import type { OAuthFlowConfig, OAuthTokenResponse, OAuthUserInfo } from './types.ts'; /** * Build an OAuth 2.0 authorization URL for redirecting the user to the OIDC provider. * * @param redirectUri - The callback URL the provider will redirect to after authentication * @param config - Optional OAuth configuration. Falls back to environment variables. * @returns The full authorization URL to redirect the user to * * @example * ```typescript * // Uses OAUTH_CLIENT_ID, OAUTH_AUTHORIZE_URL (or OAUTH_ISSUER) from env * const url = buildAuthorizeUrl('http://localhost:3500/api/oauth/login'); * * // Or with explicit config * const url = buildAuthorizeUrl('http://localhost:3500/api/oauth/login', { * issuer: 'https://auth.agentuity.cloud', * clientId: 'my-client-id', * }); * ``` */ export declare function buildAuthorizeUrl(redirectUri: string, config?: OAuthFlowConfig): string; /** * Exchange an authorization code for an access token. * * @param code - The authorization code received from the OAuth callback * @param redirectUri - The same redirect URI used in the authorization request * @param config - Optional OAuth configuration. Falls back to environment variables. * @returns The token response including access_token, and optionally refresh_token, id_token, etc. * * @example * ```typescript * const token = await exchangeToken(code, 'http://localhost:3500/api/oauth/login'); * console.log(token.access_token); * ``` */ export declare function exchangeToken(code: string, redirectUri: string, config?: OAuthFlowConfig): Promise; /** * Refresh an access token using a refresh token. * * @param refreshTokenValue - The refresh token obtained from a previous token exchange * @param config - Optional OAuth configuration. Falls back to environment variables. * @returns The token response including a new access_token, and optionally a new refresh_token * * @example * ```typescript * const newToken = await refreshToken(previousToken.refresh_token!); * console.log(newToken.access_token); * ``` */ export declare function refreshToken(refreshTokenValue: string, config?: OAuthFlowConfig): Promise; /** * Revoke an OAuth token (access token or refresh token) to log the user out. * * Calls the token revocation endpoint (RFC 7009). The server will invalidate * the token so it can no longer be used. Per the spec, the endpoint returns * a success response even if the token was already invalid. * * @param token - The access token or refresh token to revoke * @param config - Optional OAuth configuration. Falls back to environment variables. * * @example * ```typescript * // Revoke the refresh token to fully log out * await logout(token.refresh_token!); * ``` */ export declare function logout(token: string, config?: OAuthFlowConfig): Promise; /** * Fetch user information from the OIDC userinfo endpoint using an access token. * * @param accessToken - The access token obtained from the token exchange * @param config - Optional OAuth configuration. Falls back to environment variables. * @returns The user info including sub, name, email, and any additional claims * * @example * ```typescript * const user = await fetchUserInfo(token.access_token); * console.log(user.name, user.email); * ``` */ export declare function fetchUserInfo(accessToken: string, config?: OAuthFlowConfig): Promise; //# sourceMappingURL=flow.d.ts.map