export interface IPublicClientApplication { /** * Acquire a token interactively * @param {MSALInteractiveParams} params * @return Result containing an access token and account identifier * used for acquiring subsequent tokens silently */ acquireToken(params: MSALInteractiveParams): Promise; /** * Acquire a token silently * @param {MSALSilentParams} params - Includes the account identifer retrieved from a * previous interactive login * @return Result containing an access token and account identifier * used for acquiring subsequent tokens silently */ acquireTokenSilent(params: MSALSilentParams): Promise; /** * Get all accounts for which this application has refresh tokens * @return Promise containing array of MSALAccount objects for which this application * has refresh tokens. */ getAccounts(): Promise; /** * Retrieve the account matching the identifier * @return Promise containing MSALAccount object */ getAccount(accountIdentifier: string): Promise; /** * Removes all tokens from the cache for this application for the provided * account. * @param {MSALAccount} account * @return A promise containing a boolean = true if account removal was successful * otherwise rejects */ removeAccount(account: MSALAccount): Promise; /** * Removes all tokens from the cache for this application for the provided * account. Additionally, this will remove the account from the system browser. * NOTE: iOS only. On Android and web this is the same as `removeAccount`. * @param {MSALSignoutParams} params * @return A promise which resolves if sign out is successful, * otherwise rejects * @platform ios */ signOut(params: MSALSignoutParams): Promise; /** * Returns the browser that will be used for interactive authentication. * NOTE: Android only. On iOS this will always return 'N/A'. * @return Promise resolving to the package name and version of the browser that will be used * for interactive authentication. * @platform android */ getSelectedBrowser(): Promise; /** * Returns a array of installed browsers found in the configured safe list that support customTab. * NOTE: Android only. On iOS this will always return N/A. * @return Promise resolving to an array of installed browsers that support customTab * @platform android */ getSafeCustomTabsBrowsers(): Promise; } export interface MSALConfiguration { auth: { /** * The client ID of the application, this should come from the app developer portal. */ clientId: string; /** * The authority the application will use to obtain tokens. */ authority?: string; /** * List of known authorities that the application should trust. */ knownAuthorities?: string[]; /** * The redirect URI of the application. * * If you are providing this property, you should probably use `Platform.select`, * because the redirect uris will be different for each platform. */ redirectUri?: string; }; /** * Options as described here: {@link https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-configuration} * @platform android */ androidConfigOptions?: MSALAndroidConfigOptions; } export interface MSALAndroidPreferredBrowser { browser_package_name: string; browser_signature_hashes: string[]; browser_version_lower_bound?: string; browser_version_upper_bound?: string; } export interface MSALAndroidConfigOptions { authorization_user_agent?: 'DEFAULT' | 'BROWSER' | 'WEBVIEW'; broker_redirect_uri_registered?: boolean; preferred_browser?: MSALAndroidPreferredBrowser; browser_safelist?: { browser_package_name: string; browser_signature_hashes: string[]; browser_use_customTab: boolean; }[]; http?: { connect_timeout?: number; read_timeout?: number; }; logging?: { pii_enabled?: boolean; log_level?: 'ERROR' | 'WARNING' | 'INFO' | 'VERBOSE'; logcat_enabled?: boolean; }; multiple_clouds_supported?: boolean; } export interface MSALInteractiveParams { /** * Permissions you want included in the access token received in the result. * Not all scopes are guaranteed to be included in the access token returned. */ scopes: string[]; /** * The authority that MSAL will use to obtain tokens. If not included, authority from * MSALConfiguration will be used. */ authority?: string; /** * A specific prompt type for the interactive authentication flow. */ promptType?: MSALPromptType; /** * A loginHint (usually an email) to pass to the service at the beginning of the * interactive authentication flow. The account returned is not guaranteed to match * the loginHint. */ loginHint?: string; /** * Key-value pairs to pass to the /authorize and /token endpoints. */ extraQueryParameters?: Record; /** * Permissions you want the account to consent to in the same authentication flow, * but won’t be included in the returned access token. */ extraScopesToConsent?: string[]; /** * User Interface configuration that MSAL uses when getting a token interactively or * authorizing an end user. */ webviewParameters?: MSALWebviewParams; } /** * OIDC prompt parameter that specifies whether the Authorization Server prompts the * End-User for reauthentication and consent. */ export declare enum MSALPromptType { /** * If no user is specified the authentication webview will present a list of users * currently signed in for the user to select among. */ SELECT_ACCOUNT = 0, /** * Require the user to authenticate in the webview. */ LOGIN = 1, /** * Require the user to consent to the current set of scopes for the request. */ CONSENT = 2, /** * The SSO experience will be determined by the presence of cookies in the webview and * account type. User won’t be prompted unless necessary. If multiple users are signed in, * select account experience will be presented. */ WHEN_REQUIRED = 3, /** * Default is MSALPromptType.WHEN_REQUIRED. */ DEFAULT = 3 } export interface MSALSilentParams { /** * Permissions you want included in the access token received in the result. * Not all scopes are guaranteed to be included in the access token returned. */ scopes: string[]; /** * An account object for which tokens should be returned. */ account: MSALAccount; /** * The authority that MSAL will use to obtain tokens. If not included, authority from * MSALConfiguration will be used. */ authority?: string; /** * Ignore any existing access token in the cache and force MSAL to get a new access token * from the service. */ forceRefresh?: boolean; } export interface MSALSignoutParams { /** * The account object for which to sign out of. */ account: MSALAccount; /** * Specifies whether signout should also open the browser and send a network request to the end_session_endpoint. * false by default. */ signoutFromBrowser?: boolean; /** * User Interface configuration that MSAL uses when getting a token interactively or * authorizing an end user. */ webviewParameters?: MSALWebviewParams; } export interface MSALResult { /** * The Access Token requested, or empty string if no access token is returned in response */ accessToken: string; /** * The account object that holds account information. */ account: MSALAccount; /** * The time that the access token returned in the accessToken property ceases to be valid. * This value is calculated based on current UTC time measured locally and the value expiresIn returned from the service */ expiresOn: number; /** * The raw id token if it’s returned by the service or undefined if no id token is returned. */ idToken?: string; /** * The scope values returned from the service. */ scopes: string[]; /** * Identifier for the directory where account is locally represented */ tenantId?: string; } export interface MSALAccount { /** * Unique identifier for the account. */ identifier: string; /** * Host part of the authority string used for authentication based on the issuer identifier. */ environment?: string; /** * An identifier for the AAD tenant that the account was acquired from. */ tenantId: string; /** * Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. */ username: string; /** * ID token claims for the account. Can be used to read additional information about the account, e.g. name. */ claims?: object; } /** * Mostly, if not all, iOS webview parameters * See https://azuread.github.io/microsoft-authentication-library-for-objc/Classes/MSALWebviewParameters.html */ export interface MSALWebviewParams { /** * A Boolean value that indicates whether the ASWebAuthenticationSession should ask the * browser for a private authentication session. * For more info see here: https://developer.apple.com/documentation/authenticationservices/aswebauthenticationsession/3237231-prefersephemeralwebbrowsersessio?language=objc * @platform iOS 13+ */ ios_prefersEphemeralWebBrowserSession?: boolean; /** * MSAL requires a web browser for interactive authentication. * There are multiple web browsers available to complete authentication. * MSAL will default to the web browser that provides best security and user experience for a given platform. * Ios_MSALWebviewType allows changing the experience by customizing the configuration to other options for * displaying web content * @platform iOS */ ios_webviewType?: Ios_MSALWebviewType; /** * Note: Has no effect when ios_webviewType === `Ios_MSALWebviewType.DEFAULT` or * ios_webviewType === `Ios_MSALWebviewType.AUTHENTICATION_SESSION` * @platform iOS */ ios_presentationStyle?: Ios_ModalPresentationStyle; } /** * See https://developer.apple.com/documentation/uikit/uimodalpresentationstyle */ export declare enum Ios_ModalPresentationStyle { fullScreen = 0, pageSheet = 1, formSheet = 2, currentContext = 3, custom = 4, overFullScreen = 5, overCurrentContext = 6, popover = 7, blurOverFullScreen = 8, none = -1, automatic = -2 } /** * See https://azuread.github.io/microsoft-authentication-library-for-objc/Enums/MSALWebviewType.html */ export declare enum Ios_MSALWebviewType { DEFAULT = 0, AUTHENTICATION_SESSION = 1, SAFARI_VIEW_CONTROLLER = 2, WK_WEB_VIEW = 3 }