import { BaseClient } from 'openid-client';
import { SocialProvider } from '..';
import { Role } from '../../entity-module';
import { SelectivelyPartial } from '../../lib/SelectivelyPartial';
import { MapSocialUserToOrganizationMember, SocialValidation } from './social-provider';
export type OidcResponseType = 'id_token' | 'token' | 'code';
export type OidcResponseMode = 'form_post' | 'fragment' | 'query';
export type OpenIdConnectSocialProviderOptions<TProviderTokenClaims extends Record<string, unknown> = Record<string, unknown>> = {
    key: string;
    label: string;
    issuer: string;
    clientId: string;
    clientSecret?: string;
    redirectUri: string;
    /**
     * @default ['id_token']
     */
    responseType: OidcResponseType[];
    /**
     * @default 'form_post'
     */
    responseMode: OidcResponseMode;
    additionalScopes?: string[];
    mapToMembership?: MapSocialUserToOrganizationMember<TProviderTokenClaims> | SimpleRoleMap;
};
export type OpenIdConnectSocialProviderOptionsInput<TProviderTokenClaims extends Record<string, unknown> = Record<string, unknown>> = SelectivelyPartial<OpenIdConnectSocialProviderOptions<TProviderTokenClaims>, 'responseType' | 'responseMode'>;
export declare class OpenIdConnectSocialProvider<TProviderTokenClaims extends Record<string, unknown> = Record<string, unknown>> implements SocialProvider<TProviderTokenClaims> {
    name: string;
    label: string;
    client?: BaseClient;
    options: OpenIdConnectSocialProviderOptions<TProviderTokenClaims>;
    mapToMembership: MapSocialUserToOrganizationMember<TProviderTokenClaims> | undefined;
    constructor(options: OpenIdConnectSocialProviderOptionsInput<TProviderTokenClaims>);
    init(): Promise<void>;
    createAuthorizationUrl(): Promise<{
        nonce: string;
        authUrl: string;
    }>;
    validate(request: SocialValidation): Promise<{
        socialProfile: {
            provider: string;
            providerUserId: string;
            accessToken: string | undefined;
            email: string;
            emailVerified: boolean | undefined;
            name: {
                givenName: string | undefined;
                familyName: string | undefined;
            };
        };
        providerTokenClaims: TProviderTokenClaims;
    }>;
}
export type SimpleRoleMap = {
    organization: string;
    roles?: Map<string, Role[]>;
    defaultRole?: Role[];
};
export declare function mapProviderRoles<TProviderTokenClaims extends Record<string, unknown>>(roleMap: SimpleRoleMap): MapSocialUserToOrganizationMember<TProviderTokenClaims>;