import type { GetTokenOptions } from "@azure/core-auth";
import type { AuthorizeRequestOnChallengeOptions, ChallengeCallbacks, AuthorizeRequestOptions } from "@azure/core-rest-pipeline";
import type { ContainerRegistryRefreshTokenCredential } from "./containerRegistryTokenCredential.js";
/**
 * Handles challenge based authentication for Container Registry Service.
 *```
 *  The challenge-based authorization flow for ACR is illustrated in the following steps.
 *  For example, GET /api/v1/acr/repositories translates into the following calls.
 *      Step 1: GET /api/v1/acr/repositories
 *  Return Header: 401: www-authenticate header - Bearer realm="{url}",service="{serviceName}",scope="{scope}",error="invalid_token"
 *      Step 2: Retrieve the serviceName, scope from the WWW-Authenticate header.  (Parse the string.)
 *      Step 3: POST /api/oauth2/exchange
 *  Request Body : { service, scope, grant-type, aadToken with ARM scope }
 *  Response Body: { acrRefreshToken }
 *      Step 4: POST /api/oauth2/token
 *  Request Body: { acrRefreshToken, scope, grant-type }
 *  Response Body: { acrAccessToken }
 *      Step 5: GET /api/v1/acr/repositories
 *  Request Header: { Bearer acrTokenAccess }
 *```
 */
export declare class ChallengeHandler implements ChallengeCallbacks {
    private credential;
    private options;
    private readonly cycler;
    private cachedAcrAccessToken;
    constructor(credential: ContainerRegistryRefreshTokenCredential, options?: GetTokenOptions);
    authorizeRequest(options: AuthorizeRequestOptions): Promise<void>;
    /**
     * Updates  the authentication context based on the challenge.
     */
    authorizeRequestOnChallenge(options: AuthorizeRequestOnChallengeOptions): Promise<boolean>;
}
//# sourceMappingURL=containerRegistryChallengeHandler.d.ts.map