Path: blob/main/src/vscode-dts/vscode.proposed.authenticationChallenges.d.ts
3290 views
/*---------------------------------------------------------------------------------------------1* Copyright (c) Microsoft Corporation. All rights reserved.2* Licensed under the MIT License. See License.txt in the project root for license information.3*--------------------------------------------------------------------------------------------*/45declare module 'vscode' {67// https://github.com/microsoft/vscode/issues/26015689/**********10* "Extension asking for auth" API11*******/1213/**14* Represents parameters for creating a session based on a WWW-Authenticate header value.15* This is used when an API returns a 401 with a WWW-Authenticate header indicating16* that additional authentication is required. The details of which will be passed down17* to the authentication provider to create a session.18*/19export interface AuthenticationWWWAuthenticateRequest {20/**21* The raw WWW-Authenticate header value that triggered this challenge.22* This will be parsed by the authentication provider to extract the necessary23* challenge information.24*/25readonly wwwAuthenticate: string;2627/**28* @deprecated Use `wwwAuthenticate` instead.29*/30readonly challenge?: string;3132/**33* Optional scopes for the session. If not provided, the authentication provider34* may use default scopes or extract them from the challenge.35*/36readonly scopes?: readonly string[];37}3839export namespace authentication {40/**41* Get an authentication session matching the desired scopes. Rejects if a provider with providerId is not42* registered, or if the user does not consent to sharing authentication information with43* the extension. If there are multiple sessions with the same scopes, the user will be shown a44* quickpick to select which account they would like to use.45*46* Currently, there are only two authentication providers that are contributed from built in extensions47* to the editor that implement GitHub and Microsoft authentication: their providerId's are 'github' and 'microsoft'.48* @param providerId The id of the provider to use49* @param scopes A list of scopes representing the permissions requested. These are dependent on the authentication provider50* @param options The {@link AuthenticationGetSessionOptions} to use51* @returns A thenable that resolves to an authentication session52*/53export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWWWAuthenticateRequest, options: AuthenticationGetSessionOptions & { /** */createIfNone: true | AuthenticationGetSessionPresentationOptions }): Thenable<AuthenticationSession>;5455/**56* Get an authentication session matching the desired scopes. Rejects if a provider with providerId is not57* registered, or if the user does not consent to sharing authentication information with58* the extension. If there are multiple sessions with the same scopes, the user will be shown a59* quickpick to select which account they would like to use.60*61* Currently, there are only two authentication providers that are contributed from built in extensions62* to the editor that implement GitHub and Microsoft authentication: their providerId's are 'github' and 'microsoft'.63* @param providerId The id of the provider to use64* @param scopes A list of scopes representing the permissions requested. These are dependent on the authentication provider65* @param options The {@link AuthenticationGetSessionOptions} to use66* @returns A thenable that resolves to an authentication session67*/68export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWWWAuthenticateRequest, options: AuthenticationGetSessionOptions & { /** literal-type defines return type */forceNewSession: true | AuthenticationGetSessionPresentationOptions | AuthenticationForceNewSessionOptions }): Thenable<AuthenticationSession>;6970/**71* Get an authentication session matching the desired scopes. Rejects if a provider with providerId is not72* registered, or if the user does not consent to sharing authentication information with73* the extension. If there are multiple sessions with the same scopes, the user will be shown a74* quickpick to select which account they would like to use.75*76* Currently, there are only two authentication providers that are contributed from built in extensions77* to the editor that implement GitHub and Microsoft authentication: their providerId's are 'github' and 'microsoft'.78* @param providerId The id of the provider to use79* @param scopes A list of scopes representing the permissions requested. These are dependent on the authentication provider80* @param options The {@link AuthenticationGetSessionOptions} to use81* @returns A thenable that resolves to an authentication session if available, or undefined if there are no sessions82*/83export function getSession(providerId: string, scopeListOrRequest: ReadonlyArray<string> | AuthenticationWWWAuthenticateRequest, options?: AuthenticationGetSessionOptions): Thenable<AuthenticationSession | undefined>;84}858687/**********88* "Extension providing auth" API89* NOTE: This doesn't need to be finalized with the above90*******/9192/**93* Represents an authentication challenge from a WWW-Authenticate header.94* This is used to handle cases where additional authentication steps are required,95* such as when mandatory multi-factor authentication (MFA) is enforced.96*/97export interface AuthenticationChallenge {98/**99* The authentication scheme (e.g., 'Bearer').100*/101readonly scheme: string;102103/**104* Parameters for the authentication challenge.105* For Bearer challenges, this may include 'claims', 'scope', 'realm', etc.106*/107readonly params: Record<string, string>;108}109110/**111* Represents constraints for authentication, including challenges and optional scopes.112* This is used when creating or retrieving sessions that must satisfy specific authentication113* requirements from WWW-Authenticate headers.114*/115export interface AuthenticationConstraint {116/**117* Array of authentication challenges parsed from WWW-Authenticate headers.118*/119readonly challenges: readonly AuthenticationChallenge[];120121/**122* Optional scopes for the session. If not provided, the authentication provider123* may extract scopes from the challenges or use default scopes.124*/125readonly scopes?: readonly string[];126}127128/**129* An authentication provider that supports challenge-based authentication.130* This extends the base AuthenticationProvider with methods to handle authentication131* challenges from WWW-Authenticate headers.132*133* TODO: Enforce that both of these functions should be defined by creating a new AuthenticationProviderWithChallenges interface.134* But this can be done later since this part doesn't need finalization.135*/136export interface AuthenticationProvider {137/**138* Get existing sessions that match the given authentication constraints.139*140* @param constraint The authentication constraint containing challenges and optional scopes141* @param options Options for the session request142* @returns A thenable that resolves to an array of existing authentication sessions143*/144getSessionsFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<readonly AuthenticationSession[]>;145146/**147* Create a new session based on authentication constraints.148* This is called when no existing session matches the constraint requirements.149*150* @param constraint The authentication constraint containing challenges and optional scopes151* @param options Options for the session creation152* @returns A thenable that resolves to a new authentication session153*/154createSessionFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<AuthenticationSession>;155}156157export interface AuthenticationProviderOptions {158supportsChallenges?: boolean;159}160}161162163