import { ApiResponse, ApsServiceRequestConfig, SdkManager } from "@aps_sdk/autodesk-sdkmanager"; import { TokenApi, UsersApi } from "../api"; import { IntrospectToken, Jwks, OidcSpec, ResponseType, Scopes, ThreeLeggedToken, TokenTypeHint, TwoLeggedToken, UserInfo } from "../model"; export declare class AuthenticationClient { tokenApi: TokenApi; usersApi: UsersApi; constructor(optionalArgs?: { sdkManager?: SdkManager; }); /** * Retrieves information for the authenticated user. Only supports 3-legged access tokens. * @summary Get User Info * @param {string} authorization The three legged access token. * @param {*} [options] Override http request option. */ getUserInfo(authorization: string, optionalArgs?: { options?: ApsServiceRequestConfig; }): Promise; /** * Returns a two legged access token. * @summary Get two legged token. * @param {string} clientId The Client Id of the application making the request. * @param {string} clientSecret The Client secret of the application making the request. * @param {Array} scopes Array of scopes. Supported values: 1. device_sso 2. All scopes mentioned in [Forge Developers Guide](https://forge.autodesk.com/en/docs/oauth/v3/developers_guide/scopes/). * @param {*} [options] Override http request option. * @returns {TwoleggedToken} Two legged access token. */ getTwoLeggedToken(clientId: string, clientSecret: string, scopes: Array, optionalArgs?: { options?: ApsServiceRequestConfig; }): Promise; /** * Returns a browser URL to redirect an end user in order to acquire the user’s consent to authorize the application to access resources on their behalf. Invoking this operation is the first step in authenticating users and retrieving an authorization code grant. The authorization code that is generated remains valid for 5 minutes, while the ID token stays valid for 60 minutes. Any access tokens you obtain are valid for 60 minutes, and refresh tokens remain valid for 15 days. This operation has a rate limit of 500 calls per minute. **Note:** This operation is intended for use with client-side applications only. It is not suitable for server-side applications. * @summary Get Authorise URL. * @param {string} clientId The Client Id of the application making the request. * @param {ResponseType} responseType Must be `code` for authorization code grant, `id_token` for an OpenID Connect ID token. * @param {string} redirectUri URL-encoded callback URL. * @param {Array} scopes Array of scopes. Supported values: 1. device_sso 2. All scopes mentioned in [Forge Developers Guide](https://forge.autodesk.com/en/docs/oauth/v3/developers_guide/scopes/). * @param {string} [state] The payload that authorization flow will pass back verbatim in state query parameter to the callback URL. It can contain alphanumeric, comma, period, underscore, and hyphen characters. * @param {string} [nonce] A string value used to associate a Client session with an ID Token, and to mitigate replay attacks. Required if `response_type` is `id_token` or `token` * @param {string} [responseMode] The mode of response for the supplied `response_type`. Supported values are `fragment`, `form_post` or `query`. `query` is not supported if the `response_type` is `token`. * @param {string} [prompt] Values supported: `login` and `none`. `login`: Always prompt the user for authentication, regardless of the login session. `prompt`: Do not prompt user for authentication. If user is not logged in, the calling application receives an error. * @param {string} [authoptions] A Json object carries information to Identity. * @param {string} [codeChallenge] A challenge for PKCE. The challenge is verified in the access token request. * @param {string} [codeChallengeMethod] Method used to derive the code challenge for PKCE. Must be S256 if `code_challenge` is present. * @returns {string} Returns the authorize URL. */ authorize(clientId: string, responseType: ResponseType, redirectUri: string, scopes: Array, optionalArgs?: { state?: string; nonce?: string; responseMode?: string; prompt?: string; authoptions?: string; codeChallenge?: string; codeChallengeMethod?: string; }): string; /** * Returns a three Legged access token. * For Private clients specify the client secret along with the Client ID. * For Public clients only Client ID needs to be specified. * @summary Get Three legged token. * @param {string} clientId The Client Id of the application making the request. * @param {string} code The authorization code that was passed to your application when the user granted access permission to your application. It was passed as the ``code`` query parameter to the redirect URI when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {string} redirectUri The URI that APS redirects users to after they grant or deny access permission to the application. Must match the Callback URL for the application registered with APS. * @param {string} [clientSecret] The Client secret of the application making the request. Required only for private clients * @param {string} [codeVerifier] A random URL-encoded string between 43 characters and 128 characters. In a PKCE grant flow, the authentication server uses this string to verify the code challenge that was passed when you called `Authorize User </en/docs/oauth/v2/reference/http/authorize-GET/>`_. * @param {*} [options] Override http request option. * @returns {ThreeleggedToken} Three legged access token */ getThreeLeggedToken(clientId: string, code: string, redirect_uri: string, optionalArgs?: { clientSecret?: string; code_verifier?: string; options?: ApsServiceRequestConfig; }): Promise; /** * Returns new access token using the refresh token provided in the request. * For Private clients specify the client secret along with the Client ID. * For Public clients only Client ID needs to be specified. * @summary Refresh token. * @param {string} refreshToken The refresh token used to acquire a new access token and a refresh token. * @param {string} clientId The Client Id of the application making the request. * @param {string} [clientSecret] The Client secret of the application making the request. This field is required for client secret * @param {Array} [scopes] Array of scopes. If specified, scopes have to be primarily same with or a subset of the scopes used to generate the refresh_token. * @param {*} [options] Override http request option. * @returns {ThreeLeggedToken} Refreshed three legged access token. */ refreshToken(refreshToken: string, clientId: string, optionalArgs?: { clientSecret?: string; scopes?: Array; options?: ApsServiceRequestConfig; }): Promise; /** * Returns a set of public keys in the JSON Web Key Set (JWKS) format. Public keys returned by this operation can be used to validate the asymmetric JWT signature of an access token without making network calls. It can be used to validate both two-legged access tokens and three-legged access tokens. See the Developer\'s Guide topic on `Asymmetric Signing `_ for more information. * @summary Get JWKS * @param {*} [options] Override http request option. * @returns {Jwks} JSON Web Key Set. */ getKeys(optionalArgs?: { options?: ApsServiceRequestConfig; }): Promise; /** * Returns an OpenID Connect Discovery Specification compliant JSON document. It contains a list of the OpenID/OAuth endpoints, supported scopes, claims, public keys used to sign the tokens, and other details. * @summary Get OIDC Specification * @param {*} [options] Override http request option. * @returns {OidcSpec} */ getOidcSpec(optionalArgs?: { options?: ApsServiceRequestConfig; }): Promise; /** * Returns metadata about the specified access token or reference token. An application can only introspect its own tokens. This operation has a rate limit of 500 calls per minute. * @summary Introspect Token * @param {string} token The token to be introspected. * @param {string} clientId The Client Id of the application making the request. * @param {string} [clientSecret] The Client secret of the application making the request. Only required for private clients. * @param {*} [options] Override http request option. * @returns {IntrospectToken} */ introspectToken(token: string, clientId: string, optionalArgs?: { clientSecret?: string; options?: ApsServiceRequestConfig; }): Promise; /** * Signs out the currently authenticated user from the APS authorization server. Thereafter, this operation redirects the user to the ``post_logout_redirect_uri``, or to the Autodesk Sign-in page when no ``post_logout_redirect_uri`` is provided. This operation has a rate limit of 500 calls per minute. * @summary Logout * @param {string} [postLogoutRedirectUri] The URI to redirect your users to once logout is performed. If you do not specify this parameter your users are redirected to the Autodesk Sign-in page. **Note:** You must provide a redirect URI that is pre-registered with APS. This precaution is taken to prevent unauthorized applications from hijacking the logout process. */ logout(optionalArgs?: { postLogoutRedirectUri?: string; }): string; /** * Revokes an active access token or refresh token. An application can only revoke its own tokens. This operation has a rate limit of 100 calls per minute. * @summary Revoke Token * @param {string} token The token to be revoked. * @param {string} clientId The Client Id of the application making the request. * @param {TokenTypeHint} tokenTypeHint Should be either \\\'access_token\\\', \\\'refresh_token\\\' or \\\'device_secret\\\'. * @param {string} [clientSecret] The Client secret of the application making the request. Only required for private clients. * @param {*} [options] Override http request option. */ revoke(token: string, clientId: string, tokenTypeHint: TokenTypeHint, optionalArgs?: { clientSecret?: string; options?: ApsServiceRequestConfig; }): Promise; }