientId: string, language: string, callback: AcquireUserCodeCallback): void;
  310. /**
  311. * Gets a new access token using via a certificate credential.
  312. * @param {string} resource A URI that identifies the resource for which the token is valid.
  313. * @param {string} clientId The OAuth client id of the calling application.
  314. * @param {string} certificate A PEM encoded certificate private key.
  315. * @param {string} thumbprint A hex encoded thumbprint of the certificate.
  316. * @param {AcquireTokenCallback} callback The callback function.
  317. */
  318. public acquireTokenWithClientCertificate(resource: string, clientId: string, certificate: string, thumbprint: string, callback: AcquireTokenCallback): void;
  319. /**
  320. * Gets a new access token using via a device code.
  321. * @note This method doesn't look up the cache, it only stores the returned token into cache. To look up cache before making a new request,
  322. * please use acquireToken.
  323. * @param {string} clientId The OAuth client id of the calling application.
  324. * @param {object} userCodeInfo Contains device_code, retry interval, and expire time for the request for get the token.
  325. * @param {AcquireTokenCallback} callback The callback function.
  326. */
  327. public acquireTokenWithDeviceCode(resource: string, clientId: string, userCodeInfo: UserCodeInfo, callback: AcquireTokenCallback): void;
  328. /**
  329. * Cancels the polling request to get token with device code.
  330. * @param {object} userCodeInfo Contains device_code, retry interval, and expire time for the request for get the token.
  331. * @param {AcquireTokenCallback} callback The callback function.
  332. */
  333. public cancelRequestToGetTokenWithDeviceCode(userCodeInfo: UserCodeInfo, callback: AcquireTokenCallback): void;
  334. }
  335. /**
  336. * Describes the user code information that is provided by ADAL while authenticating via DeviceCode.
  337. */
  338. export interface UserCodeInfo {
  339. deviceCode: string;
  340. expiresIn: number;
  341. interval: number;
  342. message: string;
  343. userCode: string;
  344. verificationUrl: string;
  345. error?: any;
  346. errorDescription?: any;
  347. [x: string]: any;
  348. }
  349. /**
  350. * Creates a new AuthenticationContext object. By default the authority will be checked against
  351. * a list of known Azure Active Directory authorities. If the authority is not recognized as
  352. * one of these well known authorities then token acquisition will fail. This behavior can be
  353. * turned off via the validateAuthority parameter below.
  354. * @function
  355. * @param {string} authority A URL that identifies a token authority.
  356. * @param {bool} [validateAuthority] Turns authority validation on or off. This parameter default to true.
  357. * @returns {AuthenticationContext} A new authentication context.
  358. */
  359. export function createAuthenticationContext(authority: string, validateAuthority?: boolean): AuthenticationContext;
  360. /**
  361. * @class
  362. * Describes the parameters that are parsed from an OAuth challenge in the www-authenticate header.
  363. */
  364. export class AuthenticationParameters {
  365. authorizationUri: string;
  366. resource: string;
  367. /**
  368. * @constructor Provides an instance of AuthenticationParameters
  369. * @param {string} authorizationUri The URI of an authority that can issues tokens for the resource that issued the challenge.
  370. * @param {string} resource The resource for a which a token should be requested from the authority.
  371. */
  372. constructor(authorizationUri: string, resource: string);
  373. }
  374. /**
  375. * Creates an {@link AuthenticationParameters} object from the contents of a
  376. * www-authenticate header received from a HTTP 401 response from a resource server.
  377. * @param {string} challenge The content fo the www-authenticate header.
  378. * @return {AuthenticationParameters} An AuthenticationParameters object containing the parsed values from the header.
  379. */
  380. export function createAuthenticationParametersFromHeader(challenge: string): AuthenticationParameters;
  381. /**
  382. * Create an {@link AuthenticationParameters} object from a node http.IncomingMessage
  383. * object that was created as a result of a request to a resource server. This function
  384. * expects the response to contain a HTTP 401 error code with a www-authenticate
  385. * header.
  386. * @param {http.IncomingMessage} response A response from a http request to a resource server.
  387. * @return {AuthenticationParameters}
  388. */
  389. export function createAuthenticationParametersFromResponse(response: http.IncomingMessage): AuthenticationParameters;
  390. /**
  391. * Creates an {@link AuthenticationParameters} object by sending a get request
  392. * to the url passed to this function, and parsing the resulting http 401
  393. * response.
  394. * @param {string|url} url The url of a resource server.
  395. * @param {AuthenticationParameters} callback Called on error or request completion.
  396. * @param {string} [correlationId] An optional correlationId to pass along with the request and to include in any logs.
  397. */
  398. export function createAuthenticationParametersFromUrl(url: string, callback: { (error: Error, parameters: AuthenticationParameters): void }, correlationId?: string): AuthenticationParameters;