import { Observable, Subject } from 'rxjs';
import { AuthConfig } from './auth-config';
import { AuthEvent } from './auth-event';
import { ClientPrincipal } from './client-principal';
import { IdentityProviderSelectorService } from './identity-provider-selector.service';
import { StorageService } from './storage.service';
import * as i0 from "@angular/core";
/**
 * The shape for an allowed (aka required) role
 */
export declare type AllowedRole = string | AllowedRole[];
/**
 * Options that control the behaviour when purging user information
 */
export interface PurgeOptions {
    /**
     * Purge the data for all applications (defaults to just this application)?
     */
    globally?: boolean;
}
/**
 * Options that control the login behaviour
 */
export interface LoginOptions {
    /**
     * The identity provider to login with.
     * Defaults to the first entry in `AuthConfig.identityProviders`. This can be customized by
     * registering your own `IdentityProviderSelectorService`
     * @example
     * ```ts
     * // app.module...
     * imports: [
     *   AuthModule.forRoot({
     *     identityProviderSelectorType: YourIdentityProviderSelectorService
     *   })
     * ]
     * ```
     */
    identityProvider?: string;
    /**
     * The client-side url to redirect to after the user has been authenticated
     */
    redirectUrl?: string;
    /**
     * Is this a sign-up request or no? (defaults to `false`)
     */
    isSignUp?: boolean;
}
/**
 * The main service for working with authenticated users
 */
export declare class AuthService {
    private config;
    private storage;
    private idpSelectorService;
    /**
     * Return the current authenticated user or `null` when the user is not authenticated.
     *
     * The first subscriber will trigger a fetch from the built-in user api endpoint. Late subscribers will then receive
     * the last value emitted.
     *
     */
    currentUser$: Observable<ClientPrincipal | null>;
    /**
     * The identity providers available to login with.
     * Note: This is just a convenient alias of `AuthConfig.identityProviders`
     */
    readonly identityProviders: import("@christianacca/angular-swa-auth").IdentityProviderInfo<string>[];
    /**
     * Return whether the user is authenticated.
     *
     * This status will NOT be re-evaluated if the `userLoaded$`'s
     * authenticated session expires
     *
     */
    isAuthenticated$: Observable<boolean>;
    protected sessionEvents: Subject<AuthEvent>;
    /**
     * Authentication session events as they occur
     */
    sessionEvents$: Observable<AuthEvent>;
    private currentIdp$;
    constructor(config: AuthConfig, storage: StorageService, idpSelectorService: IdentityProviderSelectorService);
    /**
     * Ensure that login has already occurred and therefore the user object is loaded.
     * Where login has not already occurred, then initiate the login flow.
     *
     * IMPORTANT: when login has not already occurred, the browser will be redirected to the IDP
     *
     * @param targetUrl The client-side url to redirect to after the user has been authenticated
     * @returns `true` when login has already occurred, `false` otherwise
     * @see `login`
     */
    ensureLoggedIn(targetUrl?: string): Promise<boolean>;
    /**
     * Does the current user have one or more of the `allowedRoles` supplied.
     *
     * Note: because the observable returned completes, consumers do NOT have to unsubscribe from it
     *
     * @param allowedRoles The list of roles to check
     * @return {Observable<boolean>} an observable that returns true/false and then completes
     */
    hasSomeRoles$(allowedRoles: AllowedRole[]): Observable<boolean>;
    /**
     * Trigger the login flow, redirecting the browser to the identity provider.
     * @param options The options that control the login behaviour
     * @returns {boolean} false when the identity provider to login with is not selected, true otherwise
     */
    login(options?: LoginOptions): Promise<boolean>;
    /**
     * Trigger the logout flow. This is a no-op when the user is not already authenticated
     * @param redirectUrl The url to redirect to after the user has been logged out
     * @returns {boolean} false when the user is not already authenticated, true otherwise
     */
    logout(redirectUrl?: string): Promise<boolean>;
    /**
     * Purge user consent information stored at the identity provider for the currently authenticated user.
     * This is a no-op when the user is not already authenticated.
     * IMPORTANT: this will redirect the browser, landing back at the base url for the application
     * @param options The options that control the purge behaviour
     * @returns {boolean} false when the user is authenticated, true otherwise
     */
    purge(options?: PurgeOptions): Promise<boolean>;
    /**
     * Http implementation to perform a GET request to fetch json. The default implementation uses the
     * `fetch` browser api
     * @param url the url of http json endpoint
     */
    protected httpGet<T>(url: string): Promise<T> | Observable<T>;
    /**
     * Initiate the browser redirect to azure static web apps auth html endpoints
     * @param url The full url of the auth html endpoint to redirect the browser to
     */
    protected redirectToIdentityProvider(url: string): void;
    protected setSigningUpFlag(): void;
    protected popSigningUpFlag(): boolean;
    private publishAuthenticatedSuccessEvents;
    private selectIdentityProvider;
    static ɵfac: i0.ɵɵFactoryDeclaration<AuthService, never>;
    static ɵprov: i0.ɵɵInjectableDeclaration<AuthService>;
}