import { type TokenChainResult } from "../../confluent/oauth/token-chain.js"; import type { Auth0Config } from "../../confluent/oauth/types.js"; /** Maximum time to wait for the user to complete the browser PKCE flow. */ export declare const PKCE_LOGIN_TIMEOUT_MS = 120000; /** Reasons a PKCE login can fail. Carried on {@link PkceLoginError}. */ export type PkceLoginFailureReason = "timeout" | "user_aborted" | "port_in_use" | "auth0_unreachable" | "configuration"; /** Structured error so callers can react to the cause of a failed PKCE login. */ export declare class PkceLoginError extends Error { readonly reason: PkceLoginFailureReason; constructor(reason: PkceLoginFailureReason, message: string); } /** * Runs the PKCE flow end-to-end: * - generates verifier / challenge / state * - binds a one-shot HTTP listener on {@link OAUTH_CALLBACK_PORT} * - opens the browser to the Auth0 authorization endpoint * - waits for the redirect carrying the auth code * - exchanges the code for the full Confluent token chain * * Bounded by {@link PKCE_LOGIN_TIMEOUT_MS}. Throws {@link PkceLoginError} on * failure with a structured `reason`. If `signal` aborts before the auth * code arrives, throws `PkceLoginError("user_aborted", ...)` and the finally * block tears down the timer + HTTP server. */ export declare function runPkceLogin(auth0Config: Auth0Config, signal?: AbortSignal): Promise; //# sourceMappingURL=pkce-login.d.ts.map