forked from microsoft/vscode-azurefunctions
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvscode.proposed.authenticationChallenges.d.ts
More file actions
178 lines (160 loc) · 9.61 KB
/
vscode.proposed.authenticationChallenges.d.ts
File metadata and controls
178 lines (160 loc) · 9.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
/*---------------------------------------------------------------------------------------------
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
declare module 'vscode' {
// https://github.com/microsoft/vscode/issues/260156
/**********
* "Extension asking for auth" API
*******/
/**
* Represents parameters for creating a session based on a WWW-Authenticate header value.
* This is used when an API returns a 401 with a WWW-Authenticate header indicating
* that additional authentication is required. The details of which will be passed down
* to the authentication provider to create a session.
*
* @note The authorization provider must support handling challenges and specifically
* the challenges in this WWW-Authenticate value.
* @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
*/
export interface AuthenticationWwwAuthenticateRequest {
/**
* The raw WWW-Authenticate header value that triggered this challenge.
* This will be parsed by the authentication provider to extract the necessary
* challenge information.
*/
readonly wwwAuthenticate: string;
/**
* The fallback scopes to use if no scopes are found in the WWW-Authenticate header.
*/
readonly fallbackScopes?: readonly string[];
/**
* @deprecated Use `fallbackScopes` instead.
*/
readonly scopes?: readonly string[];
}
export namespace authentication {
/**
* Get an authentication session matching the desired scopes or satisfying the WWW-Authenticate request. Rejects if
* a provider with providerId is not registered, or if the user does not consent to sharing authentication information
* with the extension. If there are multiple sessions with the same scopes, the user will be shown a quickpick to
* select which account they would like to use.
*
* Built-in auth providers include:
* * 'github' - For GitHub.com
* * 'microsoft' For both personal & organizational Microsoft accounts
* * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
* * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
*
* @param providerId The id of the provider to use
* @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
* @param options The {@link AuthenticationGetSessionOptions} to use
* @returns A thenable that resolves to an authentication session
*/
export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options: AuthenticationGetSessionOptions & { /** */createIfNone: true | AuthenticationGetSessionPresentationOptions }): Thenable<AuthenticationSession>;
/**
* Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
* registered, or if the user does not consent to sharing authentication information with the extension. If there
* are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
*
* Built-in auth providers include:
* * 'github' - For GitHub.com
* * 'microsoft' For both personal & organizational Microsoft accounts
* * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
* * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
*
* @param providerId The id of the provider to use
* @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
* @param options The {@link AuthenticationGetSessionOptions} to use
* @returns A thenable that resolves to an authentication session
*/
export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options: AuthenticationGetSessionOptions & { /** literal-type defines return type */forceNewSession: true | AuthenticationGetSessionPresentationOptions | AuthenticationForceNewSessionOptions }): Thenable<AuthenticationSession>;
/**
* Get an authentication session matching the desired scopes or request. Rejects if a provider with providerId is not
* registered, or if the user does not consent to sharing authentication information with the extension. If there
* are multiple sessions with the same scopes, the user will be shown a quickpick to select which account they would like to use.
*
* Built-in auth providers include:
* * 'github' - For GitHub.com
* * 'microsoft' For both personal & organizational Microsoft accounts
* * (less common) 'github-enterprise' - for alternative GitHub hostings, GHE.com, GitHub Enterprise Server
* * (less common) 'microsoft-sovereign-cloud' - for alternative Microsoft clouds
*
* @param providerId The id of the provider to use
* @param scopeListOrRequest A scope list of permissions requested or a WWW-Authenticate request. These are dependent on the authentication provider.
* @param options The {@link AuthenticationGetSessionOptions} to use
* @returns A thenable that resolves to an authentication session or undefined if a silent flow was used and no session was found
*/
export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWwwAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;
}
/**********
* "Extension providing auth" API
* NOTE: This doesn't need to be finalized with the above
*******/
/**
* Represents an authentication challenge from a WWW-Authenticate header.
* This is used to handle cases where additional authentication steps are required,
* such as when mandatory multi-factor authentication (MFA) is enforced.
*
* @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
*/
export interface AuthenticationChallenge {
/**
* The authentication scheme (e.g., 'Bearer').
*/
readonly scheme: string;
/**
* Parameters for the authentication challenge.
* For Bearer challenges, this may include 'claims', 'scope', 'realm', etc.
*/
readonly params: Record<string, string>;
}
/**
* Represents constraints for authentication, including challenges and optional scopes.
* This is used when creating or retrieving sessions that must satisfy specific authentication
* requirements from WWW-Authenticate headers.
*
* @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate
*/
export interface AuthenticationConstraint {
/**
* Array of authentication challenges parsed from WWW-Authenticate headers.
*/
readonly challenges: readonly AuthenticationChallenge[];
/**
* Optional scopes for the session. If not provided, the authentication provider
* may extract scopes from the challenges or use default scopes.
*/
readonly fallbackScopes?: readonly string[];
}
/**
* An authentication provider that supports challenge-based authentication.
* This extends the base AuthenticationProvider with methods to handle authentication
* challenges from WWW-Authenticate headers.
*
* TODO: Enforce that both of these functions should be defined by creating a new AuthenticationProviderWithChallenges interface.
* But this can be done later since this part doesn't need finalization.
*/
export interface AuthenticationProvider {
/**
* Get existing sessions that match the given authentication constraints.
*
* @param constraint The authentication constraint containing challenges and optional scopes
* @param options Options for the session request
* @returns A thenable that resolves to an array of existing authentication sessions
*/
getSessionsFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<readonly AuthenticationSession[]>;
/**
* Create a new session based on authentication constraints.
* This is called when no existing session matches the constraint requirements.
*
* @param constraint The authentication constraint containing challenges and optional scopes
* @param options Options for the session creation
* @returns A thenable that resolves to a new authentication session
*/
createSessionFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<AuthenticationSession>;
}
export interface AuthenticationProviderOptions {
supportsChallenges?: boolean;
}
}