@azure/identity 2.0.0-beta.6 → 2.0.0

package/types/identity.d.ts

@@ -3,6 +3,7 @@ import { AzureLogger } from '@azure/logger';
 import { CommonClientOptions } from '@azure/core-client';
 import { GetTokenOptions } from '@azure/core-auth';
 import { TokenCredential } from '@azure/core-auth';
+
 export { AccessToken }
 
 /**
@@ -23,38 +24,6 @@ export declare class AggregateAuthenticationError extends Error {
  */
 export declare const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
 
-/**
- * Provides a default {@link ChainedTokenCredential} configuration that should
- * work for most applications that use the Azure SDK.  The following credential
- * types will be tried, in order:
- *
- * - {@link EnvironmentCredential}
- * - {@link ManagedIdentityCredential}
-
- *
- * Consult the documentation of these credential types for more information
- * on how they attempt authentication.
- */
-export declare class ApplicationCredential extends ChainedTokenCredential {
-    /**
-     * Creates an instance of the ApplicationCredential class.
-     *
-     * @param options - Optional parameters. See {@link ApplicationCredentialOptions}.
-     */
-    constructor(options?: ApplicationCredentialOptions);
-}
-
-/**
- * Provides options to configure the {@link ApplicationCredential} class.
- */
-export declare interface ApplicationCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
-    /**
-     * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
-     * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
-     */
-    managedIdentityClientId?: string;
-}
-
 /**
  * Provides details about a failure to authenticate with Azure Active
  * Directory.  The `errorResponse` field contains more details about
@@ -112,18 +81,32 @@ export declare class AuthenticationRequiredError extends Error {
      */
     scopes: string[];
     /**
-     * The options used to configure the getToken request.
+     * The options passed to the getToken request.
      */
-    getTokenOptions: GetTokenOptions;
+    getTokenOptions?: GetTokenOptions;
     constructor(
+    /**
+     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
+     */
+    options: AuthenticationRequiredErrorOptions);
+}
+
+/**
+ * Optional parameters to the {@link AuthenticationRequiredError}
+ */
+export declare interface AuthenticationRequiredErrorOptions {
     /**
      * The list of scopes for which the token will have access.
      */
-    scopes: string[], 
+    scopes: string[];
     /**
-     * The options used to configure the getToken request.
+     * The options passed to the getToken request.
      */
-    getTokenOptions?: GetTokenOptions, message?: string);
+    getTokenOptions?: GetTokenOptions;
+    /**
+     * The message of the error.
+     */
+    message?: string;
 }
 
 /**
@@ -154,10 +137,10 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param clientSecret - A client secret that was generated for the App Registration
      * @param authorizationCode - An authorization code that was received from following the
-                                authorization code flow.  This authorization code must not
-                                have already been used to obtain an access token.
+     authorization code flow.  This authorization code must not
+     have already been used to obtain an access token.
      * @param redirectUri - The redirect URI that was used to request the authorization code.
-                          Must be the same URI that is configured for the App Registration.
+     Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
     constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
@@ -176,10 +159,10 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      *                 'common' may be used when dealing with multi-tenant scenarios.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param authorizationCode - An authorization code that was received from following the
-                                authorization code flow.  This authorization code must not
-                                have already been used to obtain an access token.
+     authorization code flow.  This authorization code must not
+     have already been used to obtain an access token.
      * @param redirectUri - The redirect URI that was used to request the authorization code.
-                          Must be the same URI that is configured for the App Registration.
+     Must be the same URI that is configured for the App Registration.
      * @param options - Options for configuring the client which makes the access token request.
      */
     constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: TokenCredentialOptions);
@@ -221,15 +204,15 @@ export declare enum AzureAuthorityHosts {
  * via the Azure CLI ('az') commandline tool.
  * To do so, it will read the user access token and expire time
  * with Azure CLI command "az account get-access-token".
- * To be able to use this credential, ensure that you have already logged
- * in via the 'az' tool using the command "az login" from the commandline.
  */
 export declare class AzureCliCredential implements TokenCredential {
     private tenantId?;
-    private allowMultiTenantAuthentication?;
     /**
      * Creates an instance of the {@link AzureCliCredential}.
      *
+     * To use this credential, ensure that you have already logged
+     * in via the 'az' tool using the command "az login" from the commandline.
+     *
      * @param options - Options, to optionally allow multi-tenant requests.
      */
     constructor(options?: AzureCliCredentialOptions);
@@ -258,18 +241,17 @@ export declare interface AzureCliCredentialOptions extends TokenCredentialOption
  * This credential will use the currently logged-in user information from the
  * Azure PowerShell module. To do so, it will read the user access token and
  * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
- *
- * To be able to use this credential:
- * - Install the Azure Az PowerShell module with:
- *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
- * - You have already logged in to Azure PowerShell using the command
- * `Connect-AzAccount` from the command line.
  */
 export declare class AzurePowerShellCredential implements TokenCredential {
     private tenantId?;
-    private allowMultiTenantAuthentication?;
     /**
-     * Creates an instance of the {@link AzurePowershellCredential}.
+     * Creates an instance of the {@link AzurePowerShellCredential}.
+     *
+     * To use this credential:
+     * - Install the Azure Az PowerShell module with:
+     *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
+     * - You have already logged in to Azure PowerShell using the command
+     * `Connect-AzAccount` from the command line.
      *
      * @param options - Options, to optionally allow multi-tenant requests.
      */
@@ -286,7 +268,7 @@ export declare class AzurePowerShellCredential implements TokenCredential {
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - The options used to configure any requests this TokenCredential implementation might make.
      */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
 }
 
 /**
@@ -369,6 +351,17 @@ export declare class ClientCertificateCredential implements TokenCredential {
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
+    /**
+     * Creates an instance of the ClientCertificateCredential with the details
+     * needed to authenticate against Azure Active Directory with a certificate.
+     *
+     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param clientId - The client (application) ID of an App Registration in the tenant.
+     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string, or as a path on the filesystem.
+     *                        If the type is ignored, we will throw if both the value of the PEM certificate and the path to a PEM certificate are provided at the same time.
+     * @param options - Options for configuring the client which makes the authentication request.
+     */
+    constructor(tenantId: string, clientId: string, configuration: ClientCertificateCredentialPEMConfiguration, options?: ClientCertificateCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -389,13 +382,30 @@ export declare interface ClientCertificateCredentialOptions extends TokenCredent
      * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
      */
     sendCertificateChain?: boolean;
+}
+
+/**
+ * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
+ */
+export declare type ClientCertificateCredentialPEMConfiguration = {
     /**
-     * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.
-     * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.
-     * If the property is not specified, the credential uses the global authority endpoint.
+     * The PEM-encoded public/private key certificate on the filesystem.
      */
-    regionalAuthority?: string;
-}
+    certificate: string;
+    /**
+     * The PEM-encoded public/private key certificate on the filesystem     should not be provided if `certificate` is provided.
+     */
+    certificatePath?: never;
+} | {
+    /**
+     * The PEM-encoded public/private key certificate on the filesystem should not be provided if `certificatePath` is provided.
+     */
+    certificate?: never;
+    /**
+     * The path to the PEM-encoded public/private key certificate on the filesystem.
+     */
+    certificatePath: string;
+};
 
 /**
  * Enables authentication to Azure Active Directory using a client secret
@@ -433,12 +443,6 @@ export declare class ClientSecretCredential implements TokenCredential {
  * Optional parameters for the {@link ClientSecretCredential} class.
  */
 export declare interface ClientSecretCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
-    /**
-     * Specifies a regional authority. Please refer to the {@link RegionalAuthority} type for the accepted values.
-     * If {@link RegionalAuthority.AutoDiscoverRegion} is specified, we will try to discover the regional authority endpoint.
-     * If the property is not specified, the credential uses the global authority endpoint.
-     */
-    regionalAuthority?: string;
 }
 
 /**
@@ -494,22 +498,26 @@ export declare const CredentialUnavailableErrorName = "CredentialUnavailableErro
 
 /**
  * Provides a default {@link ChainedTokenCredential} configuration that should
- * work for most applications that use the Azure SDK.  The following credential
- * types will be tried, in order:
- *
- * - {@link EnvironmentCredential}
- * - {@link ManagedIdentityCredential}
- * - {@link VisualStudioCodeCredential}
- * - {@link AzureCliCredential}
- * - {@link AzurePowerShellCredential}
- *
- * Consult the documentation of these credential types for more information
- * on how they attempt authentication.
+ * work for most applications that use the Azure SDK.
  */
 export declare class DefaultAzureCredential extends ChainedTokenCredential {
     /**
      * Creates an instance of the DefaultAzureCredential class.
      *
+     * This credential provides a default {@link ChainedTokenCredential} configuration that should
+     * work for most applications that use the Azure SDK.
+     *
+     * The following credential types will be tried, in order:
+     *
+     * - {@link EnvironmentCredential}
+     * - {@link ManagedIdentityCredential}
+     * - {@link VisualStudioCodeCredential}
+     * - {@link AzureCliCredential}
+     * - {@link AzurePowerShellCredential}
+     *
+     * Consult the documentation of these credential types for more information
+     * on how they attempt authentication.
+     *
      * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
      * `@azure/identity-vscode`. If this package is not installed and registered
      * using the plugin API (`useIdentityPlugin`), then authentication using
@@ -523,7 +531,7 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
 /**
  * Provides options to configure the {@link DefaultAzureCredential} class.
  */
-export declare interface DefaultAzureCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface DefaultAzureCredentialOptions extends TokenCredentialOptions {
     /**
      * Optionally pass in a Tenant ID to be used as part of the credential.
      * By default it may use a generic tenant ID depending on the underlying credential.
@@ -568,6 +576,20 @@ export declare class DeviceCodeCredential implements TokenCredential {
      * Creates an instance of DeviceCodeCredential with the details needed
      * to initiate the device code authorization flow with Azure Active Directory.
      *
+     * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
+     *
+     * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
+     *
+     * ```js
+     * const credential = new DeviceCodeCredential({
+     *   tenantId: env.AZURE_TENANT_ID,
+     *   clientId: env.AZURE_CLIENT_ID,
+     *   userPromptCallback: (info) => {
+     *     console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
+     *   }
+     * });
+     * ```
+     *
      * @param options - Options for configuring the client which makes the authentication requests.
      */
     constructor(options?: DeviceCodeCredentialOptions);
@@ -648,23 +670,7 @@ export declare type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo)
 
 /**
  * Enables authentication to Azure Active Directory using client secret
- * details configured in the following environment variables:
- *
- * Required environment variables:
- * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
- * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
- *
- * Environment variables used for client credential authentication:
- * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
- * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
- *
- * Alternatively, users can provide environment variables for username and password authentication:
- * - `AZURE_USERNAME`: Username to authenticate with.
- * - `AZURE_PASSWORD`: Password to authenticate with.
- *
- * This credential ultimately uses a {@link ClientSecretCredential} to
- * perform the authentication using these details.  Please consult the
- * documentation of that class for more details.
+ * details configured in environment variables
  */
 export declare class EnvironmentCredential implements TokenCredential {
     private _credential?;
@@ -702,7 +708,7 @@ export declare class EnvironmentCredential implements TokenCredential {
  * Enables authentication to Azure Active Directory depending on the available environment variables.
  * Defines options for the EnvironmentCredential class.
  */
-export declare interface EnvironmentCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface EnvironmentCredentialOptions extends TokenCredentialOptions {
 }
 
 /**
@@ -744,6 +750,7 @@ export declare interface ErrorResponse {
  * Returns a new instance of the {@link DefaultAzureCredential}.
  */
 export declare function getDefaultAzureCredential(): TokenCredential;
+
 export { GetTokenOptions }
 
 /**
@@ -755,13 +762,6 @@ export declare type IdentityPlugin = (context: unknown) => void;
 /**
  * Enables authentication to Azure Active Directory inside of the web browser
  * using the interactive login flow.
- *
- * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
- * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
- * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
- *
- * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
- * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
  */
 export declare class InteractiveBrowserCredential implements TokenCredential {
     private msalFlow;
@@ -769,9 +769,16 @@ export declare class InteractiveBrowserCredential implements TokenCredential {
     /**
      * Creates an instance of InteractiveBrowserCredential with the details needed.
      *
+     * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
+     * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
+     * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
+     *
+     * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
+     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+     *
      * @param options - Options for configuring the client which makes the authentication requests.
      */
-    constructor(options?: InteractiveBrowserCredentialOptions | InteractiveBrowserCredentialBrowserOptions);
+    constructor(options?: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -804,7 +811,7 @@ export declare class InteractiveBrowserCredential implements TokenCredential {
 /**
  * Defines the common options for the InteractiveBrowserCredential class.
  */
-export declare interface InteractiveBrowserCredentialBrowserOptions extends InteractiveCredentialOptions {
+export declare interface InteractiveBrowserCredentialInBrowserOptions extends InteractiveCredentialOptions {
     /**
      * Gets the redirect URI of the application. This should be same as the value
      * in the application registration portal.  Defaults to `window.location.href`.
@@ -836,7 +843,7 @@ export declare interface InteractiveBrowserCredentialBrowserOptions extends Inte
 /**
  * Defines the common options for the InteractiveBrowserCredential class.
  */
-export declare interface InteractiveBrowserCredentialOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
+export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
     /**
      * Gets the redirect URI of the application. This should be same as the value
      * in the application registration portal.  Defaults to `window.location.href`.
@@ -930,7 +937,6 @@ export declare class ManagedIdentityCredential implements TokenCredential {
  * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
  */
 export declare class OnBehalfOfCredential implements TokenCredential {
-    private configuration;
     private options;
     private msalFlow;
     /**
@@ -952,10 +958,9 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      * await client.getKey("key-name");
      * ```
      *
-     * @param configuration - Configuration specific to this credential.
      * @param options - Optional parameters, generally common across credentials.
      */
-    constructor(configuration: OnBehalfOfCredentialSecretConfiguration | OnBehalfOfCredentialCertificateConfiguration, options?: OnBehalfOfCredentialOptions);
+    constructor(options: OnBehalfOfCredentialOptions);
     /**
      * Authenticates with Azure Active Directory and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
@@ -967,9 +972,9 @@ export declare class OnBehalfOfCredential implements TokenCredential {
 }
 
 /**
- * Defines the configuration parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.
+ * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.
  */
-export declare interface OnBehalfOfCredentialCertificateConfiguration {
+export declare interface OnBehalfOfCredentialCertificateOptions {
     /**
      * The Azure Active Directory tenant (directory) ID.
      */
@@ -991,18 +996,21 @@ export declare interface OnBehalfOfCredentialCertificateConfiguration {
      * The user assertion for the On-Behalf-Of flow.
      */
     userAssertionToken: string;
+    /**
+     * Client secret should not be provided when certificate options are provided.
+     */
+    clientSecret?: never;
 }
 
 /**
  * Optional parameters for the {@link OnBehalfOfCredential} class.
  */
-export declare interface OnBehalfOfCredentialOptions extends TokenCredentialOptions, CredentialPersistenceOptions {
-}
+export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions) & TokenCredentialOptions & CredentialPersistenceOptions;
 
 /**
- * Defines the configuration parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
+ * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
  */
-export declare interface OnBehalfOfCredentialSecretConfiguration {
+export declare interface OnBehalfOfCredentialSecretOptions {
     /**
      * The Azure Active Directory tenant (directory) ID.
      */
@@ -1019,118 +1027,14 @@ export declare interface OnBehalfOfCredentialSecretConfiguration {
      * The user assertion for the On-Behalf-Of flow.
      */
     userAssertionToken: string;
-}
-
-/**
- * Helps specify a regional authority, or "AutoDiscoverRegion" to auto-detect the region.
- */
-export declare enum RegionalAuthority {
-    /** Instructs MSAL to attempt to discover the region */
-    AutoDiscoverRegion = "AutoDiscoverRegion",
-    /** Uses the {@link RegionalAuthority} for the Azure 'westus' region. */
-    USWest = "westus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'westus2' region. */
-    USWest2 = "westus2",
-    /** Uses the {@link RegionalAuthority} for the Azure 'centralus' region. */
-    USCentral = "centralus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastus' region. */
-    USEast = "eastus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastus2' region. */
-    USEast2 = "eastus2",
-    /** Uses the {@link RegionalAuthority} for the Azure 'northcentralus' region. */
-    USNorthCentral = "northcentralus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'southcentralus' region. */
-    USSouthCentral = "southcentralus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'westcentralus' region. */
-    USWestCentral = "westcentralus",
-    /** Uses the {@link RegionalAuthority} for the Azure 'canadacentral' region. */
-    CanadaCentral = "canadacentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'canadaeast' region. */
-    CanadaEast = "canadaeast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'brazilsouth' region. */
-    BrazilSouth = "brazilsouth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'northeurope' region. */
-    EuropeNorth = "northeurope",
-    /** Uses the {@link RegionalAuthority} for the Azure 'westeurope' region. */
-    EuropeWest = "westeurope",
-    /** Uses the {@link RegionalAuthority} for the Azure 'uksouth' region. */
-    UKSouth = "uksouth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'ukwest' region. */
-    UKWest = "ukwest",
-    /** Uses the {@link RegionalAuthority} for the Azure 'francecentral' region. */
-    FranceCentral = "francecentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'francesouth' region. */
-    FranceSouth = "francesouth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandnorth' region. */
-    SwitzerlandNorth = "switzerlandnorth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'switzerlandwest' region. */
-    SwitzerlandWest = "switzerlandwest",
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanynorth' region. */
-    GermanyNorth = "germanynorth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanywestcentral' region. */
-    GermanyWestCentral = "germanywestcentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'norwaywest' region. */
-    NorwayWest = "norwaywest",
-    /** Uses the {@link RegionalAuthority} for the Azure 'norwayeast' region. */
-    NorwayEast = "norwayeast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'eastasia' region. */
-    AsiaEast = "eastasia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'southeastasia' region. */
-    AsiaSouthEast = "southeastasia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'japaneast' region. */
-    JapanEast = "japaneast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'japanwest' region. */
-    JapanWest = "japanwest",
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiaeast' region. */
-    AustraliaEast = "australiaeast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiasoutheast' region. */
-    AustraliaSouthEast = "australiasoutheast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral' region. */
-    AustraliaCentral = "australiacentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'australiacentral2' region. */
-    AustraliaCentral2 = "australiacentral2",
-    /** Uses the {@link RegionalAuthority} for the Azure 'centralindia' region. */
-    IndiaCentral = "centralindia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'southindia' region. */
-    IndiaSouth = "southindia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'westindia' region. */
-    IndiaWest = "westindia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'koreasouth' region. */
-    KoreaSouth = "koreasouth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'koreacentral' region. */
-    KoreaCentral = "koreacentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'uaecentral' region. */
-    UAECentral = "uaecentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'uaenorth' region. */
-    UAENorth = "uaenorth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'southafricanorth' region. */
-    SouthAfricaNorth = "southafricanorth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'southafricawest' region. */
-    SouthAfricaWest = "southafricawest",
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth' region. */
-    ChinaNorth = "chinanorth",
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast' region. */
-    ChinaEast = "chinaeast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinanorth2' region. */
-    ChinaNorth2 = "chinanorth2",
-    /** Uses the {@link RegionalAuthority} for the Azure 'chinaeast2' region. */
-    ChinaEast2 = "chinaeast2",
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanycentral' region. */
-    GermanyCentral = "germanycentral",
-    /** Uses the {@link RegionalAuthority} for the Azure 'germanynortheast' region. */
-    GermanyNorthEast = "germanynortheast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovvirginia' region. */
-    GovernmentUSVirginia = "usgovvirginia",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgoviowa' region. */
-    GovernmentUSIowa = "usgoviowa",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovarizona' region. */
-    GovernmentUSArizona = "usgovarizona",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usgovtexas' region. */
-    GovernmentUSTexas = "usgovtexas",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usdodeast' region. */
-    GovernmentUSDodEast = "usdodeast",
-    /** Uses the {@link RegionalAuthority} for the Azure 'usdodcentral' region. */
-    GovernmentUSDodCentral = "usdodcentral"
+    /**
+     * The path to a PEM-encoded certificate should not be provided when the secret options are provided.
+     */
+    certificatePath?: never;
+    /**
+     * Option to include x5c header should not be provided when the secret options are provided.
+     */
+    sendCertificateChain?: never;
 }
 
 /**
@@ -1172,6 +1076,7 @@ export declare interface TokenCachePersistenceOptions {
      */
     unsafeAllowUnencryptedStorage?: boolean;
 }
+
 export { TokenCredential }
 
 /**
@@ -1185,10 +1090,6 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
      * The default is "https://login.microsoftonline.com".
      */
     authorityHost?: string;
-    /**
-     * If set to true, allows authentication flows to change the tenantId of the request if a different tenantId is received from a challenge or through a direct getToken call.
-     */
-    allowMultiTenantAuthentication?: boolean;
 }
 
 /**
@@ -1262,7 +1163,7 @@ export declare interface UsernamePasswordCredentialOptions extends TokenCredenti
 }
 
 /**
- * Connect to Azure using the credential provided by the VSCode extension 'Azure Account'.
+ * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
  * Once the user has logged in via the extension, this credential can share the same refresh token
  * that is cached by the extension.
  */
@@ -1270,7 +1171,6 @@ export declare class VisualStudioCodeCredential implements TokenCredential {
     private identityClient;
     private tenantId;
     private cloudName;
-    private allowMultiTenantAuthentication?;
     /**
      * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
      *

package/dist-esm/src/client/errors.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/client/errors.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAuDlC,SAAS,eAAe,CAAC,aAAkB;IACzC,OAAO,CACL,aAAa;QACb,OAAO,aAAa,CAAC,KAAK,KAAK,QAAQ;QACvC,OAAO,aAAa,CAAC,iBAAiB,KAAK,QAAQ,CACpD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,4BAA4B,CAAC;AAE3E;;;;GAIG;AACH,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IACnD,YAAY,OAAgB;QAC1B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,8BAA8B,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D;;;;GAIG;AACH,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAW5C,wDAAwD;IACxD,YAAY,UAAkB,EAAE,SAA6C;QAC3E,IAAI,aAAa,GAAkB;YACjC,KAAK,EAAE,SAAS;YAChB,gBAAgB,EAAE,oEAAoE;SACvF,CAAC;QAEF,IAAI,eAAe,CAAC,SAAS,CAAC,EAAE;YAC9B,aAAa,GAAG,wCAAwC,CAAC,SAAS,CAAC,CAAC;SACrE;aAAM,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE;YACxC,IAAI;gBACF,iEAAiE;gBACjE,uBAAuB;gBACvB,MAAM,kBAAkB,GAAuB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrE,aAAa,GAAG,wCAAwC,CAAC,kBAAkB,CAAC,CAAC;aAC9E;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,UAAU,KAAK,GAAG,EAAE;oBACtB,aAAa,GAAG;wBACd,KAAK,EAAE,qBAAqB;wBAC5B,gBAAgB,EAAE,4CAA4C;qBAC/D,CAAC;iBACH;qBAAM;oBACL,aAAa,GAAG;wBACd,KAAK,EAAE,eAAe;wBACtB,gBAAgB,EAAE,oDAAoD,SAAS,EAAE;qBAClF,CAAC;iBACH;aACF;SACF;aAAM;YACL,aAAa,GAAG;gBACd,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,oEAAoE;aACvF,CAAC;SACH;QAED,KAAK,CACH,GAAG,aAAa,CAAC,KAAK,gBAAgB,UAAU,sBAAsB,aAAa,CAAC,gBAAgB,EAAE,CACvG,CAAC;QACF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QAEnC,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gCAAgC,GAAG,8BAA8B,CAAC;AAE/E;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,KAAK;IAOrD,YAAY,MAAa,EAAE,YAAqB;QAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtC,KAAK,CAAC,GAAG,YAAY,KAAK,WAAW,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,iDAAiD;QACjD,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;IAC/C,CAAC;CACF;AAED,SAAS,wCAAwC,CAAC,SAA6B;IAC7E,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,gBAAgB,EAAE,SAAS,CAAC,iBAAiB;QAC7C,aAAa,EAAE,SAAS,CAAC,cAAc;QACvC,UAAU,EAAE,SAAS,CAAC,WAAW;QACjC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,OAAO,EAAE,SAAS,CAAC,QAAQ;KAC5B,CAAC;AACJ,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\n/**\n * See the official documentation for more details:\n *\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1\n *\n * NOTE: This documentation is for v1 OAuth support but the same error\n * response details still apply to v2.\n */\nexport interface ErrorResponse {\n  /**\n   * The string identifier for the error.\n   */\n  error: string;\n\n  /**\n   * The error's description.\n   */\n  errorDescription: string;\n\n  /**\n   * An array of codes pertaining to the error(s) that occurred.\n   */\n  errorCodes?: number[];\n\n  /**\n   * The timestamp at which the error occurred.\n   */\n  timestamp?: string;\n\n  /**\n   * The trace identifier for this error occurrence.\n   */\n  traceId?: string;\n\n  /**\n   * The correlation ID to be used for tracking the source of the error.\n   */\n  correlationId?: string;\n}\n\n/**\n * Used for internal deserialization of OAuth responses. Public model is ErrorResponse\n * @internal\n */\nexport interface OAuthErrorResponse {\n  error: string;\n  error_description: string;\n  error_codes?: number[];\n  timestamp?: string;\n  trace_id?: string;\n  correlation_id?: string;\n}\n\nfunction isErrorResponse(errorResponse: any): errorResponse is OAuthErrorResponse {\n  return (\n    errorResponse &&\n    typeof errorResponse.error === \"string\" &&\n    typeof errorResponse.error_description === \"string\"\n  );\n}\n\n/**\n * The Error.name value of an CredentialUnavailable\n */\nexport const CredentialUnavailableErrorName = \"CredentialUnavailableError\";\n\n/**\n * This signifies that the credential that was tried in a chained credential\n * was not available to be used as the credential. Rather than treating this as\n * an error that should halt the chain, it's caught and the chain continues\n */\nexport class CredentialUnavailableError extends Error {\n  constructor(message?: string) {\n    super(message);\n    this.name = CredentialUnavailableErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AuthenticationError\n */\nexport const AuthenticationErrorName = \"AuthenticationError\";\n\n/**\n * Provides details about a failure to authenticate with Azure Active\n * Directory.  The `errorResponse` field contains more details about\n * the specific failure.\n */\nexport class AuthenticationError extends Error {\n  /**\n   * The HTTP status code returned from the authentication request.\n   */\n  public readonly statusCode: number;\n\n  /**\n   * The error response details.\n   */\n  public readonly errorResponse: ErrorResponse;\n\n  // eslint-disable-next-line @typescript-eslint/ban-types\n  constructor(statusCode: number, errorBody: object | string | undefined | null) {\n    let errorResponse: ErrorResponse = {\n      error: \"unknown\",\n      errorDescription: \"An unknown error occurred and no additional details are available.\"\n    };\n\n    if (isErrorResponse(errorBody)) {\n      errorResponse = convertOAuthErrorResponseToErrorResponse(errorBody);\n    } else if (typeof errorBody === \"string\") {\n      try {\n        // Most error responses will contain JSON-formatted error details\n        // in the response body\n        const oauthErrorResponse: OAuthErrorResponse = JSON.parse(errorBody);\n        errorResponse = convertOAuthErrorResponseToErrorResponse(oauthErrorResponse);\n      } catch (e) {\n        if (statusCode === 400) {\n          errorResponse = {\n            error: \"authority_not_found\",\n            errorDescription: \"The specified authority URL was not found.\"\n          };\n        } else {\n          errorResponse = {\n            error: \"unknown_error\",\n            errorDescription: `An unknown error has occurred. Response body:\\n\\n${errorBody}`\n          };\n        }\n      }\n    } else {\n      errorResponse = {\n        error: \"unknown_error\",\n        errorDescription: \"An unknown error occurred and no additional details are available.\"\n      };\n    }\n\n    super(\n      `${errorResponse.error}(status code ${statusCode}).\\nMore details:\\n${errorResponse.errorDescription}`\n    );\n    this.statusCode = statusCode;\n    this.errorResponse = errorResponse;\n\n    // Ensure that this type reports the correct name\n    this.name = AuthenticationErrorName;\n  }\n}\n\n/**\n * The Error.name value of an AggregateAuthenticationError\n */\nexport const AggregateAuthenticationErrorName = \"AggregateAuthenticationError\";\n\n/**\n * Provides an `errors` array containing {@link AuthenticationError} instance\n * for authentication failures from credentials in a {@link ChainedTokenCredential}.\n */\nexport class AggregateAuthenticationError extends Error {\n  /**\n   * The array of error objects that were thrown while trying to authenticate\n   * with the credentials in a {@link ChainedTokenCredential}.\n   */\n  public errors: any[];\n\n  constructor(errors: any[], errorMessage?: string) {\n    const errorDetail = errors.join(\"\\n\");\n    super(`${errorMessage}\\n${errorDetail}`);\n    this.errors = errors;\n\n    // Ensure that this type reports the correct name\n    this.name = AggregateAuthenticationErrorName;\n  }\n}\n\nfunction convertOAuthErrorResponseToErrorResponse(errorBody: OAuthErrorResponse): ErrorResponse {\n  return {\n    error: errorBody.error,\n    errorDescription: errorBody.error_description,\n    correlationId: errorBody.correlation_id,\n    errorCodes: errorBody.error_codes,\n    timestamp: errorBody.timestamp,\n    traceId: errorBody.trace_id\n  };\n}\n"]}

package/dist-esm/src/credentials/applicationCredential.browser.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"applicationCredential.browser.js","sourceRoot":"","sources":["../../../src/credentials/applicationCredential.browser.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAKlC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,MAAM,wBAAwB,GAAG,IAAI,KAAK,CACxC,kGAAkG,CACnG,CAAC;AACF,MAAM,MAAM,GAAG,gBAAgB,CAAC,uBAAuB,CAAC,CAAC;AAEzD;;;;;GAKG;AACH,MAAM,OAAO,qBAAsB,SAAQ,sBAAsB;IAC/D;;;;OAIG;IACH,YAAY,uBAAgD;QAC1D,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QACvD,MAAM,wBAAwB,CAAC;IACjC,CAAC;IAEM,QAAQ;QACb,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC,CAAC;QAChE,MAAM,wBAAwB,CAAC;IACjC,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { AccessToken } from \"@azure/core-auth\";\n\nimport { TokenCredentialOptions } from \"../client/identityClient\";\nimport { credentialLogger, formatError } from \"../util/logging\";\nimport { ChainedTokenCredential } from \"./chainedTokenCredential\";\n\nconst BrowserNotSupportedError = new Error(\n  \"ApplicationCredential is not supported in the browser. Use InteractiveBrowserCredential instead.\"\n);\nconst logger = credentialLogger(\"ApplicationCredential\");\n\n/**\n * Provides a default {@link ChainedTokenCredential} configuration for\n * applications that will be deployed to Azure.\n *\n * Only available in NodeJS.\n */\nexport class ApplicationCredential extends ChainedTokenCredential {\n  /**\n   * Creates an instance of the ApplicationCredential class.\n   *\n   * @param options - Options for configuring the client which makes the authentication request.\n   */\n  constructor(_tokenCredentialOptions?: TokenCredentialOptions) {\n    super();\n    logger.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n\n  public getToken(): Promise<AccessToken> {\n    logger.getToken.info(formatError(\"\", BrowserNotSupportedError));\n    throw BrowserNotSupportedError;\n  }\n}\n"]}