ibm-cloud-sdk-core 5.3.1 → 5.4.0

package/auth/authenticators/authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@ export declare class Authenticator implements AuthenticatorInterface {
     static AUTHTYPE_NOAUTH: string;
     static AUTHTYPE_VPC: string;
     static AUTHTYPE_MCSP: string;
+    static AUTHTYPE_MCSPV2: string;
     static AUTHTYPE_UNKNOWN: string;
     /**
      * Create a new Authenticator instance.

package/auth/authenticators/authenticator.js

@@ -53,6 +53,7 @@ var Authenticator = /** @class */ (function () {
     Authenticator.AUTHTYPE_NOAUTH = 'noAuth';
     Authenticator.AUTHTYPE_VPC = 'vpc';
     Authenticator.AUTHTYPE_MCSP = 'mcsp';
+    Authenticator.AUTHTYPE_MCSPV2 = 'mcspv2';
     Authenticator.AUTHTYPE_UNKNOWN = 'unknown';
     return Authenticator;
 }());

package/auth/authenticators/index.d.ts

@@ -39,7 +39,8 @@
  *   IAMAssumeAuthenticator: Authenticator for passing IAM authentication information to service endpoint, assuming a trusted profile.
  *   ContainerAuthenticator: Authenticator for passing IAM authentication to a service, based on a token living on the container.
  *   VpcInstanceAuthenticator: Authenticator that uses the VPC Instance Metadata Service API to retrieve an IAM token.
- *   McspAuthenticator: Authenticator for passing MCSP authentication to a service endpoint.
+ *   McspAuthenticator: Authenticator for passing MCSP v1 authentication to a service endpoint.
+ *   McspV2Authenticator: Authenticator for passing MCSP v2 authentication to a service endpoint.
  *   NoAuthAuthenticator: Performs no authentication. Useful for testing purposes.
  */
 export { AuthenticatorInterface } from './authenticator-interface';
@@ -54,4 +55,5 @@ export { IamRequestBasedAuthenticator } from './iam-request-based-authenticator'
 export { TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
 export { VpcInstanceAuthenticator } from './vpc-instance-authenticator';
 export { McspAuthenticator } from './mcsp-authenticator';
+export { McspV2Authenticator } from './mcspv2-authenticator';
 export { IamAssumeAuthenticator } from './iam-assume-authenticator';

package/auth/authenticators/index.js

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IamAssumeAuthenticator = exports.McspAuthenticator = exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
+exports.IamAssumeAuthenticator = exports.McspV2Authenticator = exports.McspAuthenticator = exports.VpcInstanceAuthenticator = exports.TokenRequestBasedAuthenticator = exports.IamRequestBasedAuthenticator = exports.NoAuthAuthenticator = exports.ContainerAuthenticator = exports.IamAuthenticator = exports.CloudPakForDataAuthenticator = exports.BearerTokenAuthenticator = exports.BasicAuthenticator = exports.Authenticator = void 0;
 var authenticator_1 = require("./authenticator");
 Object.defineProperty(exports, "Authenticator", { enumerable: true, get: function () { return authenticator_1.Authenticator; } });
 var basic_authenticator_1 = require("./basic-authenticator");
@@ -38,5 +38,7 @@ var vpc_instance_authenticator_1 = require("./vpc-instance-authenticator");
 Object.defineProperty(exports, "VpcInstanceAuthenticator", { enumerable: true, get: function () { return vpc_instance_authenticator_1.VpcInstanceAuthenticator; } });
 var mcsp_authenticator_1 = require("./mcsp-authenticator");
 Object.defineProperty(exports, "McspAuthenticator", { enumerable: true, get: function () { return mcsp_authenticator_1.McspAuthenticator; } });
+var mcspv2_authenticator_1 = require("./mcspv2-authenticator");
+Object.defineProperty(exports, "McspV2Authenticator", { enumerable: true, get: function () { return mcspv2_authenticator_1.McspV2Authenticator; } });
 var iam_assume_authenticator_1 = require("./iam-assume-authenticator");
 Object.defineProperty(exports, "IamAssumeAuthenticator", { enumerable: true, get: function () { return iam_assume_authenticator_1.IamAssumeAuthenticator; } });

package/auth/authenticators/mcsp-authenticator.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2023, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -38,8 +38,6 @@ export declare class McspAuthenticator extends TokenRequestBasedAuthenticator {
      * @param options - Configuration options for CloudPakForData authentication.
      * This should be an object containing these fields:
      * - url: (required) the endpoint URL for the CloudPakForData token service
-     * - username: (required) the username used to obtain a bearer token
-     * - password: (optional) the password used to obtain a bearer token (required if apikey is not specified)
      * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified)
      * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
      * should be disabled or not
@@ -49,7 +47,7 @@ export declare class McspAuthenticator extends TokenRequestBasedAuthenticator {
      */
     constructor(options: Options);
     /**
-     * Returns the authenticator's type ('cp4d').
+     * Returns the authenticator's type ('mcsp').
      *
      * @returns a string that indicates the authenticator's type
      */

package/auth/authenticators/mcsp-authenticator.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2023.
+ * (C) Copyright IBM Corp. 2023, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,8 +48,6 @@ var McspAuthenticator = /** @class */ (function (_super) {
      * @param options - Configuration options for CloudPakForData authentication.
      * This should be an object containing these fields:
      * - url: (required) the endpoint URL for the CloudPakForData token service
-     * - username: (required) the username used to obtain a bearer token
-     * - password: (optional) the password used to obtain a bearer token (required if apikey is not specified)
      * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified)
      * - disableSslVerification: (optional) a flag that indicates whether verification of the token server's SSL certificate
      * should be disabled or not
@@ -69,7 +67,7 @@ var McspAuthenticator = /** @class */ (function (_super) {
         return _this;
     }
     /**
-     * Returns the authenticator's type ('cp4d').
+     * Returns the authenticator's type ('mcsp').
      *
      * @returns a string that indicates the authenticator's type
      */

package/auth/authenticators/mcspv2-authenticator.d.ts

@@ -0,0 +1,95 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { BaseOptions, TokenRequestBasedAuthenticator } from './token-request-based-authenticator';
+import { McspV2TokenManager } from '../token-managers/mcspv2-token-manager';
+/** Configuration options for Multi-Cloud Saas Platform (MCSP) v2 authentication. */
+export interface Options extends BaseOptions {
+    /**
+     * (required) The API key used to obtain an MCSP access token.
+     */
+    apikey: string;
+    /**
+     * (required) The URL representing the MCSP token service endpoint.
+     */
+    url: string;
+    /**
+     * (required) The scope collection type of item(s).
+     * Valid values are: "accounts", "subscriptions", "services".
+     */
+    scopeCollectionType: string;
+    /**
+     * (required) The scope identifier of item(s).
+     */
+    scopeId: string;
+    /**
+     * (optional) A flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeBuiltinActions?: boolean;
+    /**
+     * (optional) A flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeCustomActions?: boolean;
+    /**
+     * (optional) A flag to include the "roles" claim in the MCSP access token (default: true).
+     */
+    includeRoles?: boolean;
+    /**
+     * (optional) A flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     */
+    prefixRoles?: boolean;
+    /**
+     * (optional) A map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     * The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     * This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     */
+    callerExtClaim?: object;
+}
+/**
+ * The McspV2Authenticator invokes the MCSP v2 token-exchange operation (POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token)
+ * to obtain an access token for an apikey, and adds the access token to requests via an Authorization header
+ * of the form:  "Authorization: Bearer <access-token>"
+ */
+export declare class McspV2Authenticator extends TokenRequestBasedAuthenticator {
+    protected tokenManager: McspV2TokenManager;
+    /**
+     * Create a new McspV2Authenticator instance.
+     *
+     * @param options - Configuration options for MCSP v2 authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options: Options);
+    /**
+     * Returns the authenticator's type ('mcspv2').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    authenticationType(): string;
+}

package/auth/authenticators/mcspv2-authenticator.js

@@ -0,0 +1,85 @@
+"use strict";
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __extends = (this && this.__extends) || (function () {
+    var extendStatics = function (d, b) {
+        extendStatics = Object.setPrototypeOf ||
+            ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
+            function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
+        return extendStatics(d, b);
+    };
+    return function (d, b) {
+        if (typeof b !== "function" && b !== null)
+            throw new TypeError("Class extends value " + String(b) + " is not a constructor or null");
+        extendStatics(d, b);
+        function __() { this.constructor = d; }
+        d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McspV2Authenticator = void 0;
+var authenticator_1 = require("./authenticator");
+var token_request_based_authenticator_1 = require("./token-request-based-authenticator");
+var mcspv2_token_manager_1 = require("../token-managers/mcspv2-token-manager");
+/**
+ * The McspV2Authenticator invokes the MCSP v2 token-exchange operation (POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token)
+ * to obtain an access token for an apikey, and adds the access token to requests via an Authorization header
+ * of the form:  "Authorization: Bearer <access-token>"
+ */
+var McspV2Authenticator = /** @class */ (function (_super) {
+    __extends(McspV2Authenticator, _super);
+    /**
+     * Create a new McspV2Authenticator instance.
+     *
+     * @param options - Configuration options for MCSP v2 authentication.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    function McspV2Authenticator(options) {
+        var _this = _super.call(this, options) || this;
+        // All we really need to do is construct the token manager, passing in
+        // our Options object since it contains the same fields as the
+        // token manager's Options interface.
+        // Note that the token manager handles input validation.
+        _this.tokenManager = new mcspv2_token_manager_1.McspV2TokenManager(options);
+        return _this;
+    }
+    /**
+     * Returns the authenticator's type ('mcspv2').
+     *
+     * @returns a string that indicates the authenticator's type
+     */
+    // eslint-disable-next-line class-methods-use-this
+    McspV2Authenticator.prototype.authenticationType = function () {
+        return authenticator_1.Authenticator.AUTHTYPE_MCSPV2;
+    };
+    return McspV2Authenticator;
+}(token_request_based_authenticator_1.TokenRequestBasedAuthenticator));
+exports.McspV2Authenticator = McspV2Authenticator;

package/auth/token-managers/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,8 @@
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
- * Multi-Cloud Saas Platform (MCSP)
+ * Multi-Cloud Saas Platform (MCSP) V1
+ * Multi-Cloud Saas Platform (MCSP) V2
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
  * tokens, whereas the authenticators add these tokens to the actual request.
@@ -32,7 +33,8 @@
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
- *   McspTokenManager: Token Manager of MCSP via apikey.
+ *   McspTokenManager: Token Manager of MCSP v1 via apikey.
+ *   McspV2TokenManager: Token Manager of MCSP v2 via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 export { IamTokenManager } from './iam-token-manager';
@@ -43,4 +45,5 @@ export { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
 export { TokenManager, TokenManagerOptions } from './token-manager';
 export { VpcInstanceTokenManager } from './vpc-instance-token-manager';
 export { McspTokenManager } from './mcsp-token-manager';
+export { McspV2TokenManager } from './mcspv2-token-manager';
 export { IamAssumeTokenManager } from './iam-assume-token-manager';

package/auth/token-managers/index.js

@@ -1,6 +1,6 @@
 "use strict";
 /**
- * (C) Copyright IBM Corp. 2019, 2023.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IamAssumeTokenManager = exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
+exports.IamAssumeTokenManager = exports.McspV2TokenManager = exports.McspTokenManager = exports.VpcInstanceTokenManager = exports.TokenManager = exports.JwtTokenManager = exports.IamRequestBasedTokenManager = exports.ContainerTokenManager = exports.Cp4dTokenManager = exports.IamTokenManager = void 0;
 /**
  * @module token-managers
  * The ibm-cloud-sdk-core module supports the following types of token authentication:
@@ -24,7 +24,8 @@ exports.IamAssumeTokenManager = exports.McspTokenManager = exports.VpcInstanceTo
  * Cloud Pak for Data
  * Container (IKS, etc)
  * VPC Instance
- * Multi-Cloud Saas Platform (MCSP)
+ * Multi-Cloud Saas Platform (MCSP) V1
+ * Multi-Cloud Saas Platform (MCSP) V2
  *
  * The token managers sit inside of an authenticator and do the work to retrieve
  * tokens, whereas the authenticators add these tokens to the actual request.
@@ -35,7 +36,8 @@ exports.IamAssumeTokenManager = exports.McspTokenManager = exports.VpcInstanceTo
  *   Cp4dTokenManager: Token Manager of CloudPak for data.
  *   ContainerTokenManager: Token manager of IAM via compute resource token.
  *   VpcInstanceTokenManager: Token manager of VPC Instance Metadata Service API tokens.
- *   McspTokenManager: Token Manager of MCSP via apikey.
+ *   McspTokenManager: Token Manager of MCSP v1 via apikey.
+ *   McspV2TokenManager: Token Manager of MCSP v2 via apikey.
  *   JwtTokenManager: A class for shared functionality for parsing, storing, and requesting JWT tokens.
  */
 var iam_token_manager_1 = require("./iam-token-manager");
@@ -54,5 +56,7 @@ var vpc_instance_token_manager_1 = require("./vpc-instance-token-manager");
 Object.defineProperty(exports, "VpcInstanceTokenManager", { enumerable: true, get: function () { return vpc_instance_token_manager_1.VpcInstanceTokenManager; } });
 var mcsp_token_manager_1 = require("./mcsp-token-manager");
 Object.defineProperty(exports, "McspTokenManager", { enumerable: true, get: function () { return mcsp_token_manager_1.McspTokenManager; } });
+var mcspv2_token_manager_1 = require("./mcspv2-token-manager");
+Object.defineProperty(exports, "McspV2TokenManager", { enumerable: true, get: function () { return mcspv2_token_manager_1.McspV2TokenManager; } });
 var iam_assume_token_manager_1 = require("./iam-assume-token-manager");
 Object.defineProperty(exports, "IamAssumeTokenManager", { enumerable: true, get: function () { return iam_assume_token_manager_1.IamAssumeTokenManager; } });

package/auth/token-managers/jwt-token-manager.js

@@ -32,7 +32,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JwtTokenManager = void 0;
 /**
- * (C) Copyright IBM Corp. 2019, 2024.
+ * (C) Copyright IBM Corp. 2019, 2025.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -106,8 +106,9 @@ var JwtTokenManager = /** @class */ (function (_super) {
             logger_1.default.error(err);
             throw new Error(err);
         }
-        // the time of expiration is found by decoding the JWT access token
-        // 'exp' is the time of expire and 'iat' is the time of token retrieval
+        // The expiration time is found by decoding the JWT access token.
+        // 'exp' is the "expiration time" claim.
+        // 'iat' is the 'issued at' claim.
         var exp = decodedResponse.exp, iat = decodedResponse.iat;
         // There are no required claims in JWT
         if (!exp || !iat) {
@@ -118,6 +119,8 @@ var JwtTokenManager = /** @class */ (function (_super) {
             var fractionOfTtl = 0.8;
             var timeToLive = exp - iat;
             this.expireTime = exp;
+            // The refresh time represents the time when the token has effectively
+            // existed for 80% of its time to live.
             this.refreshTime = exp - timeToLive * (1.0 - fractionOfTtl);
         }
         this.tokenInfo = __assign({}, responseBody);

package/auth/token-managers/mcspv2-token-manager.d.ts

@@ -0,0 +1,112 @@
+/**
+ * (C) Copyright IBM Corp. 2025.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { JwtTokenManager, JwtTokenManagerOptions } from './jwt-token-manager';
+/**
+ * Configuration options for MCSP v2 token retrieval.
+ */
+interface Options extends JwtTokenManagerOptions {
+    /**
+     * (required) The API key used to obtain an MCSP access token.
+     */
+    apikey: string;
+    /**
+     * (required) The URL representing the MCSP token service endpoint.
+     */
+    url: string;
+    /**
+     * (required) The scope collection type of item(s).
+     * Valid values are: "accounts", "subscriptions", "services".
+     */
+    scopeCollectionType: string;
+    /**
+     * (required) The scope identifier of item(s).
+     */
+    scopeId: string;
+    /**
+     * (optional) A flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeBuiltinActions?: boolean;
+    /**
+     * (optional) A flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     */
+    includeCustomActions?: boolean;
+    /**
+     * (optional) A flag to include the "roles" claim in the MCSP access token (default: true).
+     */
+    includeRoles?: boolean;
+    /**
+     * (optional) A flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     */
+    prefixRoles?: boolean;
+    /**
+     * (optional) A map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     * The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     * This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     */
+    callerExtClaim?: object;
+}
+/**
+ * Token Manager for Multi-Cloud Saas Platform (MCSP) V2 authentication.
+ *
+ * The McspV2TokenManager will invoke the MCSP token service's 'POST /api/2.0/\{scopeCollectionType\}/\{scopeId\}/apikeys/token'
+ * operation to obtain an MCSP access token for an apikey.
+ */
+export declare class McspV2TokenManager extends JwtTokenManager {
+    protected requiredOptions: string[];
+    private apikey;
+    private scopeCollectionType;
+    private scopeId;
+    private includeBuiltinActions;
+    private includeCustomActions;
+    private includeRoles;
+    private prefixRoles;
+    private callerExtClaim;
+    /**
+     * Create a new McspV2TokenManager instance.
+     *
+     * @param options - Configuration options.
+     * This should be an object containing these fields:
+     * - url: (required) the endpoint URL for the CloudPakForData token service.
+     * - apikey: (optional) the API key used to obtain a bearer token (required if password is not specified).
+     * - scopeCollectionType: (required) The scope collection type of item(s). Valid values are: "accounts", "subscriptions", "services".
+     * - scopeId: (required) the scope identifier of item(s).
+     * - includeBuiltinActions: (optional) a flag to include builtin actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeCustomActions: (optional) a flag to include custom actions in the "actions" claim in the MCSP access token (default: false).
+     * - includeRoles: (optional) a flag to include the "roles" claim in the MCSP access token (default: true).
+     * - prefixRoles: (optional) a flag to add a prefix with the scope level where the role is defined in the "roles" claim (default: false).
+     * - callerExtClaim: (optional) a map (object) containing keys and values to be injected into the access token as the "callerExt" claim.
+     *     The keys used in this map must be enabled in the apikey by setting the "callerExtClaimNames" property when the apikey is created.
+     *     This property is typically only used in scenarios involving an apikey with identityType `SERVICEID`.
+     * - disableSslVerification: (optional) a flag to disable verification of the token server's SSL certificate; defaults to false.
+     * - headers: (optional) a set of HTTP headers to be sent with each request to the token service.
+     *
+     * @throws Error: the input configuration failed validation
+     */
+    constructor(options: Options);
+    private PATH_TEMPLATE;
+    protected requestToken(): Promise<any>;
+    /**
+     * Parses the Options configuration property named by 'fieldName' as a boolean value.
+     * The value in the Options object could be either boolean or string and this function
+     * will do its best to parse it correctly.
+     * @param options - the Options object containing the configuration
+     * @param fieldName - the name of the field to parse as a boolean
+     * @param defaultValue - the default value to use in case the specified field is not present in Options
+     * @returns boolean the boolean value to be used for the configuration property
+     */
+    private static parseBoolean;
+}
+export {};