@microsoft/vscode-azext-azureauth 4.2.2 → 5.0.0

package/dist/cjs/src/getSessionFromVSCode.js

@@ -0,0 +1,108 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSessionFromVSCode = getSessionFromVSCode;
+const vscode = __importStar(require("vscode"));
+const configuredAzureEnv_1 = require("./utils/configuredAzureEnv");
+const isAuthenticationWwwAuthenticateRequest_1 = require("./utils/isAuthenticationWwwAuthenticateRequest");
+function ensureEndingSlash(value) {
+    return value.endsWith('/') ? value : `${value}/`;
+}
+function getResourceScopes(scopes) {
+    if (scopes === undefined || scopes === "" || scopes.length === 0) {
+        scopes = ensureEndingSlash((0, configuredAzureEnv_1.getConfiguredAzureEnv)().managementEndpointUrl);
+    }
+    const arrScopes = (Array.isArray(scopes) ? scopes : [scopes])
+        .map((scope) => {
+        if (scope.endsWith('.default')) {
+            return scope;
+        }
+        else {
+            return `${scope}.default`;
+        }
+    });
+    return Array.from(new Set(arrScopes));
+}
+function addTenantIdScope(scopes, tenantId) {
+    const scopeSet = new Set(scopes);
+    scopeSet.add(`VSCODE_TENANT:${tenantId}`);
+    return Array.from(scopeSet);
+}
+function getModifiedScopes(scopes, tenantId) {
+    let scopeArr = getResourceScopes(scopes);
+    if (tenantId) {
+        scopeArr = addTenantIdScope(scopeArr, tenantId);
+    }
+    return scopeArr;
+}
+/**
+ * Deconstructs and rebuilds the scopes arg in order to use the above utils to modify the scopes array.
+ * And then returns the proper type to pass directly to vscode.authentication.getSession
+ */
+function formScopesArg(scopeOrListOrRequest, tenantId) {
+    const isChallenge = (0, isAuthenticationWwwAuthenticateRequest_1.isAuthenticationWwwAuthenticateRequest)(scopeOrListOrRequest);
+    let initialScopeList = undefined;
+    if (typeof scopeOrListOrRequest === 'string' && !!scopeOrListOrRequest) {
+        initialScopeList = [scopeOrListOrRequest];
+    }
+    else if (Array.isArray(scopeOrListOrRequest)) {
+        initialScopeList = scopeOrListOrRequest;
+    }
+    else if (isChallenge) {
+        // `scopeOrListOrRequest.fallbackScopes` being readonly forces us to rebuild the array
+        initialScopeList = scopeOrListOrRequest.fallbackScopes ? Array.from(scopeOrListOrRequest.fallbackScopes) : undefined;
+    }
+    const modifiedScopeList = getModifiedScopes(initialScopeList, tenantId);
+    return isChallenge ? { fallbackScopes: modifiedScopeList, wwwAuthenticate: scopeOrListOrRequest.wwwAuthenticate } : modifiedScopeList;
+}
+/**
+ * Wraps {@link vscode.authentication.getSession} and handles:
+ * * Passing the configured auth provider id
+ * * Getting the list of scopes, adding the tenant id to the scope list if needed
+ *
+ * @param scopeOrListOrRequest - top-level resource scopes (e.g. http://management.azure.com, http://storage.azure.com) or .default scopes. All resources/scopes will be normalized to the `.default` scope for each resource.
+ * Use `vscode.AuthenticationWwwAuthenticateRequest` if you need to pass in a challenge (WWW-Authenticate header). Note: Use of `vscode.AuthenticationWwwAuthenticateRequest` requires VS Code 1.105.0 or newer.
+ * @param tenantId - (Optional) The tenant ID, will be added to the scopes
+ * @param options - see {@link vscode.AuthenticationGetSessionOptions}
+ * @returns An authentication session if available, or undefined if there are no sessions
+ */
+async function getSessionFromVSCode(scopeOrListOrRequest, tenantId, options) {
+    return await vscode.authentication.getSession((0, configuredAzureEnv_1.getConfiguredAuthProviderId)(), formScopesArg(scopeOrListOrRequest, tenantId), options);
+}
+//# sourceMappingURL=getSessionFromVSCode.js.map

package/dist/cjs/src/index.d.ts

@@ -0,0 +1,56 @@
+export * from './AzureAuthentication';
+export * from './AzureDevOpsSubscriptionProvider';
+export * from './AzureSubscription';
+export * from './AzureSubscriptionProvider';
+export * from './AzureTenant';
+export * from './NotSignedInError';
+export * from './signInToTenant';
+export * from './utils/configuredAzureEnv';
+export * from './utils/getUnauthenticatedTenants';
+export * from './VSCodeAzureSubscriptionProvider';
+declare module 'vscode' {
+    /**
+     * Represents parameters for creating a session based on a WWW-Authenticate header value.
+     * This is used when an API returns a 401 with a WWW-Authenticate header indicating
+     * that additional authentication is required. The details of which will be passed down
+     * to the authentication provider to create a session.
+     *
+     * @note The authorization provider must support handling challenges and specifically
+     * the challenges in this WWW-Authenticate value.
+     * @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
+     */
+    interface AuthenticationWwwAuthenticateRequest {
+        /**
+         * The raw WWW-Authenticate header value that triggered this challenge.
+         * This will be parsed by the authentication provider to extract the necessary
+         * challenge information.
+         */
+        readonly wwwAuthenticate: string;
+        /**
+         * The fallback scopes to use if no scopes are found in the WWW-Authenticate header.
+         */
+        readonly fallbackScopes?: readonly string[];
+    }
+    /**
+     * Namespace for authentication.
+     */
+    namespace authentication {
+        /**
+         * Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
+         * registered, or if the user does not consent to sharing authentication information with the extension. If there
+         * are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
+         *
+         * Built-in auth providers include:
+         * * 'github' - For GitHub.com
+         * * 'microsoft' For both personal & organizational Microsoft accounts
+         * * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
+         * * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
+         *
+         * @param providerId The id of the provider to use
+         * @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
+         * @param options The {@link AuthenticationGetSessionOptions} to use
+         * @returns A thenable that resolves to an authentication session or undefined if a silent flow was used and no session was found
+         */
+        function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;
+    }
+}

package/{out → dist/cjs}/src/index.js

@@ -20,9 +20,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./AzureAuthentication"), exports);
 __exportStar(require("./AzureDevOpsSubscriptionProvider"), exports);
-__exportStar(require("./AzureTenant"), exports);
 __exportStar(require("./AzureSubscription"), exports);
 __exportStar(require("./AzureSubscriptionProvider"), exports);
+__exportStar(require("./AzureTenant"), exports);
 __exportStar(require("./NotSignedInError"), exports);
 __exportStar(require("./signInToTenant"), exports);
 __exportStar(require("./utils/configuredAzureEnv"), exports);

package/dist/cjs/src/signInToTenant.js

@@ -0,0 +1,79 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signInToTenant = signInToTenant;
+const vscode = __importStar(require("vscode"));
+const getUnauthenticatedTenants_1 = require("./utils/getUnauthenticatedTenants");
+/**
+ * Prompts user to select from a list of unauthenticated tenants.
+ * Once selected, requests a new session from VS Code specifially for this tenant.
+ */
+async function signInToTenant(subscriptionProvider) {
+    const tenantId = await pickTenant(subscriptionProvider);
+    if (tenantId) {
+        await subscriptionProvider.signIn(tenantId);
+    }
+}
+async function pickTenant(subscriptionProvider) {
+    const pick = await vscode.window.showQuickPick(getPicks(subscriptionProvider), {
+        placeHolder: 'Select a Tenant (Directory) to Sign In To', // TODO: localize
+        matchOnDescription: true, // allow searching by tenantId
+        ignoreFocusOut: true,
+    });
+    return pick?.tenant.tenantId;
+}
+async function getPicks(subscriptionProvider) {
+    const unauthenticatedTenants = await (0, getUnauthenticatedTenants_1.getUnauthenticatedTenants)(subscriptionProvider);
+    const duplicateTenants = new Set(unauthenticatedTenants
+        .filter((tenant, index, self) => index !== self.findIndex(t => t.tenantId === tenant.tenantId))
+        .map(tenant => tenant.tenantId));
+    const isDuplicate = (tenantId) => duplicateTenants.has(tenantId);
+    const picks = unauthenticatedTenants
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        .sort((a, b) => (a.displayName).localeCompare(b.displayName))
+        .map(tenant => ({
+        label: tenant.displayName ?? '',
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        description: `${tenant.tenantId}${isDuplicate(tenant.tenantId) ? ` (${tenant.account.label})` : ''}`,
+        detail: tenant.defaultDomain ?? '',
+        tenant,
+    }));
+    return picks;
+}
+//# sourceMappingURL=signInToTenant.js.map

package/dist/cjs/src/utils/configuredAzureEnv.js

@@ -0,0 +1,128 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfiguredAzureEnv = getConfiguredAzureEnv;
+exports.setConfiguredAzureEnv = setConfiguredAzureEnv;
+exports.getConfiguredAuthProviderId = getConfiguredAuthProviderId;
+const azureEnv = __importStar(require("@azure/ms-rest-azure-env")); // This package is so small that it's not worth lazy loading
+const vscode = __importStar(require("vscode"));
+// These strings come from https://github.com/microsoft/vscode/blob/eac16e9b63a11885b538db3e0b533a02a2fb8143/extensions/microsoft-authentication/package.json#L40-L99
+const CustomCloudConfigurationSection = 'microsoft-sovereign-cloud';
+const CloudEnvironmentSettingName = 'environment';
+const CustomEnvironmentSettingName = 'customEnvironment';
+var CloudEnvironmentSettingValue;
+(function (CloudEnvironmentSettingValue) {
+    CloudEnvironmentSettingValue["ChinaCloud"] = "ChinaCloud";
+    CloudEnvironmentSettingValue["USGovernment"] = "USGovernment";
+    CloudEnvironmentSettingValue["Custom"] = "custom";
+})(CloudEnvironmentSettingValue || (CloudEnvironmentSettingValue = {}));
+/**
+ * Gets the configured Azure environment.
+ *
+ * @returns The configured Azure environment from the settings in the built-in authentication provider extension
+ */
+function getConfiguredAzureEnv() {
+    const authProviderConfig = vscode.workspace.getConfiguration(CustomCloudConfigurationSection);
+    const environmentSettingValue = authProviderConfig.get(CloudEnvironmentSettingName);
+    if (environmentSettingValue === CloudEnvironmentSettingValue.ChinaCloud) {
+        return {
+            ...azureEnv.Environment.ChinaCloud,
+            isCustomCloud: false,
+        };
+    }
+    else if (environmentSettingValue === CloudEnvironmentSettingValue.USGovernment) {
+        return {
+            ...azureEnv.Environment.USGovernment,
+            isCustomCloud: false,
+        };
+    }
+    else if (environmentSettingValue === CloudEnvironmentSettingValue.Custom) {
+        const customCloud = authProviderConfig.get(CustomEnvironmentSettingName);
+        if (customCloud) {
+            return {
+                ...new azureEnv.Environment(customCloud),
+                isCustomCloud: true,
+            };
+        }
+        throw new Error(vscode.l10n.t('The custom cloud choice is not configured. Please configure the setting `{0}.{1}`.', CustomCloudConfigurationSection, CustomEnvironmentSettingName));
+    }
+    return {
+        ...azureEnv.Environment.get(azureEnv.Environment.AzureCloud.name),
+        isCustomCloud: false,
+    };
+}
+/**
+ * Sets the configured Azure cloud.
+ *
+ * @param cloud Use `'AzureCloud'` or `undefined` for public Azure cloud, `'ChinaCloud'` for Azure China, or `'USGovernment'` for Azure US Government.
+ * These are the same values as the cloud names in `@azure/ms-rest-azure-env`. For a custom cloud, use an instance of the `@azure/ms-rest-azure-env` {@link azureEnv.EnvironmentParameters}.
+ *
+ * @param target (Optional) The configuration target to use, by default {@link vscode.ConfigurationTarget.Global}.
+ */
+async function setConfiguredAzureEnv(cloud, target = vscode.ConfigurationTarget.Global) {
+    const authProviderConfig = vscode.workspace.getConfiguration(CustomCloudConfigurationSection);
+    if (typeof cloud === 'undefined' || !cloud) {
+        // Use public cloud implicitly--set `environment` setting to `undefined`
+        await authProviderConfig.update(CloudEnvironmentSettingName, undefined, target);
+    }
+    else if (typeof cloud === 'string' && cloud === 'AzureCloud') {
+        // Use public cloud explicitly--set `environment` setting to `undefined`
+        await authProviderConfig.update(CloudEnvironmentSettingName, undefined, target);
+    }
+    else if (typeof cloud === 'string') {
+        // Use a sovereign cloud--set the `environment` setting to the specified value
+        await authProviderConfig.update(CloudEnvironmentSettingName, cloud, target);
+    }
+    else if (typeof cloud === 'object') {
+        // use a custom cloud--set the `environment` setting to `custom` and the `customEnvironment` setting to the specified value
+        await authProviderConfig.update(CloudEnvironmentSettingName, CloudEnvironmentSettingValue.Custom, target);
+        await authProviderConfig.update(CustomEnvironmentSettingName, cloud, target);
+    }
+    else {
+        throw new Error(`Invalid cloud value: ${JSON.stringify(cloud)}`);
+    }
+}
+/**
+ * Gets the ID of the authentication provider configured to be used
+ * @returns The provider ID to use, either `'microsoft'` or `'microsoft-sovereign-cloud'`
+ */
+function getConfiguredAuthProviderId() {
+    return getConfiguredAzureEnv().name === azureEnv.Environment.AzureCloud.name ? 'microsoft' : 'microsoft-sovereign-cloud';
+}
+//# sourceMappingURL=configuredAzureEnv.js.map

package/dist/cjs/src/utils/getUnauthenticatedTenants.js

@@ -0,0 +1,21 @@
+"use strict";
+/*---------------------------------------------------------------------------------------------
+*  Copyright (c) Microsoft Corporation. All rights reserved.
+*  Licensed under the MIT License. See License.txt in the project root for license information.
+*--------------------------------------------------------------------------------------------*/
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getUnauthenticatedTenants = getUnauthenticatedTenants;
+/**
+ * @returns list of tenants that VS Code doesn't have sessions for
+ */
+async function getUnauthenticatedTenants(subscriptionProvider) {
+    const tenants = await subscriptionProvider.getTenants();
+    const unauthenticatedTenants = [];
+    for await (const tenant of tenants) {
+        if (!await subscriptionProvider.isSignedIn(tenant.tenantId, tenant.account)) {
+            unauthenticatedTenants.push(tenant);
+        }
+    }
+    return unauthenticatedTenants;
+}
+//# sourceMappingURL=getUnauthenticatedTenants.js.map

package/dist/esm/src/AzureAuthentication.d.ts

@@ -0,0 +1,21 @@
+import type * as vscode from 'vscode';
+/**
+ * Represents a means of obtaining authentication data for an Azure subscription.
+ */
+export interface AzureAuthentication {
+    /**
+     * Gets a VS Code authentication session for an Azure subscription.
+     * Always uses the default scope, `https://management.azure.com/.default/` and respects `microsoft-sovereign-cloud.environment` setting.
+     *
+     * @returns A VS Code authentication session or undefined, if none could be obtained.
+     */
+    getSession(): vscode.ProviderResult<vscode.AuthenticationSession>;
+    /**
+     * Gets a VS Code authentication session for an Azure subscription.
+     *
+     * @param scopeListOrRequest - The scopes or request for which the authentication is needed.
+     *
+     * @returns A VS Code authentication session or undefined, if none could be obtained.
+     */
+    getSessionWithScopes(scopeListOrRequest: string[] | vscode.AuthenticationWwwAuthenticateRequest): vscode.ProviderResult<vscode.AuthenticationSession>;
+}

package/dist/esm/src/AzureAuthentication.js

@@ -0,0 +1,6 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+export {};
+//# sourceMappingURL=AzureAuthentication.js.map

package/dist/esm/src/AzureDevOpsSubscriptionProvider.d.ts

@@ -0,0 +1,68 @@
+import { Event } from 'vscode';
+import { AzureSubscription } from './AzureSubscription';
+import { AzureSubscriptionProvider, GetSubscriptionsFilter } from './AzureSubscriptionProvider';
+import { AzureTenant } from './AzureTenant';
+export interface AzureDevOpsSubscriptionProviderInitializer {
+    /**
+    * The resource ID of the Azure DevOps federated service connection,
+    *   which can be found on the `resourceId` field of the URL at the address bar
+    *   when viewing the service connection in the Azure DevOps portal
+    */
+    serviceConnectionId: string;
+    /**
+    * The `Tenant ID` field of the service connection properties
+    */
+    domain: string;
+    /**
+    * The `Service Principal Id` field of the service connection properties
+    */
+    clientId: string;
+}
+export declare function createAzureDevOpsSubscriptionProviderFactory(initializer: AzureDevOpsSubscriptionProviderInitializer): () => Promise<AzureDevOpsSubscriptionProvider>;
+/**
+ * AzureSubscriptionProvider implemented to authenticate via federated DevOps service connection, using workflow identity federation
+ * To learn how to configure your DevOps environment to use this provider, refer to the README.md
+ * NOTE: This provider is only available when running in an Azure DevOps pipeline
+ * Reference: https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation
+ */
+export declare class AzureDevOpsSubscriptionProvider implements AzureSubscriptionProvider {
+    private _tokenCredential;
+    /**
+    * The resource ID of the Azure DevOps federated service connection,
+    *   which can be found on the `resourceId` field of the URL at the address bar
+    *   when viewing the service connection in the Azure DevOps portal
+    */
+    private _SERVICE_CONNECTION_ID;
+    /**
+    * The `Tenant ID` field of the service connection properties
+    */
+    private _DOMAIN;
+    /**
+    * The `Service Principal Id` field of the service connection properties
+    */
+    private _CLIENT_ID;
+    constructor({ serviceConnectionId, domain, clientId }: AzureDevOpsSubscriptionProviderInitializer);
+    getSubscriptions(_filter: boolean | GetSubscriptionsFilter): Promise<AzureSubscription[]>;
+    isSignedIn(): Promise<boolean>;
+    signIn(): Promise<boolean>;
+    signOut(): Promise<void>;
+    getTenants(): Promise<AzureTenant[]>;
+    /**
+     * Gets the subscriptions for a given tenant.
+     *
+     * @param tenantId The tenant ID to get subscriptions for.
+     *
+     * @returns The list of subscriptions for the tenant.
+     */
+    private getSubscriptionsForTenant;
+    /**
+     * Gets a fully-configured subscription client for a given tenant ID
+     *
+     * @param tenantId (Optional) The tenant ID to get a client for
+     *
+     * @returns A client, the credential used by the client, and the authentication function
+     */
+    private getSubscriptionClient;
+    onDidSignIn: Event<void>;
+    onDidSignOut: Event<void>;
+}