AuthenticationServices macOS xcode14.0 beta1

#AuthenticationServices.framework https://github.com/xamarin/xamarin-macios/pull/15427

diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationController.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationController.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationController.h	2022-02-23 10:58:23.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationController.h	2022-05-31 14:51:01.000000000 -0400
@@ -37,6 +37,11 @@
 
 @end
 
+typedef NS_OPTIONS(NSUInteger, ASAuthorizationControllerRequestOptions) {
+    /*! @abstract Tell the authorization controller that it should prefer credentials that are immediately available on the local device.
+     */
+    ASAuthorizationControllerRequestOptionPreferImmediatelyAvailableCredentials = 1 << 0,
+} NS_SWIFT_NAME(ASAuthorizationController.RequestOptions) API_AVAILABLE(ios(16.0), macos(13.0)) API_UNAVAILABLE(tvos, watchos);
 
 AS_EXTERN API_AVAILABLE(ios(13.0), macos(10.15), tvos(13.0), watchos(6.0))
 @interface ASAuthorizationController : NSObject
@@ -68,13 +73,36 @@
  */
 - (instancetype)initWithAuthorizationRequests:(NSArray<ASAuthorizationRequest *> *)authorizationRequests NS_DESIGNATED_INITIALIZER;
 
-/*! @abstract Initiate the authorization flows.  Upon completion, the delegate will be called with either success or failure.
- Certain authorization flows may require a presentation context, the presentationContextProvider will be called to provider it.
- 
- The instance will remain retained until the user completes the flow and the delegate callback is made.
+/*! @abstract Initiate the authorization flows. Upon completion, the delegate will be called with either success or failure.
+ Certain authorization flows may require a presentation context. The @c presentationContextProvider will be called
+ to provide it.
+
+ The instance will remain retained until the flow is either completed or canceled, and the delegate callback is made.
  */
 - (void)performRequests;
 
+/*! @abstract Initiate the authorization flows for requests that support AutoFill presentation. UI will be shown when
+ focusing a text field with the appropriate text content type. Upon completion, the delegate will be called with either success
+ or failure.
+
+ The instance will remain retained until the flow is either completed or canceled, and the delegate callback is made.
+ */
+- (void)performAutoFillAssistedRequests API_AVAILABLE(ios(16.0)) API_UNAVAILABLE(macos, macCatalyst, watchos, tvos);
+
+/*! @abstract Initiate the authorization flows. Upon completion, the delegate will be called with either success or failure.
+ Certain authorization flows may require a presentation context. The @c presentationContextProvider will be called
+ to provide it.
+
+ Calling this method with no options is the same as calling @c performRequests. The instance will remain retained until
+ the flow is either completed or canceled, and the delegate callback is made.
+ */
+- (void)performRequestsWithOptions:(ASAuthorizationControllerRequestOptions)options NS_SWIFT_NAME(performRequests(options:)) API_AVAILABLE(ios(16.0), macos(13.0)) API_UNAVAILABLE(watchos, tvos);
+
+/*! @abstract Cancel the running authorization flows, if there are any. If a flow is canceled, the delegate callback will
+ be made indicating the cancel.
+ */
+- (void)cancel API_AVAILABLE(macos(13.0), ios(16.0)) API_UNAVAILABLE(watchos, tvos);
+
 + (instancetype)new NS_UNAVAILABLE;
 
 - (instancetype)init NS_UNAVAILABLE;
diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationRequest.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationRequest.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationRequest.h	2022-02-23 07:16:49.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationRequest.h	2022-05-31 15:01:24.000000000 -0400
@@ -8,6 +8,8 @@
 #import <AuthenticationServices/ASFoundation.h>
 #import <Foundation/Foundation.h>
 
+@class ASAuthorizationProviderExtensionLoginManager;
+
 NS_ASSUME_NONNULL_BEGIN
 
 typedef NSString * ASAuthorizationProviderAuthorizationOperation API_AVAILABLE(ios(13.0), macCatalyst(14.0), macos(10.15)) API_UNAVAILABLE(watchos, tvos) NS_TYPED_EXTENSIBLE_ENUM;
@@ -121,6 +123,10 @@
 */
 @property (nonatomic, readonly, getter=isUserInterfaceEnabled) BOOL userInterfaceEnabled API_AVAILABLE(ios(15.4), macos(12.3)) API_UNAVAILABLE(tvos, watchos);
 
+/*! @abstract The login manager to interface with the Platform SSO configuration.
+*/
+@property (nonatomic, readonly, nullable, strong) ASAuthorizationProviderExtensionLoginManager *loginManager API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
 @end
 
 NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h	2022-05-31 15:01:24.000000000 -0400
@@ -0,0 +1,197 @@
+// Copyright © 2021 Apple Inc. All rights reserved.
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+@interface ASAuthorizationProviderExtensionKerberosMapping : NSObject
+
+/*!
+ @abstract The keypath in the response JSON that uses this set of mappings.
+ @discussion If the response tokens from login contain this keypath, then the mapping in this class will be used to create a Kerberos ticket. The expected response is a JSON dictionary with the supplied key names.
+ */
+@property (nonatomic, nullable, copy) NSString *ticketKeyPath;
+
+/*!
+ @abstract The key name that contains the base64 encoded kerberos AS-REP string.
+ */
+@property (nonatomic, nullable, copy) NSString *messageBufferKeyName;
+
+/*!
+ @abstract The key name that contains the Kerberos Realm string.
+ */
+@property (nonatomic, nullable, copy) NSString *realmKeyName;
+
+/*!
+ @abstract The key name that contains the Kerberos service name string.
+ */
+@property (nonatomic, nullable, copy) NSString *serviceNameKeyName;
+
+/*!
+ @abstract The key name that contains the Kerberos client name string.
+ */
+@property (nonatomic, nullable, copy) NSString *clientNameKeyName;
+
+/*!
+ @abstract The key name that contains the Kerberos session key type number.
+ @discussion The value for this key should be the correct encryption type per RFC3962, section 7 for the session key.
+ */
+@property (nonatomic, nullable, copy) NSString *encryptionKeyTypeKeyName;
+
+/*!
+ @abstract The key name that contains the Kerberos session key.
+ */
+@property (nonatomic, nullable, copy) NSString *sessionKeyKeyName;
+
+@end
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+@interface ASAuthorizationProviderExtensionLoginConfiguration : NSObject
+
++ (instancetype)new NS_UNAVAILABLE;
+- (instancetype)init NS_UNAVAILABLE;
+
+/*!
+ @abstract Initializes an ASAuthorizationProviderExtensionLoginConfiguration class with the required values.
+ @param clientID The client_id for the Apple platform SSO login at the identity provider.
+ @param issuer The issuer for the requests, used to validate responses.
+ @param tokenEndpointURL The token endpoint at the idP for login.
+ @param jwksEndpointURL The JWKS URL at the idP for validating tokens.
+ @param audience The audience used for signed assertions.  This should be the tenent at the idP.
+ @return An instance of a ASAuthorizationProviderExtensionLoginConfiguration.
+ */
+- (instancetype)initWithClientID:(NSString *)clientID issuer:(NSString *)issuer tokenEndpointURL:(NSURL *)tokenEndpointURL jwksEndpointURL:(NSURL *)jwksEndpointURL audience:(nullable NSString *)audience;
+
+/*!
+ @abstract Creates a login configuration using the OpenID configuration.
+ @param openIDConfigurationURL The base URL to load the .well-known/openid-configuration.
+ @param clientID The client_id for the Apple platform SSO login at the identity provider.
+ @param issuer The issuer for the requests, used to validate responses.
+ @param completion The completion called when it is complete or the error.
+ */
++ (void)configurationWithOpenIDConfigurationURL:(NSURL *)openIDConfigurationURL clientID:(NSString *)clientID issuer:(nullable NSString *)issuer completion:(void (^)(ASAuthorizationProviderExtensionLoginConfiguration * _Nullable loginConfiguration, NSError * _Nullable error))completion NS_SWIFT_NAME(configuration(openIDConfigurationURL:clientID:issuer:completion:));
+
+/*!
+ @abstract Predicate string used to identify invalid credential errors.
+ @discussion If there is an HTTP 400 or HTTP 401 error when authenticating, this predicate will be used on the response body JSON to determine if the error is due to an invalid password or something else.  If nil, then only an HTTP 401 will be used for an invalid credential.
+ */
+@property (nonatomic, nullable, copy) NSString *invalidCredentialPredicate;
+
+/*!
+ @abstract The display name for the account.  Used for notifications and login prompts.
+ */
+@property (nonatomic, nullable, copy) NSString *accountDisplayName;
+
+/*!
+ @abstract The login client_id.
+ */
+@property (nonatomic, readonly, copy) NSString *clientID;
+
+/*!
+ @abstract The issuer for validation.
+ */
+@property (nonatomic, readonly, copy) NSString *issuer;
+
+/*!
+ @abstract The audience for validation and requests.
+ */
+@property (nonatomic, copy) NSString *audience;
+
+/*!
+ @abstract Token Endpoint URL for login request.
+ */
+@property (nonatomic, copy) NSURL *tokenEndpointURL;
+
+/*!
+ @abstract JWKS Endpoint URL for keys.
+ */
+@property (nonatomic, copy) NSURL *jwksEndpointURL;
+
+#pragma mark - Server Nonce
+
+/*!
+ @abstract Nonce Endpoint URL, defaults to token tokenEndpointURL.
+ */
+@property (nonatomic, copy) NSURL *nonceEndpointURL;
+
+/*!
+ @abstract The keypath in the nonce response that contains the nonce value.
+ */
+@property (nonatomic, copy) NSString *nonceResponseKeypath;
+
+/*!
+ @abstract The name of the server nonce claim when included in authentication requests.
+ */
+@property (nonatomic, copy) NSString *serverNonceClaimName;
+
+/*!
+ @abstract Custom values added to the server nonce POST request body.
+ */
+@property (nonatomic, copy) NSArray<NSURLQueryItem *> *customNonceRequestValues;
+
+#pragma mark - Embedded Assertions
+
+/*!
+ @abstract Sets custom claims to be added to the embedded assertion request header.
+ @param claims The claims to be added. It must serialize as valid JSON to be accepted.
+ @param error Nil or a NSError indicating why the claims where rejected.
+ @returns True when successful and false when claims are rejected.
+ */
+- (BOOL)setCustomAssertionRequestHeaderClaims:(NSDictionary<NSString *, id> *)claims returningError:(NSError * _Nullable * _Nullable)error;
+
+/*!
+ @abstract Sets custom claims to be added to the embedded assertion request body.
+ @param claims The claims to be added. It must serialize as valid JSON to be accepted.
+ @param error Nil or a NSError indicating why the claims where rejected.
+ @returns True when successful and false when claims are rejected.
+ */
+- (BOOL)setCustomAssertionRequestBodyClaims:(NSDictionary<NSString *, id> *)claims returningError:(NSError * _Nullable * _Nullable)error;
+
+#pragma mark - Login Request
+
+/*!
+ @abstract Additional login scopes.
+ */
+@property (nonatomic, copy) NSString *additionalScopes;
+
+/*!
+ @abstract If true and there is a refresh token for the user in the SSO tokens, it will be included in the login request.
+ */
+@property (nonatomic) BOOL includePreviousRefreshTokenInLoginRequest;
+
+/*!
+ @abstract The claim name for the previous SSO token value in the login request.
+ */
+@property (nonatomic, copy) NSString *previousRefreshTokenClaimName;
+
+/*!
+ @abstract Custom values added to the login POST request body.
+ */
+@property (nonatomic, copy) NSArray<NSURLQueryItem *> *customLoginRequestValues;
+
+/*!
+ @abstract Sets custom claims to be added to the login request header.
+ @param claims The claims to be added. It must serialize as valid JSON to be accepted.
+ @param error Nil or a NSError indicating why the claims where rejected.
+ @returns True when successful and false when claims are rejected.
+ */
+- (BOOL)setCustomLoginRequestHeaderClaims:(NSDictionary<NSString *, id> *)claims returningError:(NSError * _Nullable * _Nullable) error;
+
+/*!
+ @abstract Sets custom claims to be added to the login request body.
+ @param claims The claims to be added. It must serialize as valid JSON to be accepted.
+ @param error Nil or a NSError indicating why the claims where rejected.
+ @returns True when successful and false when claims are rejected.
+ */
+- (BOOL)setCustomLoginRequestBodyClaims:(NSDictionary<NSString *, id> *)claims returningError:(NSError * _Nullable * _Nullable) error;
+
+/*!
+ @abstract The Kerberos ticket mappings to use.
+ */
+@property (nonatomic, copy) NSArray<ASAuthorizationProviderExtensionKerberosMapping *> *kerberosTicketMappings;
+
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h	2022-05-31 15:01:25.000000000 -0400
@@ -0,0 +1,85 @@
+//
+//  ASAuthorizationProviderExtensionLoginManager.h
+//  AuthenticationServices Framework
+//
+//  Copyright © 2022 Apple. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+#import <Security/Security.h>
+
+@class ASAuthorizationProviderExtensionLoginConfiguration;
+
+NS_ASSUME_NONNULL_BEGIN
+
+typedef NS_ENUM(NSInteger, ASAuthorizationProviderExtensionKeyType)
+{
+    /// The user's device signing key.
+    ASAuthorizationProviderExtensionKeyTypeUserDeviceSigning = 1,
+    /// The user's device encryption key.
+    ASAuthorizationProviderExtensionKeyTypeUserDeviceEncryption = 2,
+    /// The user's Secure Enclave backed key.
+    ASAuthorizationProviderExtensionKeyTypeUserSecureEnclaveKey = 3,
+} API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+@interface ASAuthorizationProviderExtensionLoginManager : NSObject
+
+- (instancetype)init NS_UNAVAILABLE;
++ (instancetype)new NS_UNAVAILABLE;
+
+/// @abstract Returns YES if the current device completed registration.
+@property (readonly, getter=isDeviceRegistered) BOOL deviceRegistered;
+
+/// @abstract Returns YES if current user completed registration.
+@property (readonly, getter=isUserRegistered) BOOL userRegistered;
+
+/// @abstract Returns the device registration token from the MDM profile.
+@property (nonatomic, nullable, readonly, copy) NSString *registrationToken;
+
+/// @abstract The user name to use when authenticating with the identity provider.
+@property (nonatomic, nullable, copy) NSString *loginUserName;
+
+/// @abstract Retrieves or sets the current SSO tokens response for the current user and extension.
+@property (nonatomic, copy, nullable) NSDictionary *ssoTokens;
+
+/// @abstract Retrieves or sets the current login configuration for the extension.
+@property (nonatomic, copy, nullable, readonly) ASAuthorizationProviderExtensionLoginConfiguration *loginConfiguration;
+
+/// Saves or replaces the login configration.
+/// @param loginConfiguration The login configration to use.
+/// @param error The error when there are validation errors or nil.
+- (BOOL)saveLoginConfiguration:(ASAuthorizationProviderExtensionLoginConfiguration *)loginConfiguration error:(NSError * _Nullable * _Nullable)error;
+
+/// @abstract Saves the provided certificate for the key type.
+/// @param certificate The certificate to save.
+/// @param keyType The key type for the certificate.
+- (void)saveCertificate:(SecCertificateRef)certificate keyType:(ASAuthorizationProviderExtensionKeyType)keyType NS_SWIFT_NAME(saveCertificate(_:keyType:));
+
+/// @abstract Retrieves the key for the specified platform SSO key type.
+/// @param keyType The key type to retrieve.
+- (nullable SecKeyRef)copyKeyForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType NS_SWIFT_NAME(key(for:)) CF_RETURNS_RETAINED;
+
+/// @abstract Retrieves the identity for the specified platform SSO key type.
+/// @param keyType The key type to retrieve.
+- (nullable SecIdentityRef)copyIdentityForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType NS_SWIFT_NAME(identity(for:)) CF_RETURNS_RETAINED;
+
+/// @abstract Requests AppSSOAgent reauthenticate the current user for the current extension.  This is used when the tokens are revoked, or expired and need to be requested again.
+- (void)userNeedsReauthenticationWithCompletion:(void(^)(NSError * _Nullable error))completion;
+
+/// @abstract Requests that the device registration be run again to repair it.
+- (void)deviceRegistrationsNeedsRepair;
+
+/// @abstract Requests that user registration be run again for the current user to repair it.
+- (void)userRegistrationsNeedsRepair;
+
+/// @abstract Creates new Encryption, Signing, and Secure Enclave keys for the user.  The old keys will be destroyed.
+- (void)resetKeys;
+
+/*! @abstract Asks authorization service to show extension view controller for registration. If the controller cannot be shown an error is returned.  This is only valid during registration.
+*/
+- (void)presentRegistrationViewControllerWithCompletion:(void(^)(NSError * _Nullable error))completion;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h	1969-12-31 19:00:00.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h	2022-05-31 15:01:24.000000000 -0400
@@ -0,0 +1,74 @@
+//
+//  ASAuthorizationProviderExtensionRegistrationHandler.h
+//  AuthenticationServices Framework
+//
+//  Copyright © 2022 Apple. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+@class ASAuthorizationProviderExtensionLoginManager;
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+typedef NS_ENUM(NSInteger, ASAuthorizationProviderExtensionAuthenticationMethod)
+{
+    ASAuthorizationProviderExtensionAuthenticationMethodPassword = 1,
+    ASAuthorizationProviderExtensionAuthenticationMethodUserSecureEnclaveKey = 2,
+} API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+typedef NS_OPTIONS(NSUInteger, ASAuthorizationProviderExtensionRequestOptions) {
+    // No Options.
+    ASAuthorizationProviderExtensionRequestOptionsNone = 0,
+    // User interaction is enabled.
+    ASAuthorizationProviderExtensionRequestOptionsUserInteractionEnabled = 1 << 0,
+    // The registration is called to repair a previous registration.
+    ASAuthorizationProviderExtensionRequestOptionsRegistrationRepair = 1 << 1,
+};
+
+typedef NS_ENUM(NSInteger, ASAuthorizationProviderExtensionRegistrationResult)
+{
+    // The registration was successful.
+    ASAuthorizationProviderExtensionRegistrationResultSuccess = 0,
+    // The registration failed, try again later.
+    ASAuthorizationProviderExtensionRegistrationResultFailed = 1,
+    // User interface is required to complete the registration.
+    ASAuthorizationProviderExtensionRegistrationResultUserInterfaceRequired = 2,
+    // The registration failed, do not retry.
+    ASAuthorizationProviderExtensionRegistrationResultFailedNoRetry = 3,
+} API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+
+API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
+@protocol ASAuthorizationProviderExtensionRegistrationHandler <NSObject>
+
+/*!
+ @abstract This initiates device registration process for the SSO extension.
+ @param loginManager The login manager used to interface with Platform SSO.
+ @param options The request options that apply to the request.
+ @param completion The completion to call to continue device registration.
+ @param result Return the result of the registration.
+ */
+- (void)beginDeviceRegistrationUsingLoginManager:(ASAuthorizationProviderExtensionLoginManager *)loginManager options:(ASAuthorizationProviderExtensionRequestOptions)options completion:(void (^)(ASAuthorizationProviderExtensionRegistrationResult result))completion NS_SWIFT_NAME(beginDeviceRegistration(loginManager:options:completion:));
+
+/*!
+ @abstract This initiates user registration process for the user and the extension.
+ @param loginManager The login manager used to interface with Platform SSO.
+ @param userName The username for the user registration.
+ @param method The authentication method to be used for the user.
+ @param options The request options that apply to the request.
+ @param completion The completion to call to continue user registration.
+ @param result Return the result of the registration.
+ */
+- (void)beginUserRegistrationUsingLoginManager:(ASAuthorizationProviderExtensionLoginManager *)loginManager userName:(nullable NSString *)userName authenticationMethod:(ASAuthorizationProviderExtensionAuthenticationMethod)authenticationMethod options:(ASAuthorizationProviderExtensionRequestOptions)options completion:(void (^)(ASAuthorizationProviderExtensionRegistrationResult result))completion NS_SWIFT_NAME(beginUserRegistration(loginManager:userName:method:options:completion:));
+
+@optional
+
+/// @abstract Call to extension to free any resources used by the extension during registration. It will be called once after all current registration calls are complete.
+- (void)registrationDidComplete;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/AuthenticationServices.h /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/AuthenticationServices.h
--- /Applications/Xcode_13.3.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/AuthenticationServices.h	2022-02-19 02:18:24.000000000 -0500
+++ /Applications/Xcode_14.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/AuthenticationServices.h	2022-05-29 00:22:40.000000000 -0400
@@ -72,3 +72,7 @@
 #import <AuthenticationServices/ASPublicKeyCredential.h>
 
 
+
+#import <AuthenticationServices/ASAuthorizationProviderExtensionLoginConfiguration.h>
+#import <AuthenticationServices/ASAuthorizationProviderExtensionLoginManager.h>
+#import <AuthenticationServices/ASAuthorizationProviderExtensionRegistrationHandler.h>