import { HeadersInit } from 'node-fetch';
/**
 * Options for creating a Token instance.
 */
export interface TokenOptions {
    /** The token type (e.g., "Bearer"). Defaults to "Bearer". */
    tokenType?: string;
    /** The expiration time of the token. */
    expiresAt?: Date;
    /** The refresh token, if available. */
    refreshToken?: string;
    /** The scopes associated with this token. */
    scopes?: string[];
}
/**
 * Options for creating a Token from a JWT string.
 * Does not include expiresAt since it is extracted from the JWT payload.
 */
export type TokenFromJWTOptions = Omit<TokenOptions, 'expiresAt'>;
/**
 * Represents an access token with optional metadata and lifecycle management.
 */
export default class Token {
    private readonly _accessToken;
    private readonly _tokenType;
    private readonly _expiresAt?;
    private readonly _refreshToken?;
    private readonly _scopes?;
    constructor(accessToken: string, options?: TokenOptions);
    /**
     * The access token string.
     */
    get accessToken(): string;
    /**
     * The token type (e.g., "Bearer").
     */
    get tokenType(): string;
    /**
     * The expiration time of the token, if known.
     */
    get expiresAt(): Date | undefined;
    /**
     * The refresh token, if available.
     */
    get refreshToken(): string | undefined;
    /**
     * The scopes associated with this token.
     */
    get scopes(): string[] | undefined;
    /**
     * Checks if the token has expired, including a safety buffer.
     * Returns false if expiration time is unknown.
     */
    isExpired(): boolean;
    /**
     * Sets the Authorization header on the provided headers object.
     * @param headers - The headers object to modify
     * @returns The modified headers object with Authorization set
     */
    setAuthHeader(headers: HeadersInit): HeadersInit;
    /**
     * Creates a Token from a JWT string, extracting the expiration time from the payload.
     * If the JWT cannot be decoded, the token is created without expiration info.
     * The server will validate the token anyway, so decoding failures are handled gracefully.
     * @param jwt - The JWT token string
     * @param options - Additional token options (tokenType, refreshToken, scopes).
     *                  Note: expiresAt is not accepted here as it is extracted from the JWT payload.
     * @returns A new Token instance with expiration extracted from the JWT (if available)
     */
    static fromJWT(jwt: string, options?: TokenFromJWTOptions): Token;
    /**
     * Converts the token to a plain object for serialization.
     */
    toJSON(): Record<string, unknown>;
}