1
/*---------------------------------------------------------------------------------------------
2
 *  Copyright (c) Microsoft Corporation. All rights reserved.
3
 *  Licensed under the MIT License. See License.txt in the project root for license information.
4
 *--------------------------------------------------------------------------------------------*/
5

6
import { createDecorator } from '../../../../platform/instantiation/common/instantiation.js';
7
import { IAuthorizationTokenResponse } from '../../../../base/common/oauth.js';
8
import { Event } from '../../../../base/common/event.js';
9

10
export const IDynamicAuthenticationProviderStorageService = createDecorator<IDynamicAuthenticationProviderStorageService>('dynamicAuthenticationProviderStorageService');
11

12
export interface DynamicAuthenticationProviderInfo {
13
	readonly providerId: string;
14
	readonly label: string;
15
	/**
16
	 * @deprecated in favor of authorizationServer
17
	 */
18
	readonly issuer?: string;
19
	readonly authorizationServer: string;
20
	readonly clientId: string;
21
}
22

23
export interface DynamicAuthenticationProviderTokensChangeEvent {
24
	readonly authProviderId: string;
25
	readonly clientId: string;
26
	readonly tokens: (IAuthorizationTokenResponse & { created_at: number })[] | undefined;
27
}
28

29
/**
30
 * Service for managing storage of dynamic authentication provider data.
31
 */
32
export interface IDynamicAuthenticationProviderStorageService {
33
	readonly _serviceBrand: undefined;
34

35
	/**
36
	 * Event fired when tokens for a dynamic authentication provider change.
37
	 */
38
	readonly onDidChangeTokens: Event<DynamicAuthenticationProviderTokensChangeEvent>;
39

40
	/**
41
	 * Get the client details (ID and secret) for a dynamic authentication provider.
42
	 * @param providerId The provider ID or authorization server URL.
43
	 * @returns The client details if they exist, undefined otherwise.
44
	 */
45
	getClientRegistration(providerId: string): Promise<{ clientId?: string; clientSecret?: string } | undefined>;
46

47
	/**
48
	 * Store both client ID and client secret for a dynamic authentication provider.
49
	 * @param providerId The provider ID or authorization server URL.
50
	 * @param authorizationServer The authorization server URL for the provider.
51
	 * @param clientId The client ID to store.
52
	 * @param clientSecret Optional client secret to store.
53
	 * @param label Optional label for the provider.
54
	 */
55
	storeClientRegistration(providerId: string, authorizationServer: string, clientId: string, clientSecret?: string, label?: string): Promise<void>;
56

57
	/**
58
	 * Get all dynamic authentication providers that have been interacted with.
59
	 * @returns Array of provider information.
60
	 */
61
	getInteractedProviders(): ReadonlyArray<DynamicAuthenticationProviderInfo>;
62

63
	/**
64
	 * Remove a dynamic authentication provider and its stored data.
65
	 * @param providerId The provider ID to remove.
66
	 */
67
	removeDynamicProvider(providerId: string): Promise<void>;
68

69
	/**
70
	 * Get sessions for a dynamic authentication provider from secret storage.
71
	 * @param authProviderId The authentication provider ID.
72
	 * @param clientId The client ID.
73
	 * @returns Array of authorization tokens with creation timestamps, or undefined if none exist.
74
	 */
75
	getSessionsForDynamicAuthProvider(authProviderId: string, clientId: string): Promise<(IAuthorizationTokenResponse & { created_at: number })[] | undefined>;
76

77
	/**
78
	 * Set sessions for a dynamic authentication provider in secret storage.
79
	 * @param authProviderId The authentication provider ID.
80
	 * @param clientId The client ID.
81
	 * @param sessions Array of authorization tokens with creation timestamps.
82
	 */
83
	setSessionsForDynamicAuthProvider(authProviderId: string, clientId: string, sessions: (IAuthorizationTokenResponse & { created_at: number })[]): Promise<void>;
84
}
85

86