/**
 * PKCE (Proof Key for Code Exchange) helpers per RFC 7636.
 */
/**
 * Generate a random code verifier (43–128 chars, base64url-encoded).
 * Uses 32 random bytes → 43-char base64url string.
 */
export declare function generateCodeVerifier(): string;
/**
 * Derive the S256 code challenge from a code verifier.
 * `code_challenge = base64url(SHA-256(code_verifier))`
 */
export declare function generateCodeChallenge(verifier: string): string;
/**
 * Generate a random state parameter for CSRF protection.
 * 16 random bytes → 22-char base64url string.
 */
export declare function generateState(): string;