import { Construct } from 'constructs';
import { AuthResources, ResourceProvider } from '@aws-amplify/plugin-types';
import { AuthProps } from './types.js';
/**
 * Amplify Auth CDK Construct
 */
export declare class AmplifyAuth extends Construct implements ResourceProvider<AuthResources> {
    /**
     * The resources generated by the construct.
     */
    readonly resources: AuthResources;
    /**
     * External provider settings
     */
    private readonly providerSetupResult;
    private readonly userPool;
    private readonly computedUserPoolProps;
    private readonly name;
    private readonly domainPrefix;
    private readonly groups;
    /**
     * The KMS key used for encrypting custom email sender data.
     * This is only set when using a custom email sender.
     */
    private customSenderKMSkey;
    /**
     * The preferred authentication challenge
     */
    private readonly preferredChallenge;
    /**
     * Create a new Auth construct with AuthProps.
     * If no props are provided, email login and defaults will be used.
     */
    constructor(scope: Construct, id: string, props?: AuthProps);
    /**
     * Create Auth/UnAuth Roles
     * @returns DefaultRoles
     */
    private setupAuthAndUnAuthRoles;
    /**
     * Auto generate the user pool groups and group roles
     */
    private setupUserPoolGroups;
    /**
     * Setup Identity Pool with default roles/role mappings, and register providers
     */
    private setupIdentityPool;
    /**
     * Define bindCustomAttribute to meet requirements of the Cognito API to call the bind method
     */
    private bindCustomAttribute;
    /**
     * Process props into UserPoolProps (set defaults if needed)
     */
    private getUserPoolProps;
    /**
     * Sanitize customer input and return Cognito User pool compatible Sms configurations
     */
    private getSmsConfiguration;
    /**
     * Parses the user invitation settings and inserts codes/usernames where necessary.
     * @param settings the invitation settings
     * @returns cognito.UserInvitationConfig | undefined
     */
    private getUserInvitationSettings;
    /**
     * Verify the email body depending on if 'CODE' or 'LINK' style is used.
     * This ensures that the template contains the necessary placeholders for Cognito to insert verification codes or links.
     * @param emailSettings the provided email settings
     * @returns emailBody
     */
    private verifyEmailBody;
    /**
     * Get email verification style from user props
     * @param verificationEmailStyle - string value
     * @returns verificationEmailStyle - enum value
     */
    private getEmailVerificationStyle;
    /**
     * Determine the account recovery option based on enabled login methods.
     * @param emailEnabled - is email enabled
     * @param phoneEnabled - is phone enabled
     * @param accountRecoveryMethodAsString - the user provided account recovery setting
     * @returns account recovery setting enum value
     */
    private getAccountRecoverySetting;
    /**
     * Convert user friendly Mfa mode to cognito Mfa Mode.
     * This eliminates the need for users to import cognito.Mfa.
     * @param mfa - MFA settings
     * @returns cognito MFA enforcement mode
     */
    private getMFAMode;
    /**
     * Convert user friendly Mfa type to cognito Mfa type.
     * This eliminates the need for users to import cognito.Mfa.
     * @param mfa - MFA settings
     * @returns cognito MFA type (sms, totp, or email)
     */
    private getMFAType;
    /**
     * Convert user friendly account recovery method to cognito AccountRecover enum.
     * This eliminates the need for users to import cognito.AccountRecovery.
     * @param method - account recovery method as a string value
     * @returns cognito.AccountRecovery enum value
     */
    private convertAccountRecoveryStringToEnum;
    /**
     * Extract the MFA message settings and perform validation.
     * @param mfa - MFA settings
     * @returns mfa message
     */
    private getMFAMessage;
    /**
     * Setup External Providers (OAuth/OIDC/SAML) and related settings
     * such as OAuth settings and User Pool Domains
     */
    private setupExternalProviders;
    /**
     * Converts the simplified mapping type to cognito.AttributeMapping.
     * @param mapping the AttributeMapping to convert to a cognito.AttributeMapping
     * @returns cognito.AttributeMapping
     */
    private convertToCognitoAttributeMapping;
    /**
     * Convert scopes from string list to OAuthScopes.
     * @param scopes - scope list
     * @returns cognito OAuthScopes
     */
    private getOAuthScopes;
    /**
     * Get sign-in policy configuration for passwordless authentication.
     */
    private getSignInPolicy;
    /**
     * Get passkey configuration for WebAuthn.
     */
    private getPasskeyConfig;
    /**
     * Resolve the relying party ID for WebAuthn configuration.
     * Handles AUTO resolution based on deployment context.
     */
    private resolveRelyingPartyId;
    /**
     * Apply USER_AUTH flow to UserPoolClient when passwordless factors are enabled.
     */
    private applyUserAuthFlow;
    /**
     * Validates that the preferredChallenge matches enabled authentication methods
     */
    private validatePreferredChallenge;
    /**
     * Stores auth output using the provided strategy
     */
    private storeOutput;
}
//# sourceMappingURL=construct.d.ts.map