npm - @azure/identity - Versions diffs - 4.6.0 → 4.6.1-alpha.20250116.2 - Mend

@azure/identity 4.6.0 → 4.6.1-alpha.20250116.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1115) hide show

package/types/identity.d.ts DELETED Viewed

@@ -1,1853 +0,0 @@
-import { AccessToken } from '@azure/core-auth';
-import { AzureLogger } from '@azure/logger';
-import { CommonClientOptions } from '@azure/core-client';
-import { GetTokenOptions } from '@azure/core-auth';
-import { LogPolicyOptions } from '@azure/core-rest-pipeline';
-import { TokenCredential } from '@azure/core-auth';
-import type { TracingContext } from '@azure/core-auth';
-export { AccessToken }
-/**
- * Provides an `errors` array containing {@link AuthenticationError} instance
- * for authentication failures from credentials in a {@link ChainedTokenCredential}.
- */
-export declare class AggregateAuthenticationError extends Error {
-    /**
-     * The array of error objects that were thrown while trying to authenticate
-     * with the credentials in a {@link ChainedTokenCredential}.
-     */
-    errors: any[];
-    constructor(errors: any[], errorMessage?: string);
-}
-/**
- * The Error.name value of an AggregateAuthenticationError
- */
-export declare const AggregateAuthenticationErrorName = "AggregateAuthenticationError";
-/**
- * Provides details about a failure to authenticate with Azure Active
- * Directory.  The `errorResponse` field contains more details about
- * the specific failure.
- */
-export declare class AuthenticationError extends Error {
-    /**
-     * The HTTP status code returned from the authentication request.
-     */
-    readonly statusCode: number;
-    /**
-     * The error response details.
-     */
-    readonly errorResponse: ErrorResponse;
-    constructor(statusCode: number, errorBody: object | string | undefined | null, options?: {
-        cause?: unknown;
-    });
-}
-/**
- * The Error.name value of an AuthenticationError
- */
-export declare const AuthenticationErrorName = "AuthenticationError";
-/**
- * The record to use to find the cached tokens in the cache.
- */
-export declare interface AuthenticationRecord {
-    /**
-     * The associated authority, if used.
-     */
-    authority: string;
-    /**
-     * The home account Id.
-     */
-    homeAccountId: string;
-    /**
-     * The associated client ID.
-     */
-    clientId: string;
-    /**
-     * The associated tenant ID.
-     */
-    tenantId: string;
-    /**
-     * The username of the logged in account.
-     */
-    username: string;
-}
-/**
- * Error used to enforce authentication after trying to retrieve a token silently.
- */
-export declare class AuthenticationRequiredError extends Error {
-    /**
-     * The list of scopes for which the token will have access.
-     */
-    scopes: string[];
-    /**
-     * The options passed to the getToken request.
-     */
-    getTokenOptions?: GetTokenOptions;
-    constructor(
-    /**
-     * Optional parameters. A message can be specified. The {@link GetTokenOptions} of the request can also be specified to more easily associate the error with the received parameters.
-     */
-    options: AuthenticationRequiredErrorOptions);
-}
-/**
- * Optional parameters to the {@link AuthenticationRequiredError}
- */
-export declare interface AuthenticationRequiredErrorOptions {
-    /**
-     * The list of scopes for which the token will have access.
-     */
-    scopes: string[];
-    /**
-     * The options passed to the getToken request.
-     */
-    getTokenOptions?: GetTokenOptions;
-    /**
-     * The message of the error.
-     */
-    message?: string;
-    /**
-     * The underlying cause, if any, that caused the authentication to fail.
-     */
-    cause?: unknown;
-}
-/**
- * Provides options to configure how the Identity library
- * does authority validation during authentication requests
- * to Microsoft Entra ID.
- */
-export declare interface AuthorityValidationOptions {
-    /**
-     * The field determines whether instance discovery is performed when attempting to authenticate.
-     * Setting this to `true` will completely disable both instance discovery and authority validation.
-     * As a result, it's crucial to ensure that the configured authority host is valid and trustworthy.
-     * This functionality is intended for use in scenarios where the metadata endpoint cannot be reached, such as in private clouds or Azure Stack.
-     * The process of instance discovery entails retrieving authority metadata from https://login.microsoft.com/ to validate the authority.
-     */
-    disableInstanceDiscovery?: boolean;
-}
-/**
- * Enables authentication to Microsoft Entra ID using an authorization code
- * that was obtained through the authorization code flow, described in more detail
- * in the Microsoft Entra ID documentation:
- *
- * https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow
- */
-export declare class AuthorizationCodeCredential implements TokenCredential {
-    private msalClient;
-    private disableAutomaticAuthentication?;
-    private authorizationCode;
-    private redirectUri;
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private clientSecret?;
-    /**
-     * Creates an instance of AuthorizationCodeCredential with the details needed
-     * to request an access token using an authentication that was obtained
-     * from Microsoft Entra ID.
-     *
-     * It is currently necessary for the user of this credential to initiate
-     * the authorization code flow to obtain an authorization code to be used
-     * with this credential.  A full example of this flow is provided here:
-     *
-     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
-     *                 'common' may be used when dealing with multi-tenant scenarios.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param clientSecret - A client secret that was generated for the App Registration
-     * @param authorizationCode - An authorization code that was received from following the
-     authorization code flow.  This authorization code must not
-     have already been used to obtain an access token.
-     * @param redirectUri - The redirect URI that was used to request the authorization code.
-     Must be the same URI that is configured for the App Registration.
-     * @param options - Options for configuring the client which makes the access token request.
-     */
-    constructor(tenantId: string | "common", clientId: string, clientSecret: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
-    /**
-     * Creates an instance of AuthorizationCodeCredential with the details needed
-     * to request an access token using an authentication that was obtained
-     * from Microsoft Entra ID.
-     *
-     * It is currently necessary for the user of this credential to initiate
-     * the authorization code flow to obtain an authorization code to be used
-     * with this credential.  A full example of this flow is provided here:
-     *
-     * https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/identity/identity/samples/v2/manual/authorizationCodeSample.ts
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID or name.
-     *                 'common' may be used when dealing with multi-tenant scenarios.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param authorizationCode - An authorization code that was received from following the
-     authorization code flow.  This authorization code must not
-     have already been used to obtain an access token.
-     * @param redirectUri - The redirect URI that was used to request the authorization code.
-     Must be the same URI that is configured for the App Registration.
-     * @param options - Options for configuring the client which makes the access token request.
-     */
-    constructor(tenantId: string | "common", clientId: string, authorizationCode: string, redirectUri: string, options?: AuthorizationCodeCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Options for the {@link AuthorizationCodeCredential}
- */
-export declare interface AuthorizationCodeCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
-}
-/**
- * A list of known Azure authority hosts
- */
-export declare enum AzureAuthorityHosts {
-    /**
-     * China-based Azure Authority Host
-     */
-    AzureChina = "https://login.chinacloudapi.cn",
-    /**
-     * Germany-based Azure Authority Host
-     */
-    AzureGermany = "https://login.microsoftonline.de",
-    /**
-     * US Government Azure Authority Host
-     */
-    AzureGovernment = "https://login.microsoftonline.us",
-    /**
-     * Public Cloud Azure Authority Host
-     */
-    AzurePublicCloud = "https://login.microsoftonline.com"
-}
-/**
- * This credential will use the currently logged-in user login information
- * via the Azure CLI ('az') commandline tool.
- * To do so, it will read the user access token and expire time
- * with Azure CLI command "az account get-access-token".
- */
-export declare class AzureCliCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private timeout?;
-    /**
-     * Creates an instance of the {@link AzureCliCredential}.
-     *
-     * To use this credential, ensure that you have already logged
-     * in via the 'az' tool using the command "az login" from the commandline.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options?: AzureCliCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    /**
-     * Parses the raw JSON response from the Azure CLI into a usable AccessToken object
-     *
-     * @param rawResponse - The raw JSON response from the Azure CLI
-     * @returns An access token with the expiry time parsed from the raw response
-     *
-     * The expiryTime of the credential's access token, in milliseconds, is calculated as follows:
-     *
-     * When available, expires_on (introduced in Azure CLI v2.54.0) will be preferred. Otherwise falls back to expiresOn.
-     */
-    private parseRawResponse;
-}
-/**
- * Options for the {@link AzureCliCredential}
- */
-export declare interface AzureCliCredentialOptions extends MultiTenantTokenCredentialOptions {
-    /**
-     * Allows specifying a tenant ID
-     */
-    tenantId?: string;
-    /**
-     * Process timeout configurable for making token requests, provided in milliseconds
-     */
-    processTimeoutInMs?: number;
-}
-/**
- * Azure Developer CLI is a command-line interface tool that allows developers to create, manage, and deploy
- * resources in Azure. It's built on top of the Azure CLI and provides additional functionality specific
- * to Azure developers. It allows users to authenticate as a user and/or a service principal against
- * <a href="https://learn.microsoft.com/entra/fundamentals/">Microsoft Entra ID</a>. The
- * AzureDeveloperCliCredential authenticates in a development environment and acquires a token on behalf of
- * the logged-in user or service principal in the Azure Developer CLI. It acts as the Azure Developer CLI logged in user or
- * service principal and executes an Azure CLI command underneath to authenticate the application against
- * Microsoft Entra ID.
- *
- * <h2> Configure AzureDeveloperCliCredential </h2>
- *
- * To use this credential, the developer needs to authenticate locally in Azure Developer CLI using one of the
- * commands below:
- *
- * <ol>
- *     <li>Run "azd auth login" in Azure Developer CLI to authenticate interactively as a user.</li>
- *     <li>Run "azd auth login --client-id clientID --client-secret clientSecret
- *     --tenant-id tenantID" to authenticate as a service principal.</li>
- * </ol>
- *
- * You may need to repeat this process after a certain time period, depending on the refresh token validity in your
- * organization. Generally, the refresh token validity period is a few weeks to a few months.
- * AzureDeveloperCliCredential will prompt you to sign in again.
- */
-export declare class AzureDeveloperCliCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private timeout?;
-    /**
-     * Creates an instance of the {@link AzureDeveloperCliCredential}.
-     *
-     * To use this credential, ensure that you have already logged
-     * in via the 'azd' tool using the command "azd auth login" from the commandline.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options?: AzureDeveloperCliCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Options for the {@link AzureDeveloperCliCredential}
- */
-export declare interface AzureDeveloperCliCredentialOptions extends MultiTenantTokenCredentialOptions {
-    /**
-     * Allows specifying a tenant ID
-     */
-    tenantId?: string;
-    /**
-     * Process timeout configurable for making token requests, provided in milliseconds
-     */
-    processTimeoutInMs?: number;
-}
-/**
- * This credential is designed to be used in Azure Pipelines with service connections
- * as a setup for workload identity federation.
- */
-export declare class AzurePipelinesCredential implements TokenCredential {
-    private clientAssertionCredential;
-    private identityClient;
-    /**
-     * AzurePipelinesCredential supports Federated Identity on Azure Pipelines through Service Connections.
-     * @param tenantId - tenantId associated with the service connection
-     * @param clientId - clientId associated with the service connection
-     * @param serviceConnectionId - Unique ID for the service connection, as found in the querystring's resourceId key
-     * @param systemAccessToken - The pipeline's <see href="https://learn.microsoft.com/azure/devops/pipelines/build/variables?view=azure-devops%26tabs=yaml#systemaccesstoken">System.AccessToken</see> value.
-     * @param options - The identity client options to use for authentication.
-     */
-    constructor(tenantId: string, clientId: string, serviceConnectionId: string, systemAccessToken: string, options?: AzurePipelinesCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} or {@link AuthenticationError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    /**
-     *
-     * @param oidcRequestUrl - oidc request url
-     * @param systemAccessToken - system access token
-     * @returns OIDC token from Azure Pipelines
-     */
-    private requestOidcToken;
-}
-/**
- * Optional parameters for the {@link AzurePipelinesCredential} class.
- */
-export declare interface AzurePipelinesCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-/**
- * This credential will use the currently logged-in user information from the
- * Azure PowerShell module. To do so, it will read the user access token and
- * expire time with Azure PowerShell command `Get-AzAccessToken -ResourceUrl {ResourceScope}`
- */
-export declare class AzurePowerShellCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private timeout?;
-    /**
-     * Creates an instance of the {@link AzurePowerShellCredential}.
-     *
-     * To use this credential:
-     * - Install the Azure Az PowerShell module with:
-     *   `Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force`.
-     * - You have already logged in to Azure PowerShell using the command
-     * `Connect-AzAccount` from the command line.
-     *
-     * @param options - Options, to optionally allow multi-tenant requests.
-     */
-    constructor(options?: AzurePowerShellCredentialOptions);
-    /**
-     * Gets the access token from Azure PowerShell
-     * @param resource - The resource to use when getting the token
-     */
-    private getAzurePowerShellAccessToken;
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If the authentication cannot be performed through PowerShell, a {@link CredentialUnavailableError} will be thrown.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Options for the {@link AzurePowerShellCredential}
- */
-export declare interface AzurePowerShellCredentialOptions extends MultiTenantTokenCredentialOptions {
-    /**
-     * Allows specifying a tenant ID
-     */
-    tenantId?: string;
-    /**
-     * Process timeout configurable for making token requests, provided in milliseconds
-     */
-    processTimeoutInMs?: number;
-}
-/**
- * Configuration options for InteractiveBrowserCredential
- * to support WAM Broker Authentication.
- */
-export declare interface BrokerAuthOptions {
-    /**
-     * Options to allow broker authentication when using InteractiveBrowserCredential
-     *
-     */
-    brokerOptions?: BrokerOptions;
-}
-/**
- * Parameters when WAM broker authentication is disabled.
- */
-export declare interface BrokerDisabledOptions {
-    /**
-     * If set to true, broker will be enabled for WAM support on Windows.
-     */
-    enabled: false;
-    /**
-     * If set to true, MSA account will be passed through, required for WAM authentication.
-     */
-    legacyEnableMsaPassthrough?: undefined;
-    /**
-     * Window handle for parent window, required for WAM authentication.
-     */
-    parentWindowHandle: undefined;
-}
-/**
- * Parameters when WAM broker authentication is enabled.
- */
-export declare interface BrokerEnabledOptions {
-    /**
-     * If set to true, broker will be enabled for WAM support on Windows.
-     */
-    enabled: true;
-    /**
-     * If set to true, MSA account will be passed through, required for WAM authentication.
-     */
-    legacyEnableMsaPassthrough?: boolean;
-    /**
-     * Window handle for parent window, required for WAM authentication.
-     */
-    parentWindowHandle: Uint8Array;
-    /**
-     * If set to true, the credential will attempt to use the default broker account for authentication before falling back to interactive authentication.
-     * Default is set to false.
-     */
-    useDefaultBrokerAccount?: boolean;
-}
-/**
- * Parameters that enable WAM broker authentication in the InteractiveBrowserCredential.
- */
-export declare type BrokerOptions = BrokerEnabledOptions | BrokerDisabledOptions;
-/**
- * Shared configuration options for browser customization
- */
-export declare interface BrowserCustomizationOptions {
-    /**
-     * Shared configuration options for browser customization
-     */
-    browserCustomizationOptions?: {
-        /**
-         * Format for error messages for display in browser
-         */
-        errorMessage?: string;
-        /**
-         * Format for success messages for display in browser
-         */
-        successMessage?: string;
-    };
-}
-/**
- * (Browser-only feature)
- * The "login style" to use in the authentication flow:
- * - "redirect" redirects the user to the authentication page and then
- *   redirects them back to the page once authentication is completed.
- * - "popup" opens a new browser window through with the redirect flow
- *   is initiated.  The user's existing browser window does not leave
- *   the current page
- */
-export declare type BrowserLoginStyle = "redirect" | "popup";
-/**
- * Enables multiple `TokenCredential` implementations to be tried in order
- * until one of the getToken methods returns an access token.
- */
-export declare class ChainedTokenCredential implements TokenCredential {
-    private _sources;
-    /**
-     * Creates an instance of ChainedTokenCredential using the given credentials.
-     *
-     * @param sources - `TokenCredential` implementations to be tried in order.
-     *
-     * Example usage:
-     * ```ts snippet:chained_token_credential_example
-     * import { ClientSecretCredential, ChainedTokenCredential } from "@azure/identity";
-     *
-     * const tenantId = "<tenant-id>";
-     * const clientId = "<client-id>";
-     * const clientSecret = "<client-secret>";
-     * const anotherClientId = "<another-client-id>";
-     * const anotherSecret = "<another-client-secret>";
-     * const firstCredential = new ClientSecretCredential(tenantId, clientId, clientSecret);
-     * const secondCredential = new ClientSecretCredential(tenantId, anotherClientId, anotherSecret);
-     * const credentialChain = new ChainedTokenCredential(firstCredential, secondCredential);
-     * ```
-     */
-    constructor(...sources: TokenCredential[]);
-    /**
-     * Returns the first access token returned by one of the chained
-     * `TokenCredential` implementations.  Throws an {@link AggregateAuthenticationError}
-     * when one or more credentials throws an {@link AuthenticationError} and
-     * no credentials have returned an access token.
-     *
-     * This method is called automatically by Azure SDK client libraries. You may call this method
-     * directly, but you must also handle token caching and token refreshing.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                `TokenCredential` implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    private getTokenInternal;
-}
-/**
- * Authenticates a service principal with a JWT assertion.
- */
-export declare class ClientAssertionCredential implements TokenCredential {
-    private msalClient;
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private getAssertion;
-    private options;
-    /**
-     * Creates an instance of the ClientAssertionCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * assertion provided by the developer through the `getAssertion` function parameter.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param getAssertion - A function that retrieves the assertion for the credential to use.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, getAssertion: () => Promise<string>, options?: ClientAssertionCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Options for the {@link ClientAssertionCredential}
- */
-export declare interface ClientAssertionCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-/**
- * Enables authentication to Microsoft Entra ID using a PEM-encoded
- * certificate that is assigned to an App Registration. More information
- * on how to configure certificate authentication can be found here:
- *
- * https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials#register-your-certificate-with-azure-ad
- *
- */
-export declare class ClientCertificateCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private certificateConfiguration;
-    private sendCertificateChain?;
-    private msalClient;
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param certificatePath - The path to a PEM-encoded public/private key certificate on the filesystem.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, certificatePath: string, options?: ClientCertificateCredentialOptions);
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param configuration - Other parameters required, including the path of the certificate on the filesystem.
-     *                        If the type is ignored, we will throw the value of the path to a PEM certificate.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificatePath, options?: ClientCertificateCredentialOptions);
-    /**
-     * Creates an instance of the ClientCertificateCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a certificate.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param configuration - Other parameters required, including the PEM-encoded certificate as a string.
-     *                        If the type is ignored, we will throw the value of the PEM-encoded certificate.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, configuration: ClientCertificatePEMCertificate, options?: ClientCertificateCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    private buildClientCertificate;
-}
-/**
- * Optional parameters for the {@link ClientCertificateCredential} class.
- */
-export declare interface ClientCertificateCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-    /**
-     * Option to include x5c header for SubjectName and Issuer name authorization.
-     * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
-     */
-    sendCertificateChain?: boolean;
-}
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with either the string contents of a PEM certificate, or the path to a PEM certificate.
- */
-export declare type ClientCertificateCredentialPEMConfiguration = ClientCertificatePEMCertificate | ClientCertificatePEMCertificatePath;
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with the string contents of a PEM certificate
- */
-export declare interface ClientCertificatePEMCertificate {
-    /**
-     * The PEM-encoded public/private key certificate on the filesystem.
-     */
-    certificate: string;
-    /**
-     * The password for the certificate file.
-     */
-    certificatePassword?: string;
-}
-/**
- * Required configuration options for the {@link ClientCertificateCredential}, with the path to a PEM certificate.
- */
-export declare interface ClientCertificatePEMCertificatePath {
-    /**
-     * The path to the PEM-encoded public/private key certificate on the filesystem.
-     */
-    certificatePath: string;
-    /**
-     * The password for the certificate file.
-     */
-    certificatePassword?: string;
-}
-/**
- * Enables authentication to Microsoft Entra ID using a client secret
- * that was generated for an App Registration. More information on how
- * to configure a client secret can be found here:
- *
- * https://learn.microsoft.com/entra/identity-platform/quickstart-configure-app-access-web-apis#add-credentials-to-your-web-application
- *
- */
-export declare class ClientSecretCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private msalClient;
-    private clientSecret;
-    /**
-     * Creates an instance of the ClientSecretCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * secret.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory) ID.
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param clientSecret - A client secret that was generated for the App Registration.
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, clientSecret: string, options?: ClientSecretCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Optional parameters for the {@link ClientSecretCredential} class.
- */
-export declare interface ClientSecretCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-/**
- * Shared configuration options for credentials that support persistent token
- * caching.
- */
-export declare interface CredentialPersistenceOptions {
-    /**
-     * Options to provide to the persistence layer (if one is available) when
-     * storing credentials.
-     *
-     * You must first register a persistence provider plugin. See the
-     * `@azure/identity-cache-persistence` package on NPM.
-     *
-     * Example:
-     *
-     * ```ts snippet:credential_persistence_options_example
-     * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
-     *
-     * useIdentityPlugin(cachePersistencePlugin);
-     * const credential = new DeviceCodeCredential({
-     *   tokenCachePersistenceOptions: {
-     *     enabled: true,
-     *   },
-     * });
-     * ```
-     */
-    tokenCachePersistenceOptions?: TokenCachePersistenceOptions;
-}
-/**
- * This signifies that the credential that was tried in a chained credential
- * was not available to be used as the credential. Rather than treating this as
- * an error that should halt the chain, it's caught and the chain continues
- */
-export declare class CredentialUnavailableError extends Error {
-    constructor(message?: string, options?: {
-        cause?: unknown;
-    });
-}
-/**
- * The Error.name value of an CredentialUnavailable
- */
-export declare const CredentialUnavailableErrorName = "CredentialUnavailableError";
-/**
- * Provides a default {@link ChainedTokenCredential} configuration that should
- * work for most applications that use the Azure SDK.
- */
-export declare class DefaultAzureCredential extends ChainedTokenCredential {
-    /**
-     * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialClientIdOptions}
-     *
-     * This credential provides a default {@link ChainedTokenCredential} configuration that should
-     * work for most applications that use the Azure SDK.
-     *
-     * The following credential types will be tried, in order:
-     *
-     * - {@link EnvironmentCredential}
-     * - {@link WorkloadIdentityCredential}
-     * - {@link ManagedIdentityCredential}
-     * - {@link AzureCliCredential}
-     * - {@link AzurePowerShellCredential}
-     * - {@link AzureDeveloperCliCredential}
-     *
-     * Consult the documentation of these credential types for more information
-     * on how they attempt authentication.
-     *
-     * @param options - Optional parameters. See {@link DefaultAzureCredentialClientIdOptions}.
-     */
-    constructor(options?: DefaultAzureCredentialClientIdOptions);
-    /**
-     *  Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialResourceIdOptions}
-     *
-     * This credential provides a default {@link ChainedTokenCredential} configuration that should
-     * work for most applications that use the Azure SDK.
-     *
-     * The following credential types will be tried, in order:
-     *
-     * - {@link EnvironmentCredential}
-     * - {@link WorkloadIdentityCredential}
-     * - {@link ManagedIdentityCredential}
-     * - {@link AzureCliCredential}
-     * - {@link AzurePowerShellCredential}
-     * - {@link AzureDeveloperCliCredential}
-     *
-     * Consult the documentation of these credential types for more information
-     * on how they attempt authentication.
-     *
-     * @param options - Optional parameters. See {@link DefaultAzureCredentialResourceIdOptions}.
-     */
-    constructor(options?: DefaultAzureCredentialResourceIdOptions);
-    /**
-     * Creates an instance of the DefaultAzureCredential class with {@link DefaultAzureCredentialOptions}
-     *
-     * This credential provides a default {@link ChainedTokenCredential} configuration that should
-     * work for most applications that use the Azure SDK.
-     *
-     * The following credential types will be tried, in order:
-     *
-     * - {@link EnvironmentCredential}
-     * - {@link WorkloadIdentityCredential}
-     * - {@link ManagedIdentityCredential}
-     * - {@link AzureCliCredential}
-     * - {@link AzurePowerShellCredential}
-     * - {@link AzureDeveloperCliCredential}
-     *
-     * Consult the documentation of these credential types for more information
-     * on how they attempt authentication.
-     *
-     * @param options - Optional parameters. See {@link DefaultAzureCredentialOptions}.
-     */
-    constructor(options?: DefaultAzureCredentialOptions);
-}
-/**
- * Provides options to configure the {@link DefaultAzureCredential} class.
- * This variation supports `managedIdentityClientId` and not `managedIdentityResourceId`, since only one of both is supported.
- */
-export declare interface DefaultAzureCredentialClientIdOptions extends DefaultAzureCredentialOptions {
-    /**
-     * Optionally pass in a user assigned client ID to be used by the {@link ManagedIdentityCredential}.
-     * This client ID can also be passed through to the {@link ManagedIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
-     */
-    managedIdentityClientId?: string;
-    /**
-     * Optionally pass in a user assigned client ID to be used by the {@link WorkloadIdentityCredential}.
-     * This client ID can also be passed through to the {@link WorkloadIdentityCredential} through the environment variable: AZURE_CLIENT_ID.
-     */
-    workloadIdentityClientId?: string;
-}
-/**
- * Provides options to configure the {@link DefaultAzureCredential} class.
- */
-export declare interface DefaultAzureCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
-    /**
-     * Optionally pass in a Tenant ID to be used as part of the credential.
-     * By default it may use a generic tenant ID depending on the underlying credential.
-     */
-    tenantId?: string;
-    /**
-     * Timeout configurable for making token requests for developer credentials, namely, {@link AzurePowershellCredential},
-     * {@link AzureDeveloperCliCredential} and {@link AzureCliCredential}.
-     * Process timeout for credentials should be provided in milliseconds.
-     */
-    processTimeoutInMs?: number;
-}
-/**
- * Provides options to configure the {@link DefaultAzureCredential} class.
- * This variation supports `managedIdentityResourceId` and not `managedIdentityClientId`, since only one of both is supported.
- */
-export declare interface DefaultAzureCredentialResourceIdOptions extends DefaultAzureCredentialOptions {
-    /**
-     * Optionally pass in a resource ID to be used by the {@link ManagedIdentityCredential}.
-     * In scenarios such as when user assigned identities are created using an ARM template,
-     * where the resource Id of the identity is known but the client Id can't be known ahead of time,
-     * this parameter allows programs to use these user assigned identities
-     * without having to first determine the client Id of the created identity.
-     */
-    managedIdentityResourceId: string;
-}
-/**
- * Deserializes a previously serialized authentication record from a string into an object.
- *
- * The input string must contain the following properties:
- *
- * - "authority"
- * - "homeAccountId"
- * - "clientId"
- * - "tenantId"
- * - "username"
- * - "version"
- *
- * If the version we receive is unsupported, an error will be thrown.
- *
- * At the moment, the only available version is: "1.0", which is always set when the authentication record is serialized.
- *
- * @param serializedRecord - Authentication record previously serialized into string.
- * @returns AuthenticationRecord.
- */
-export declare function deserializeAuthenticationRecord(serializedRecord: string): AuthenticationRecord;
-/**
- * Enables authentication to Microsoft Entra ID using a device code
- * that the user can enter into https://microsoft.com/devicelogin.
- */
-export declare class DeviceCodeCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private disableAutomaticAuthentication?;
-    private msalClient;
-    private userPromptCallback;
-    /**
-     * Creates an instance of DeviceCodeCredential with the details needed
-     * to initiate the device code authorization flow with Microsoft Entra ID.
-     *
-     * A message will be logged, giving users a code that they can use to authenticate once they go to https://microsoft.com/devicelogin
-     *
-     * Developers can configure how this message is shown by passing a custom `userPromptCallback`:
-     *
-     * ```ts snippet:device_code_credential_example
-     * import { DeviceCodeCredential } from "@azure/identity";
-     *
-     * const credential = new DeviceCodeCredential({
-     *   tenantId: process.env.AZURE_TENANT_ID,
-     *   clientId: process.env.AZURE_CLIENT_ID,
-     *   userPromptCallback: (info) => {
-     *     console.log("CUSTOMIZED PROMPT CALLBACK", info.message);
-     *   },
-     * });
-     * ```
-     *
-     * @param options - Options for configuring the client which makes the authentication requests.
-     */
-    constructor(options?: DeviceCodeCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the user provided the option `disableAutomaticAuthentication`,
-     * once the token can't be retrieved silently,
-     * this method won't attempt to request user interaction to retrieve the token.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                  TokenCredential implementation might make.
-     */
-    authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<AuthenticationRecord | undefined>;
-}
-/**
- * Defines options for the InteractiveBrowserCredential class for Node.js.
- */
-export declare interface DeviceCodeCredentialOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions {
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId?: string;
-    /**
-     * Client ID of the Microsoft Entra application that users will sign into.
-     * It is recommended that developers register their applications and assign appropriate roles.
-     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
-     * If not specified, users will authenticate to an Azure development application,
-     * which is not recommended for production scenarios.
-     */
-    clientId?: string;
-    /**
-     * A callback function that will be invoked to show {@link DeviceCodeInfo} to the user.
-     * If left unassigned, we will automatically log the device code information
-     * and the authentication instructions in the console.
-     */
-    userPromptCallback?: DeviceCodePromptCallback;
-}
-/**
- * Provides the user code and verification URI where the code must be
- * entered.  Also provides a message to display to the user which
- * contains an instruction with these details.
- */
-export declare interface DeviceCodeInfo {
-    /**
-     * The device code that the user must enter into the verification page.
-     */
-    userCode: string;
-    /**
-     * The verification URI to which the user must navigate to enter the device
-     * code.
-     */
-    verificationUri: string;
-    /**
-     * A message that may be shown to the user to instruct them on how to enter
-     * the device code in the page specified by the verification URI.
-     */
-    message: string;
-}
-/**
- * Defines the signature of a callback which will be passed to
- * DeviceCodeCredential for the purpose of displaying authentication
- * details to the user.
- */
-export declare type DeviceCodePromptCallback = (deviceCodeInfo: DeviceCodeInfo) => void;
-/**
- * Enables authentication to Microsoft Entra ID using a client secret or certificate, or as a user
- * with a username and password.
- */
-export declare class EnvironmentCredential implements TokenCredential {
-    private _credential?;
-    /**
-     * Creates an instance of the EnvironmentCredential class and decides what credential to use depending on the available environment variables.
-     *
-     * Required environment variables:
-     * - `AZURE_TENANT_ID`: The Microsoft Entra tenant (directory) ID.
-     * - `AZURE_CLIENT_ID`: The client (application) ID of an App Registration in the tenant.
-     *
-     * If setting the AZURE_TENANT_ID, then you can also set the additionally allowed tenants
-     * - `AZURE_ADDITIONALLY_ALLOWED_TENANTS`: For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens with a single semicolon delimited string. Use * to allow all tenants.
-     *
-     * Environment variables used for client credential authentication:
-     * - `AZURE_CLIENT_SECRET`: A client secret that was generated for the App Registration.
-     * - `AZURE_CLIENT_CERTIFICATE_PATH`: The path to a PEM certificate to use during the authentication, instead of the client secret.
-     * - `AZURE_CLIENT_CERTIFICATE_PASSWORD`: (optional) password for the certificate file.
-     * - `AZURE_CLIENT_SEND_CERTIFICATE_CHAIN`: (optional) indicates that the certificate chain should be set in x5c header to support subject name / issuer based authentication.
-     *
-     * Alternatively, users can provide environment variables for username and password authentication:
-     * - `AZURE_USERNAME`: Username to authenticate with.
-     * - `AZURE_PASSWORD`: Password to authenticate with.
-     *
-     * If the environment variables required to perform the authentication are missing, a {@link CredentialUnavailableError} will be thrown.
-     * If the authentication fails, or if there's an unknown error, an {@link AuthenticationError} will be thrown.
-     *
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(options?: EnvironmentCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - Optional parameters. See {@link GetTokenOptions}.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Enables authentication to Microsoft Entra ID depending on the available environment variables.
- * Defines options for the EnvironmentCredential class.
- */
-export declare interface EnvironmentCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
-}
-/**
- * See the official documentation for more details:
- *
- * https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#error-response-1
- *
- * NOTE: This documentation is for v1 OAuth support but the same error
- * response details still apply to v2.
- */
-export declare interface ErrorResponse {
-    /**
-     * The string identifier for the error.
-     */
-    error: string;
-    /**
-     * The error's description.
-     */
-    errorDescription: string;
-    /**
-     * An array of codes pertaining to the error(s) that occurred.
-     */
-    errorCodes?: number[];
-    /**
-     * The timestamp at which the error occurred.
-     */
-    timestamp?: string;
-    /**
-     * The trace identifier for this error occurrence.
-     */
-    traceId?: string;
-    /**
-     * The correlation ID to be used for tracking the source of the error.
-     */
-    correlationId?: string;
-}
-/**
- * Returns a callback that provides a bearer token.
- * For example, the bearer token can be used to authenticate a request as follows:
- * ```ts snippet:token_provider_example
- * import { DefaultAzureCredential, getBearerTokenProvider } from "@azure/identity";
- * import { createPipelineRequest } from "@azure/core-rest-pipeline";
- *
- * const credential = new DefaultAzureCredential();
- * const scope = "https://cognitiveservices.azure.com/.default";
- * const getAccessToken = getBearerTokenProvider(credential, scope);
- * const token = await getAccessToken();
- * // usage
- * const request = createPipelineRequest({ url: "https://example.com" });
- * request.headers.set("Authorization", `Bearer ${token}`);
- * ```
- *
- * @param credential - The credential used to authenticate the request.
- * @param scopes - The scopes required for the bearer token.
- * @param options - Options to configure the token provider.
- * @returns a callback that provides a bearer token.
- */
-export declare function getBearerTokenProvider(credential: TokenCredential, scopes: string | string[], options?: GetBearerTokenProviderOptions): () => Promise<string>;
-/**
- * The options to configure the token provider.
- */
-export declare interface GetBearerTokenProviderOptions {
-    /** The abort signal to abort requests to get tokens */
-    abortSignal?: AbortSignal;
-    /** The tracing options for the requests to get tokens */
-    tracingOptions?: {
-        /**
-         * Tracing Context for the current request to get a token.
-         */
-        tracingContext?: TracingContext;
-    };
-}
-/**
- * Returns a new instance of the {@link DefaultAzureCredential}.
- */
-export declare function getDefaultAzureCredential(): TokenCredential;
-export { GetTokenOptions }
-/**
- * The type of an Azure Identity plugin, a function accepting a plugin
- * context.
- */
-export declare type IdentityPlugin = (context: unknown) => void;
-/**
- * Enables authentication to Microsoft Entra ID inside of the web browser
- * using the interactive login flow.
- */
-export declare class InteractiveBrowserCredential implements TokenCredential {
-    private tenantId?;
-    private additionallyAllowedTenantIds;
-    private msalClient;
-    private disableAutomaticAuthentication?;
-    private browserCustomizationOptions;
-    private loginHint?;
-    /**
-     * Creates an instance of InteractiveBrowserCredential with the details needed.
-     *
-     * This credential uses the [Authorization Code Flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-auth-code-flow).
-     * On Node.js, it will open a browser window while it listens for a redirect response from the authentication service.
-     * On browsers, it authenticates via popups. The `loginStyle` optional parameter can be set to `redirect` to authenticate by redirecting the user to an Azure secure login page, which then will redirect the user back to the web application where the authentication started.
-     *
-     * For Node.js, if a `clientId` is provided, the Microsoft Entra application will need to be configured to have a "Mobile and desktop applications" redirect endpoint.
-     * Follow our guide on [setting up Redirect URIs for Desktop apps that calls to web APIs](https://learn.microsoft.com/entra/identity-platform/scenario-desktop-app-registration#redirect-uris).
-     *
-     * @param options - Options for configuring the client which makes the authentication requests.
-     */
-    constructor(options: InteractiveBrowserCredentialNodeOptions | InteractiveBrowserCredentialInBrowserOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the user provided the option `disableAutomaticAuthentication`,
-     * once the token can't be retrieved silently,
-     * this method won't attempt to request user interaction to retrieve the token.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the token can't be retrieved silently, this method will always generate a challenge for the user.
-     *
-     * On Node.js, this credential has [Proof Key for Code Exchange (PKCE)](https://datatracker.ietf.org/doc/html/rfc7636) enabled by default.
-     * PKCE is a security feature that mitigates authentication code interception attacks.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                  TokenCredential implementation might make.
-     */
-    authenticate(scopes: string | string[], options?: GetTokenOptions): Promise<AuthenticationRecord | undefined>;
-}
-/**
- * Defines the common options for the InteractiveBrowserCredential class.
- */
-export declare interface InteractiveBrowserCredentialInBrowserOptions extends InteractiveCredentialOptions {
-    /**
-     * Gets the redirect URI of the application. This should be same as the value
-     * in the application registration portal.  Defaults to `window.location.href`.
-     * This field is no longer required for Node.js.
-     */
-    redirectUri?: string | (() => string);
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId?: string;
-    /**
-     * The Client ID of the Microsoft Entra application that users will sign into.
-     * This parameter is required on the browser.
-     * Developers need to register their applications and assign appropriate roles.
-     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
-     */
-    clientId: string;
-    /**
-     * Specifies whether a redirect or a popup window should be used to
-     * initiate the user authentication flow. Possible values are "redirect"
-     * or "popup" (default) for browser and "popup" (default) for node.
-     *
-     */
-    loginStyle?: BrowserLoginStyle;
-    /**
-     * loginHint allows a user name to be pre-selected for interactive logins.
-     * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
-     */
-    loginHint?: string;
-}
-/**
- * Defines the common options for the InteractiveBrowserCredential class.
- */
-export declare interface InteractiveBrowserCredentialNodeOptions extends InteractiveCredentialOptions, CredentialPersistenceOptions, BrowserCustomizationOptions, BrokerAuthOptions {
-    /**
-     * Gets the redirect URI of the application. This should be same as the value
-     * in the application registration portal.  Defaults to `window.location.href`.
-     * This field is no longer required for Node.js.
-     */
-    redirectUri?: string | (() => string);
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId?: string;
-    /**
-     * The Client ID of the Microsoft Entra application that users will sign into.
-     * It is recommended that developers register their applications and assign appropriate roles.
-     * For more information, visit https://aka.ms/identity/AppRegistrationAndRoleAssignment.
-     * If not specified, users will authenticate to an Azure development application,
-     * which is not recommended for production scenarios.
-     */
-    clientId?: string;
-    /**
-     * loginHint allows a user name to be pre-selected for interactive logins.
-     * Setting this option skips the account selection prompt and immediately attempts to login with the specified account.
-     */
-    loginHint?: string;
-}
-/**
- * Common constructor options for the Identity credentials that requires user interaction.
- */
-export declare interface InteractiveCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
-    /**
-     * Result of a previous authentication that can be used to retrieve the cached credentials of each individual account.
-     * This is necessary to provide in case the application wants to work with more than one account per
-     * Client ID and Tenant ID pair.
-     *
-     * This record can be retrieved by calling to the credential's `authenticate()` method, as follows:
-     *
-     *     const authenticationRecord = await credential.authenticate();
-     *
-     */
-    authenticationRecord?: AuthenticationRecord;
-    /**
-     * Makes getToken throw if a manual authentication is necessary.
-     * Developers will need to call to `authenticate()` to control when to manually authenticate.
-     */
-    disableAutomaticAuthentication?: boolean;
-}
-/**
- * The AzureLogger used for all clients within the identity package
- */
-export declare const logger: AzureLogger;
-/**
- * Attempts authentication using a managed identity available at the deployment environment.
- * This authentication type works in Azure VMs, App Service instances, Azure Functions applications,
- * Azure Kubernetes Services, Azure Service Fabric instances and inside of the Azure Cloud Shell.
- *
- * More information about configuring managed identities can be found here:
- * https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
- */
-export declare class ManagedIdentityCredential implements TokenCredential {
-    private implProvider;
-    /**
-     * Creates an instance of ManagedIdentityCredential with the client ID of a
-     * user-assigned identity, or app registration (when working with AKS pod-identity).
-     *
-     * @param clientId - The client ID of the user-assigned identity, or app registration (when working with AKS pod-identity).
-     * @param options - Options for configuring the client which makes the access token request.
-     */
-    constructor(clientId: string, options?: TokenCredentialOptions);
-    /**
-     * Creates an instance of ManagedIdentityCredential with a client ID
-     *
-     * @param options - Options for configuring the client which makes the access token request.
-     */
-    constructor(options?: ManagedIdentityCredentialClientIdOptions);
-    /**
-     * Creates an instance of ManagedIdentityCredential with a resource ID
-     *
-     * @param options - Options for configuring the resource which makes the access token request.
-     */
-    constructor(options?: ManagedIdentityCredentialResourceIdOptions);
-    /**
-     * Creates an instance of ManagedIdentityCredential with an object ID
-     *
-     * @param options - Options for configuring the resource which makes the access token request.
-     */
-    constructor(options?: ManagedIdentityCredentialObjectIdOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     * If an unexpected error occurs, an {@link AuthenticationError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Options to send on the {@link ManagedIdentityCredential} constructor.
- * This variation supports `clientId` and not `resourceId`, since only one of both is supported.
- */
-export declare interface ManagedIdentityCredentialClientIdOptions extends TokenCredentialOptions {
-    /**
-     * The client ID of the user - assigned identity, or app registration(when working with AKS pod - identity).
-     */
-    clientId?: string;
-}
-/**
- * Options to send on the {@link ManagedIdentityCredential} constructor.
- * This variation supports `objectId` as a constructor argument.
- */
-export declare interface ManagedIdentityCredentialObjectIdOptions extends TokenCredentialOptions {
-    /**
-     * Allows specifying the object ID of the underlying service principal used to authenticate a user-assigned managed identity.
-     * This is an alternative to providing a client ID or resource ID and is not required for system-assigned managed identities.
-     */
-    objectId: string;
-}
-/**
- * Options to send on the {@link ManagedIdentityCredential} constructor.
- * This variation supports `resourceId` and not `clientId`, since only one of both is supported.
- */
-export declare interface ManagedIdentityCredentialResourceIdOptions extends TokenCredentialOptions {
-    /**
-     * Allows specifying a custom resource Id.
-     * In scenarios such as when user assigned identities are created using an ARM template,
-     * where the resource Id of the identity is known but the client Id can't be known ahead of time,
-     * this parameter allows programs to use these user assigned identities
-     * without having to first determine the client Id of the created identity.
-     */
-    resourceId: string;
-}
-/**
- * Options for multi-tenant applications which allows for additionally allowed tenants.
- */
-export declare interface MultiTenantTokenCredentialOptions extends TokenCredentialOptions {
-    /**
-     * For multi-tenant applications, specifies additional tenants for which the credential may acquire tokens.
-     * Add the wildcard value "*" to allow the credential to acquire tokens for any tenant the application is installed.
-     */
-    additionallyAllowedTenants?: string[];
-}
-/**
- * Enables authentication to Microsoft Entra ID using the [On Behalf Of flow](https://learn.microsoft.com/entra/identity-platform/v2-oauth2-on-behalf-of-flow).
- */
-export declare class OnBehalfOfCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private msalClient;
-    private sendCertificateChain?;
-    private certificatePath?;
-    private clientSecret?;
-    private userAssertionToken;
-    private clientAssertion?;
-    /**
-     * Creates an instance of the {@link OnBehalfOfCredential} with the details
-     * needed to authenticate against Microsoft Entra ID with path to a PEM certificate,
-     * and an user assertion.
-     *
-     * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
-     *
-     * ```ts snippet:on_behalf_of_credential_pem_example
-     * import { OnBehalfOfCredential } from "@azure/identity";
-     * import { KeyClient } from "@azure/keyvault-keys";
-     *
-     * const tokenCredential = new OnBehalfOfCredential({
-     *   tenantId: "tenant-id",
-     *   clientId: "client-id",
-     *   certificatePath: "/path/to/certificate.pem",
-     *   userAssertionToken: "access-token",
-     * });
-     * const client = new KeyClient("vault-url", tokenCredential);
-     * await client.getKey("key-name");
-     * ```
-     *
-     * @param options - Optional parameters, generally common across credentials.
-     */
-    constructor(options: OnBehalfOfCredentialCertificateOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
-    /**
-     * Creates an instance of the {@link OnBehalfOfCredential} with the details
-     * needed to authenticate against Microsoft Entra ID with a client
-     * secret and an user assertion.
-     *
-     * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
-     *
-     * ```ts snippet:on_behalf_of_credential_secret_example
-     * import { OnBehalfOfCredential } from "@azure/identity";
-     * import { KeyClient } from "@azure/keyvault-keys";
-     *
-     * const tokenCredential = new OnBehalfOfCredential({
-     *   tenantId: "tenant-id",
-     *   clientId: "client-id",
-     *   clientSecret: "client-secret",
-     *   userAssertionToken: "access-token",
-     * });
-     * const client = new KeyClient("vault-url", tokenCredential);
-     * await client.getKey("key-name");
-     * ```
-     *
-     * @param options - Optional parameters, generally common across credentials.
-     */
-    constructor(options: OnBehalfOfCredentialSecretOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
-    /**
-     * Creates an instance of the {@link OnBehalfOfCredential} with the details
-     * needed to authenticate against Microsoft Entra ID with a client `getAssertion`
-     * and an user assertion.
-     *
-     * Example using the `KeyClient` from [\@azure/keyvault-keys](https://www.npmjs.com/package/\@azure/keyvault-keys):
-     *
-     * ```ts snippet:on_behalf_of_credential_assertion_example
-     * import { OnBehalfOfCredential } from "@azure/identity";
-     * import { KeyClient } from "@azure/keyvault-keys";
-     *
-     * const tokenCredential = new OnBehalfOfCredential({
-     *   tenantId: "tenant-id",
-     *   clientId: "client-id",
-     *   getAssertion: () => {
-     *     return Promise.resolve("my-jwt");
-     *   },
-     *   userAssertionToken: "access-token",
-     * });
-     * const client = new KeyClient("vault-url", tokenCredential);
-     * await client.getKey("key-name");
-     * ```
-     *
-     * @param options - Optional parameters, generally common across credentials.
-     */
-    constructor(options: OnBehalfOfCredentialAssertionOptions & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure the underlying network requests.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-    private buildClientCertificate;
-    private parseCertificate;
-}
-/**
- * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with an assertion.
- */
-export declare interface OnBehalfOfCredentialAssertionOptions {
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId: string;
-    /**
-     * The client (application) ID of an App Registration in the tenant.
-     */
-    clientId: string;
-    /**
-     * A function that retrieves the client assertion for the credential to use
-     */
-    getAssertion: () => Promise<string>;
-    /**
-     * The user assertion for the On-Behalf-Of flow.
-     */
-    userAssertionToken: string;
-}
-/**
- * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a certificate.
- */
-export declare interface OnBehalfOfCredentialCertificateOptions {
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId: string;
-    /**
-     * The client (application) ID of an App Registration in the tenant.
-     */
-    clientId: string;
-    /**
-     * The path to a PEM-encoded public/private key certificate on the filesystem.
-     */
-    certificatePath: string;
-    /**
-     * The user assertion for the On-Behalf-Of flow.
-     */
-    userAssertionToken: string;
-    /**
-     * Option to include x5c header for SubjectName and Issuer name authorization.
-     * Set this option to send base64 encoded public certificate in the client assertion header as an x5c claim
-     */
-    sendCertificateChain?: boolean;
-}
-/**
- * Optional parameters for the {@link OnBehalfOfCredential} class.
- */
-export declare type OnBehalfOfCredentialOptions = (OnBehalfOfCredentialSecretOptions | OnBehalfOfCredentialCertificateOptions | OnBehalfOfCredentialAssertionOptions) & MultiTenantTokenCredentialOptions & CredentialPersistenceOptions & AuthorityValidationOptions;
-/**
- * Defines the parameters to authenticate the {@link OnBehalfOfCredential} with a secret.
- */
-export declare interface OnBehalfOfCredentialSecretOptions {
-    /**
-     * The Microsoft Entra tenant (directory) ID.
-     */
-    tenantId: string;
-    /**
-     * The client (application) ID of an App Registration in the tenant.
-     */
-    clientId: string;
-    /**
-     * A client secret that was generated for the App Registration.
-     */
-    clientSecret: string;
-    /**
-     * The user assertion for the On-Behalf-Of flow.
-     */
-    userAssertionToken: string;
-}
-/**
- * Serializes an `AuthenticationRecord` into a string.
- *
- * The output of a serialized authentication record will contain the following properties:
- *
- * - "authority"
- * - "homeAccountId"
- * - "clientId"
- * - "tenantId"
- * - "username"
- * - "version"
- *
- * To later convert this string to a serialized `AuthenticationRecord`, please use the exported function `deserializeAuthenticationRecord()`.
- */
-export declare function serializeAuthenticationRecord(record: AuthenticationRecord): string;
-/**
- * Parameters that enable token cache persistence in the Identity credentials.
- */
-export declare interface TokenCachePersistenceOptions {
-    /**
-     * If set to true, persistent token caching will be enabled for this credential instance.
-     */
-    enabled: boolean;
-    /**
-     * Unique identifier for the persistent token cache.
-     *
-     * Based on this identifier, the persistence file will be located in any of the following places:
-     * - Darwin: '/Users/user/.IdentityService/<name>'
-     * - Windows 8+: 'C:\\Users\\user\\AppData\\Local\\.IdentityService\\<name>'
-     * - Linux: '/home/user/.IdentityService/<name>'
-     */
-    name?: string;
-    /**
-     * If set to true, the cache will be stored without encryption if no OS level user encryption is available.
-     * When set to false, the PersistentTokenCache will throw an error if no OS level user encryption is available.
-     */
-    unsafeAllowUnencryptedStorage?: boolean;
-}
-export { TokenCredential }
-/**
- * Provides options to configure how the Identity library makes authentication
- * requests to Microsoft Entra ID.
- */
-export declare interface TokenCredentialOptions extends CommonClientOptions {
-    /**
-     * The authority host to use for authentication requests.
-     * Possible values are available through {@link AzureAuthorityHosts}.
-     * The default is "https://login.microsoftonline.com".
-     */
-    authorityHost?: string;
-    /**
-     * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.
-     */
-    loggingOptions?: LogPolicyOptions & {
-        /**
-         * Allows logging account information once the authentication flow succeeds.
-         */
-        allowLoggingAccountIdentifiers?: boolean;
-        /**
-         * Allows logging personally identifiable information for customer support.
-         */
-        enableUnsafeSupportLogging?: boolean;
-    };
-}
-/**
- * Extend Azure Identity with additional functionality. Pass a plugin from
- * a plugin package, such as:
- *
- * - `@azure/identity-cache-persistence`: provides persistent token caching
- * - `@azure/identity-vscode`: provides the dependencies of
- *   `VisualStudioCodeCredential` and enables it
- *
- * Example:
- *
- * ```ts snippet:consumer_example
- * import { useIdentityPlugin, DeviceCodeCredential } from "@azure/identity";
- *
- * useIdentityPlugin(cachePersistencePlugin);
- * // The plugin has the capability to extend `DeviceCodeCredential` and to
- * // add middleware to the underlying credentials, such as persistence.
- * const credential = new DeviceCodeCredential({
- *   tokenCachePersistenceOptions: {
- *     enabled: true,
- *   },
- * });
- * ```
- *
- * @param plugin - the plugin to register
- */
-export declare function useIdentityPlugin(plugin: IdentityPlugin): void;
-/**
- * Enables authentication to Microsoft Entra ID with a user's
- * username and password. This credential requires a high degree of
- * trust so you should only use it when other, more secure credential
- * types can't be used.
- */
-export declare class UsernamePasswordCredential implements TokenCredential {
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private msalClient;
-    private username;
-    private password;
-    /**
-     * Creates an instance of the UsernamePasswordCredential with the details
-     * needed to authenticate against Microsoft Entra ID with a username
-     * and password.
-     *
-     * @param tenantId - The Microsoft Entra tenant (directory).
-     * @param clientId - The client (application) ID of an App Registration in the tenant.
-     * @param username - The user account's e-mail address (user name).
-     * @param password - The user account's account password
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(tenantId: string, clientId: string, username: string, password: string, options?: UsernamePasswordCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * If the user provided the option `disableAutomaticAuthentication`,
-     * once the token can't be retrieved silently,
-     * this method won't attempt to request user interaction to retrieve the token.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Defines options for the {@link UsernamePasswordCredential} class.
- */
-export declare interface UsernamePasswordCredentialOptions extends MultiTenantTokenCredentialOptions, CredentialPersistenceOptions, AuthorityValidationOptions {
-}
-/**
- * Connects to Azure using the credential provided by the VSCode extension 'Azure Account'.
- * Once the user has logged in via the extension, this credential can share the same refresh token
- * that is cached by the extension.
- *
- * It's a [known issue](https://github.com/Azure/azure-sdk-for-js/issues/20500) that this credential doesn't
- * work with [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account)
- * versions newer than **0.9.11**. A long-term fix to this problem is in progress. In the meantime, consider
- * authenticating with {@link AzureCliCredential}.
- */
-export declare class VisualStudioCodeCredential implements TokenCredential {
-    private identityClient;
-    private tenantId;
-    private additionallyAllowedTenantIds;
-    private cloudName;
-    /**
-     * Creates an instance of VisualStudioCodeCredential to use for automatically authenticating via VSCode.
-     *
-     * **Note**: `VisualStudioCodeCredential` is provided by a plugin package:
-     * `@azure/identity-vscode`. If this package is not installed and registered
-     * using the plugin API (`useIdentityPlugin`), then authentication using
-     * `VisualStudioCodeCredential` will not be available.
-     *
-     * @param options - Options for configuring the client which makes the authentication request.
-     */
-    constructor(options?: VisualStudioCodeCredentialOptions);
-    /**
-     * Runs preparations for any further getToken request.
-     */
-    private prepare;
-    /**
-     * The promise of the single preparation that will be executed at the first getToken request for an instance of this class.
-     */
-    private preparePromise;
-    /**
-     * Runs preparations for any further getToken, but only once.
-     */
-    private prepareOnce;
-    /**
-     * Returns the token found by searching VSCode's authentication cache or
-     * returns null if no token could be found.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                `TokenCredential` implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken>;
-}
-/**
- * Provides options to configure the Visual Studio Code credential.
- */
-export declare interface VisualStudioCodeCredentialOptions extends MultiTenantTokenCredentialOptions {
-    /**
-     * Optionally pass in a Tenant ID to be used as part of the credential
-     */
-    tenantId?: string;
-}
-/**
- * Workload Identity authentication is a feature in Azure that allows applications running on virtual machines (VMs)
- * to access other Azure resources without the need for a service principal or managed identity. With Workload Identity
- * authentication, applications authenticate themselves using their own identity, rather than using a shared service
- * principal or managed identity. Under the hood, Workload Identity authentication uses the concept of Service Account
- * Credentials (SACs), which are automatically created by Azure and stored securely in the VM. By using Workload
- * Identity authentication, you can avoid the need to manage and rotate service principals or managed identities for
- * each application on each VM. Additionally, because SACs are created automatically and managed by Azure, you don't
- * need to worry about storing and securing sensitive credentials themselves.
- * The WorkloadIdentityCredential supports Microsoft Entra Workload ID authentication on Azure Kubernetes and acquires
- * a token using the SACs available in the Azure Kubernetes environment.
- * Refer to <a href="https://learn.microsoft.com/azure/aks/workload-identity-overview">Microsoft Entra
- * Workload ID</a> for more information.
- */
-export declare class WorkloadIdentityCredential implements TokenCredential {
-    private client;
-    private azureFederatedTokenFileContent;
-    private cacheDate;
-    private federatedTokenFilePath;
-    /**
-     * WorkloadIdentityCredential supports Microsoft Entra Workload ID on Kubernetes.
-     *
-     * @param options - The identity client options to use for authentication.
-     */
-    constructor(options?: WorkloadIdentityCredentialOptions);
-    /**
-     * Authenticates with Microsoft Entra ID and returns an access token if successful.
-     * If authentication fails, a {@link CredentialUnavailableError} will be thrown with the details of the failure.
-     *
-     * @param scopes - The list of scopes for which the token will have access.
-     * @param options - The options used to configure any requests this
-     *                TokenCredential implementation might make.
-     */
-    getToken(scopes: string | string[], options?: GetTokenOptions): Promise<AccessToken | null>;
-    private readFileContents;
-}
-/**
- * Options for the {@link WorkloadIdentityCredential}
- */
-export declare interface WorkloadIdentityCredentialOptions extends MultiTenantTokenCredentialOptions, AuthorityValidationOptions {
-    /**
-     * ID of the application's Microsoft Entra tenant. Also called its directory ID.
-     */
-    tenantId?: string;
-    /**
-     * The client ID of a Microsoft Entra app registration.
-     */
-    clientId?: string;
-    /**
-     * The path to a file containing a Kubernetes service account token that authenticates the identity.
-     */
-    tokenFilePath?: string;
-}
-export { }