@azure/identity 4.0.0-alpha.20230210.3 → 4.0.0-alpha.20231026.4

package/types/identity.d.ts

@@ -113,21 +113,25 @@ export declare interface AuthenticationRequiredErrorOptions {
 /**
  * Provides options to configure how the Identity library
  * does authority validation during authentication requests
- * to Azure Active Directory.
+ * to Microsoft Entra ID.
  */
 export declare interface AuthorityValidationOptions {
     /**
-     * Setting this flag to `true` disables both authority validation and instance discovery.
+     * The field determines whether instance discovery is performed when attempting to authenticate.
+     * Setting this to `true` will completely disable both instance discovery and authority validation.
+     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
+     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
+     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
      */
     disableInstanceDiscovery?: boolean;
 }
 
 /**
- * Enables authentication to Azure Active Directory using an authorization code
+ * Enables authentication to Microsoft Entra ID using an authorization code
  * that was obtained through the authorization code flow, described in more detail
- * in the Azure Active Directory documentation:
+ * in the Microsoft Entra ID documentation:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+ * https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow
  */
 export declare class AuthorizationCodeCredential implements TokenCredential {
     private msalFlow;
@@ -139,7 +143,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
-     * from Azure Active Directory.
+     * from Microsoft Entra ID.
      *
      * It is currently necessary for the user of this credential to initiate
      * the authorization code flow to obtain an authorization code to be used
@@ -147,7 +151,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      *
      * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
      *                 'common' may be used when dealing with multi-tenant scenarios.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param clientSecret - A client secret that was generated for the App Registration
@@ -162,7 +166,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
     /**
      * Creates an instance of AuthorizationCodeCredential with the details needed
      * to request an access token using an authentication that was obtained
-     * from Azure Active Directory.
+     * from Microsoft Entra ID.
      *
      * It is currently necessary for the user of this credential to initiate
      * the authorization code flow to obtain an authorization code to be used
@@ -170,7 +174,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      *
      * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID or name.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
      *                 'common' may be used when dealing with multi-tenant scenarios.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param authorizationCode - An authorization code that was received from following the
@@ -182,7 +186,7 @@ export declare class AuthorizationCodeCredential implements TokenCredential {
      */
     constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -229,6 +233,7 @@ export declare enum AzureAuthorityHosts {
 export declare class AzureCliCredential implements TokenCredential {
     private tenantId?;
     private additionallyAllowedTenantIds;
+    private timeout?;
     /**
      * Creates an instance of the {@link AzureCliCredential}.
      *
@@ -239,7 +244,7 @@ export declare class AzureCliCredential implements TokenCredential {
      */
     constructor(options?: AzureCliCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -257,6 +262,73 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
      * Allows specifying a tenant ID
      */
     tenantId?: string;
+    /**
+     * Process timeout configurable for making token requests, provided in milliseconds
+     */
+    processTimeoutInMs?: number;
+}
+
+/**
+ * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
+ * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
+ * to Azure developers. It allows users to authenticate as a user and/or a service principal against
+ * <a href="https://learn.microsoft.com/azure/active-directory/fundamentals/">Microsoft Entra ID</a>. The
+ * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
+ * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
+ * service principal and executes an Azure CLI command underneath to authenticate the application against
+ * Microsoft Entra ID.
+ *
+ * <h2> Configure AzureDeveloperCliCredential </h2>
+ *
+ * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
+ * commands below:
+ *
+ * <ol>
+ *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
+ *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
+ *     --tenant-id tenantID" to authenticate as a service principal.</li>
+ * </ol>
+ *
+ * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
+ * organization. Generally, the refresh token validity period is a few weeks to a few months.
+ * AzureDeveloperCliCredential will prompt you to sign in again.
+ */
+export declare class AzureDeveloperCliCredential implements TokenCredential {
+    private tenantId?;
+    private additionallyAllowedTenantIds;
+    private timeout?;
+    /**
+     * Creates an instance of the {@link AzureDeveloperCliCredential}.
+     *
+     * To use this credential, ensure that you have already logged
+     * in via the 'azd' tool using the command "azd auth login" from the commandline.
+     *
+     * @param options - Options, to optionally allow multi-tenant requests.
+     */
+    constructor(options?: AzureDeveloperCliCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+}
+
+/**
+ * Options for the {@link AzureDeveloperCliCredential}
+ */
+export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
+    /**
+     * Allows specifying a tenant ID
+     */
+    tenantId?: string;
+    /**
+     * Process timeout configurable for making token requests, provided in milliseconds
+     */
+    processTimeoutInMs?: number;
 }
 
 /**
@@ -267,6 +339,7 @@ export declare interface AzureCliCredentialOptions extends MultiTenantTokenCrede
 export declare class AzurePowerShellCredential implements TokenCredential {
     private tenantId?;
     private additionallyAllowedTenantIds;
+    private timeout?;
     /**
      * Creates an instance of the {@link AzurePowerShellCredential}.
      *
@@ -285,7 +358,7 @@ export declare class AzurePowerShellCredential implements TokenCredential {
      */
     private getAzurePowerShellAccessToken;
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -302,6 +375,82 @@ export declare interface AzurePowerShellCredentialOptions extends MultiTenantTok
      * Allows specifying a tenant ID
      */
     tenantId?: string;
+    /**
+     * Process timeout configurable for making token requests, provided in milliseconds
+     */
+    processTimeoutInMs?: number;
+}
+
+/**
+ * Configuration options for InteractiveBrowserCredential
+ * to support WAM Broker Authentication.
+ */
+export declare interface BrokerAuthOptions {
+    /**
+     * Options to allow broker authentication when using InteractiveBrowserCredential
+     *
+     */
+    brokerOptions: BrokerOptions;
+}
+
+/**
+ * Parameters when WAM broker authentication is disabled.
+ */
+export declare interface BrokerDisabledOptions {
+    /**
+     * If set to true, broker will be enabled for WAM support on Windows
+     */
+    enabled: false;
+    /**
+     * If set to true, MSA account will be passed through, required for WAM authentication.
+     */
+    legacyEnableMsaPassthrough?: undefined;
+    /**
+     * Window handle for parent window, required for WAM authentication
+     */
+    parentWindowHandle: undefined;
+}
+
+/**
+ * Parameters when WAM broker authentication is enabled.
+ */
+export declare interface BrokerEnabledOptions {
+    /**
+     * If set to true, broker will be enabled for WAM support on Windows
+     */
+    enabled: true;
+    /**
+     * If set to true, MSA account will be passed through, required for WAM authentication.
+     */
+    legacyEnableMsaPassthrough?: boolean;
+    /**
+     * Window handle for parent window, required for WAM authentication
+     */
+    parentWindowHandle: Uint8Array;
+}
+
+/**
+ * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.
+ */
+export declare type BrokerOptions = BrokerEnabledOptions | BrokerDisabledOptions;
+
+/**
+ * Shared configuration options for browser customization
+ */
+export declare interface BrowserCustomizationOptions {
+    /**
+     * Shared configuration options for browser customization
+     */
+    browserCustomizationOptions?: {
+        /**
+         * Format for error messages for display in browser
+         */
+        errorMessage: string;
+        /**
+         * Format for success messages for display in browser
+         */
+        successMessage: string;
+    };
 }
 
 /**
@@ -348,6 +497,7 @@ export declare class ChainedTokenCredential implements TokenCredential {
      *                `TokenCredential` implementation might make.
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
+    private getTokenInternal;
 }
 
 /**
@@ -361,17 +511,17 @@ export declare class ClientAssertionCredential implements TokenCredential {
     private options;
     /**
      * Creates an instance of the ClientAssertionCredential with the details
-     * needed to authenticate against Azure Active Directory with a client
+     * needed to authenticate against Microsoft Entra ID with a client
      * assertion provided by the developer through the `getAssertion` function parameter.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param getAssertion - A function that retrieves the assertion for the credential to use.
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -388,11 +538,11 @@ export declare interface ClientAssertionCredentialOptions extends MultiTenantTok
 }
 
 /**
- * Enables authentication to Azure Active Directory using a PEM-encoded
+ * Enables authentication to Microsoft Entra ID using a PEM-encoded
  * certificate that is assigned to an App Registration. More information
  * on how to configure certificate authentication can be found here:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
+ * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
  *
  */
 export declare class ClientCertificateCredential implements TokenCredential {
@@ -401,9 +551,9 @@ export declare class ClientCertificateCredential implements TokenCredential {
     private msalFlow;
     /**
      * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Azure Active Directory with a certificate.
+     * needed to authenticate against Microsoft Entra ID with a certificate.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
      * @param options - Options for configuring the client which makes the authentication request.
@@ -411,9 +561,9 @@ export declare class ClientCertificateCredential implements TokenCredential {
     constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
     /**
      * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Azure Active Directory with a certificate.
+     * needed to authenticate against Microsoft Entra ID with a certificate.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
      *                        If the type is ignored, we will throw the value of the path to a PEM certificate.
@@ -422,9 +572,9 @@ export declare class ClientCertificateCredential implements TokenCredential {
     constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
     /**
      * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Azure Active Directory with a certificate.
+     * needed to authenticate against Microsoft Entra ID with a certificate.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
      *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.
@@ -432,7 +582,7 @@ export declare class ClientCertificateCredential implements TokenCredential {
      */
     constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -487,11 +637,11 @@ export declare interface ClientCertificatePEMCertificatePath {
 }
 
 /**
- * Enables authentication to Azure Active Directory using a client secret
+ * Enables authentication to Microsoft Entra ID using a client secret
  * that was generated for an App Registration. More information on how
  * to configure a client secret can be found here:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
+ * https://learn.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
  *
  */
 export declare class ClientSecretCredential implements TokenCredential {
@@ -500,17 +650,17 @@ export declare class ClientSecretCredential implements TokenCredential {
     private msalFlow;
     /**
      * Creates an instance of the ClientSecretCredential with the details
-     * needed to authenticate against Azure Active Directory with a client
+     * needed to authenticate against Microsoft Entra ID with a client
      * secret.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory) ID.
+     * @param tenantId - The Microsoft Entra tenant (directory) ID.
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param clientSecret - A client secret that was generated for the App Registration.
      * @param options - Options for configuring the client which makes the authentication request.
      */
     constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -591,10 +741,11 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
      * The following credential types will be tried, in order:
      *
      * - {@link EnvironmentCredential}
+     * - {@link WorkloadIdentityCredential}
      * - {@link ManagedIdentityCredential}
-     * - {@link AzureDeveloperCliCredential}
      * - {@link AzureCliCredential}
      * - {@link AzurePowerShellCredential}
+     * - {@link AzureDeveloperCliCredential}
      *
      * Consult the documentation of these credential types for more information
      * on how they attempt authentication.
@@ -611,10 +762,11 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
      * The following credential types will be tried, in order:
      *
      * - {@link EnvironmentCredential}
+     * - {@link WorkloadIdentityCredential}
      * - {@link ManagedIdentityCredential}
-     * - {@link AzureDeveloperCliCredential}
      * - {@link AzureCliCredential}
      * - {@link AzurePowerShellCredential}
+     * - {@link AzureDeveloperCliCredential}
      *
      * Consult the documentation of these credential types for more information
      * on how they attempt authentication.
@@ -631,10 +783,11 @@ export declare class DefaultAzureCredential extends ChainedTokenCredential {
      * The following credential types will be tried, in order:
      *
      * - {@link EnvironmentCredential}
+     * - {@link WorkloadIdentityCredential}
      * - {@link ManagedIdentityCredential}
-     * - {@link AzureDeveloperCliCredential}
      * - {@link AzureCliCredential}
      * - {@link AzurePowerShellCredential}
+     * - {@link AzureDeveloperCliCredential}
      *
      * Consult the documentation of these credential types for more information
      * on how they attempt authentication.
@@ -654,6 +807,11 @@ export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAz
      * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
      */
     managedIdentityClientId?: string;
+    /**
+     * Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.
+     * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
+     */
+    workloadIdentityClientId?: string;
 }
 
 /**
@@ -665,6 +823,12 @@ export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenC
      * By default it may use a generic tenant ID depending on the underlying credential.
      */
     tenantId?: string;
+    /**
+     * Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},
+     * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.
+     * Process timeout for credentials should be provided in milliseconds.
+     */
+    processTimeoutInMs?: number;
 }
 
 /**
@@ -704,7 +868,7 @@ export declare interface DefaultAzureCredentialResourceIdOptions extends Default
 export declare function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord;
 
 /**
- * Enables authentication to Azure Active Directory using a device code
+ * Enables authentication to Microsoft Entra ID using a device code
  * that the user can enter into https://microsoft.com/devicelogin.
  */
 export declare class DeviceCodeCredential implements TokenCredential {
@@ -714,7 +878,7 @@ export declare class DeviceCodeCredential implements TokenCredential {
     private disableAutomaticAuthentication?;
     /**
      * Creates an instance of DeviceCodeCredential with the details needed
-     * to initiate the device code authorization flow with Azure Active Directory.
+     * to initiate the device code authorization flow with Microsoft Entra ID.
      *
      * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
      *
@@ -734,7 +898,7 @@ export declare class DeviceCodeCredential implements TokenCredential {
      */
     constructor(options?: DeviceCodeCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -747,7 +911,7 @@ export declare class DeviceCodeCredential implements TokenCredential {
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
@@ -764,7 +928,7 @@ export declare class DeviceCodeCredential implements TokenCredential {
  */
 export declare interface DeviceCodeCredentialOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
     /**
-     * The Azure Active Directory tenant (directory) ID.
+     * The Microsoft Entra tenant (directory) ID.
      */
     tenantId?: string;
     /**
@@ -809,7 +973,7 @@ export declare interface DeviceCodeInfo {
 export declare type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;
 
 /**
- * Enables authentication to Azure Active Directory using a client secret or certificate, or as a user
+ * Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user
  * with a username and password.
  */
 export declare class EnvironmentCredential implements TokenCredential {
@@ -818,7 +982,7 @@ export declare class EnvironmentCredential implements TokenCredential {
      * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
      *
      * Required environment variables:
-     * - `AZURE_TENANT_ID`: The Azure Active Directory tenant (directory) ID.
+     * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
      * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
      *
      * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
@@ -840,7 +1004,7 @@ export declare class EnvironmentCredential implements TokenCredential {
      */
     constructor(options?: EnvironmentCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      *
      * @param scopes - The list of scopes for which the token will have access.
      * @param options - Optional parameters. See {@link GetTokenOptions}.
@@ -849,7 +1013,7 @@ export declare class EnvironmentCredential implements TokenCredential {
 }
 
 /**
- * Enables authentication to Azure Active Directory depending on the available environment variables.
+ * Enables authentication to Microsoft Entra ID depending on the available environment variables.
  * Defines options for the EnvironmentCredential class.
  */
 export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
@@ -858,7 +1022,7 @@ export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCr
 /**
  * See the official documentation for more details:
  *
- * https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1
+ * https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1
  *
  * NOTE: This documentation is for v1 OAuth support but the same error
  * response details still apply to v2.
@@ -904,7 +1068,7 @@ export { GetTokenOptions }
 export declare type IdentityPlugin = (context: unknown) => void;
 
 /**
- * Enables authentication to Azure Active Directory inside of the web browser
+ * Enables authentication to Microsoft Entra ID inside of the web browser
  * using the interactive login flow.
  */
 export declare class InteractiveBrowserCredential implements TokenCredential {
@@ -915,18 +1079,18 @@ export declare class InteractiveBrowserCredential implements TokenCredential {
     /**
      * Creates an instance of InteractiveBrowserCredential with the details needed.
      *
-     * This credential uses the [Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
+     * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow).
      * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
      * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
      *
-     * For Node.js, if a `clientId` is provided, the Azure Active Directory application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
-     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://docs.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
+     * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
+     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris).
      *
      * @param options - Options for configuring the client which makes the authentication requests.
      */
-    constructor(options?: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions);
+    constructor(options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -939,7 +1103,7 @@ export declare class InteractiveBrowserCredential implements TokenCredential {
      */
     getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the token can't be retrieved silently, this method will require user interaction to retrieve the token.
@@ -961,10 +1125,11 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
     /**
      * Gets the redirect URI of the application. This should be same as the value
      * in the application registration portal.  Defaults to `window.location.href`.
+     * This field is no longer required for Node.js.
      */
     redirectUri?: string | (() => string);
     /**
-     * The Azure Active Directory tenant (directory) ID.
+     * The Microsoft Entra tenant (directory) ID.
      */
     tenantId?: string;
     /**
@@ -989,14 +1154,15 @@ export declare interface InteractiveBrowserCredentialInBrowserOptions extends In
 /**
  * Defines the common options for the InteractiveBrowserCredential class.
  */
-export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
+export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions, BrowserCustomizationOptions, BrokerAuthOptions {
     /**
      * Gets the redirect URI of the application. This should be same as the value
      * in the application registration portal.  Defaults to `window.location.href`.
+     * This field is no longer required for Node.js.
      */
     redirectUri?: string | (() => string);
     /**
-     * The Azure Active Directory tenant (directory) ID.
+     * The Microsoft Entra tenant (directory) ID.
      */
     tenantId?: string;
     /**
@@ -1043,7 +1209,7 @@ export declare const logger: AzureLogger;
  * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
  *
  * More information about configuring managed identities can be found here:
- * https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
+ * https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
  */
 export declare class ManagedIdentityCredential implements TokenCredential {
     private identityClient;
@@ -1052,6 +1218,7 @@ export declare class ManagedIdentityCredential implements TokenCredential {
     private isEndpointUnavailable;
     private isAvailableIdentityClient;
     private confidentialApp;
+    private isAppTokenProviderInitialized;
     /**
      * Creates an instance of ManagedIdentityCredential with the client ID of a
      * user-assigned identity, or app registration (when working with AKS pod-identity).
@@ -1076,7 +1243,7 @@ export declare class ManagedIdentityCredential implements TokenCredential {
     private cachedAvailableMSI;
     private authenticateManagedIdentity;
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
      *
@@ -1092,6 +1259,7 @@ export declare class ManagedIdentityCredential implements TokenCredential {
      */
     private handleResult;
     /* Excluded from this release type: ensureValidMsalToken */
+    private initializeSetAppTokenProvider;
 }
 
 /**
@@ -1132,7 +1300,7 @@ export declare interface MultiTenantTokenCredentialOptions extends TokenCredenti
 }
 
 /**
- * Enables authentication to Azure Active Directory using the [On Behalf Of flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
+ * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow).
  */
 export declare class OnBehalfOfCredential implements TokenCredential {
     private options;
@@ -1141,7 +1309,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
     private msalFlow;
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
-     * needed to authenticate against Azure Active Directory with path to a PEM certificate,
+     * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,
      * and an user assertion.
      *
      * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
@@ -1163,7 +1331,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
     constructor(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
      * Creates an instance of the {@link OnBehalfOfCredential} with the details
-     * needed to authenticate against Azure Active Directory with a client
+     * needed to authenticate against Microsoft Entra ID with a client
      * secret and an user assertion.
      *
      * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
@@ -1184,7 +1352,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
      */
     constructor(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * @param scopes - The list of scopes for which the token will have access.
@@ -1198,7 +1366,7 @@ export declare class OnBehalfOfCredential implements TokenCredential {
  */
 export declare interface OnBehalfOfCredentialCertificateOptions {
     /**
-     * The Azure Active Directory tenant (directory) ID.
+     * The Microsoft Entra tenant (directory) ID.
      */
     tenantId: string;
     /**
@@ -1230,7 +1398,7 @@ export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOpt
  */
 export declare interface OnBehalfOfCredentialSecretOptions {
     /**
-     * The Azure Active Directory tenant (directory) ID.
+     * The Microsoft Entra tenant (directory) ID.
      */
     tenantId: string;
     /**
@@ -1291,7 +1459,7 @@ export { TokenCredential }
 
 /**
  * Provides options to configure how the Identity library makes authentication
- * requests to Azure Active Directory.
+ * requests to Microsoft Entra ID.
  */
 export declare interface TokenCredentialOptions extends CommonClientOptions {
     /**
@@ -1301,10 +1469,17 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
      */
     authorityHost?: string;
     /**
-     * Allows logging account information once the authentication flow succeeds.
+     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
      */
     loggingOptions?: LogPolicyOptions & {
+        /**
+         * Allows logging account information once the authentication flow succeeds.
+         */
         allowLoggingAccountIdentifiers?: boolean;
+        /**
+         * Allows logging personally identifiable information for customer support.
+         */
+        enableUnsafeSupportLogging?: boolean;
     };
 }
 
@@ -1338,7 +1513,7 @@ export declare interface TokenCredentialOptions extends CommonClientOptions {
 export declare function useIdentityPlugin(plugin: IdentityPlugin): void;
 
 /**
- * Enables authentication to Azure Active Directory with a user's
+ * Enables authentication to Microsoft Entra ID with a user's
  * username and password. This credential requires a high degree of
  * trust so you should only use it when other, more secure credential
  * types can't be used.
@@ -1349,10 +1524,10 @@ export declare class UsernamePasswordCredential implements TokenCredential {
     private msalFlow;
     /**
      * Creates an instance of the UsernamePasswordCredential with the details
-     * needed to authenticate against Azure Active Directory with a username
+     * needed to authenticate against Microsoft Entra ID with a username
      * and password.
      *
-     * @param tenantId - The Azure Active Directory tenant (directory).
+     * @param tenantId - The Microsoft Entra tenant (directory).
      * @param clientId - The client (application) ID of an App Registration in the tenant.
      * @param username - The user account's e-mail address (user name).
      * @param password - The user account's account password
@@ -1360,7 +1535,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
      */
     constructor(tenantId: string, clientId: string, username: string, password: string, options?: UsernamePasswordCredentialOptions);
     /**
-     * Authenticates with Azure Active Directory and returns an access token if successful.
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
      * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
      *
      * If the user provided the option `disableAutomaticAuthentication`,
@@ -1377,7 +1552,7 @@ export declare class UsernamePasswordCredential implements TokenCredential {
 /**
  * Defines options for the {@link UsernamePasswordCredential} class.
  */
-export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions {
+export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
 }
 
 /**
@@ -1439,4 +1614,59 @@ export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTo
     tenantId?: string;
 }
 
+/**
+ * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
+ * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
+ * authentication, applications authenticate themselves using their own identity, rather than using a shared service
+ * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
+ * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
+ * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
+ * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
+ * need to worry about storing and securing sensitive credentials themselves.
+ * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
+ * a token using the SACs available in the Azure Kubernetes environment.
+ * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
+ * Workload ID</a> for more information.
+ */
+export declare class WorkloadIdentityCredential implements TokenCredential {
+    private client;
+    private azureFederatedTokenFileContent;
+    private cacheDate;
+    private federatedTokenFilePath;
+    /**
+     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
+     *
+     * @param options - The identity client options to use for authentication.
+     */
+    constructor(options?: WorkloadIdentityCredentialOptions);
+    /**
+     * Authenticates with Microsoft Entra ID and returns an access token if successful.
+     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
+     *
+     * @param scopes - The list of scopes for which the token will have access.
+     * @param options - The options used to configure any requests this
+     *                TokenCredential implementation might make.
+     */
+    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
+    private readFileContents;
+}
+
+/**
+ * Options for the {@link WorkloadIdentityCredential}
+ */
+export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
+    /**
+     * ID of the application's Microsoft Entra tenant. Also called its directory ID.
+     */
+    tenantId?: string;
+    /**
+     * The client ID of a Microsoft Entra app registration.
+     */
+    clientId?: string;
+    /**
+     * The path to a file containing a Kubernetes service account token that authenticates the identity.
+     */
+    tokenFilePath?: string;
+}
+
 export { }