Path: blob/main/src/vscode-dts/vscode.proposed.authenticationChallenges.d.ts
5251 views
/*---------------------------------------------------------------------------------------------1* Copyright (c) Microsoft Corporation. All rights reserved.2* Licensed under the MIT License. See License.txt in the project root for license information.3*--------------------------------------------------------------------------------------------*/45declare module 'vscode' {67// https://github.com/microsoft/vscode/issues/2679928// and historically: https://github.com/microsoft/vscode/issues/260156910/**********11* "Extension providing auth" API12* NOTE: This doesn't need to be finalized with the above13*******/1415/**16* Represents an authentication challenge from a WWW-Authenticate header.17* This is used to handle cases where additional authentication steps are required,18* such as when mandatory multi-factor authentication (MFA) is enforced.19*20* @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate21*/22export interface AuthenticationChallenge {23/**24* The authentication scheme (e.g., 'Bearer').25*/26readonly scheme: string;2728/**29* Parameters for the authentication challenge.30* For Bearer challenges, this may include 'claims', 'scope', 'realm', etc.31*/32readonly params: Record<string, string>;33}3435/**36* Represents constraints for authentication, including challenges and optional scopes.37* This is used when creating or retrieving sessions that must satisfy specific authentication38* requirements from WWW-Authenticate headers.39*40* @note For more information on WWW-Authenticate please see https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/WWW-Authenticate41*/42export interface AuthenticationConstraint {43/**44* Array of authentication challenges parsed from WWW-Authenticate headers.45*/46readonly challenges: readonly AuthenticationChallenge[];4748/**49* Optional scopes for the session. If not provided, the authentication provider50* may extract scopes from the challenges or use default scopes.51*/52readonly fallbackScopes?: readonly string[];53}5455/**56* An authentication provider that supports challenge-based authentication.57* This extends the base AuthenticationProvider with methods to handle authentication58* challenges from WWW-Authenticate headers.59*60* TODO: Enforce that both of these functions should be defined by creating a new AuthenticationProviderWithChallenges interface.61* But this can be done later since this part doesn't need finalization.62*/63export interface AuthenticationProvider {64/**65* Get existing sessions that match the given authentication constraints.66*67* @param constraint The authentication constraint containing challenges and optional scopes68* @param options Options for the session request69* @returns A thenable that resolves to an array of existing authentication sessions70*/71getSessionsFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<readonly AuthenticationSession[]>;7273/**74* Create a new session based on authentication constraints.75* This is called when no existing session matches the constraint requirements.76*77* @param constraint The authentication constraint containing challenges and optional scopes78* @param options Options for the session creation79* @returns A thenable that resolves to a new authentication session80*/81createSessionFromChallenges?(constraint: AuthenticationConstraint, options: AuthenticationProviderSessionOptions): Thenable<AuthenticationSession>;82}8384export interface AuthenticationProviderOptions {85supportsChallenges?: boolean;86}87}888990