import { type LabeledValue, type LabeledValueWithDescription } from '@dereekb/util';
/**
 * Unique identifier for an oidc-provider interaction session, not to be confused with a Firebase UID/Auth User Identifier.
 *
 * Generated by the provider when user interaction is needed (login/consent).
 * Used to look up the interaction session via cookies and to build
 * backend interaction endpoint URLs (e.g., `/interaction/${uid}/login`).
 *
 * @semanticType
 * @semanticTopic identifier
 * @semanticTopic string
 * @semanticTopic dereekb-firebase:oidc
 */
export type OidcInteractionUid = string;
/**
 * Base type for OIDC scope string unions.
 *
 * Applications define their own scope union extending this type to get
 * compile-time validation of scope names throughout the delegate and config.
 *
 * @example
 * ```typescript
 * type MyScopes = 'openid' | 'profile' | 'email';
 * ```
 *
 * @semanticType
 * @semanticTopic string
 * @semanticTopic dereekb-firebase:oidc
 */
export type OidcScope = string;
/**
 * Scope details with a human-readable label and description.
 */
export type OidcScopeDetails<T extends OidcScope = OidcScope> = LabeledValueWithDescription<T>;
/**
 * A redirect URI registered to an OIDC client.
 *
 * Must be a valid absolute URL (e.g. `https://myapp.example.com/callback`).
 *
 * @semanticType
 * @semanticTopic url
 * @semanticTopic string
 * @semanticTopic dereekb-firebase:oidc
 */
export type OidcRedirectUri = string;
/**
 * Supported values for `token_endpoint_auth_method` when creating an OIDC client.
 */
export type OidcTokenEndpointAuthMethod = 'client_secret_basic' | 'client_secret_post' | 'client_secret_jwt' | 'private_key_jwt';
export declare const PRIVATE_KEY_JWT_TOKEN_ENDPOINT_AUTH_METHOD: OidcTokenEndpointAuthMethod;
/**
 * All available token endpoint auth method options with display labels.
 */
export declare const ALL_OIDC_TOKEN_ENDPOINT_AUTH_METHOD_OPTIONS: LabeledValue<OidcTokenEndpointAuthMethod>[];