import * as z from "zod/v3";
import { OpenEnum } from "../../types/enums.js";
import { Result as SafeParseResult } from "../../types/fp.js";
import { SDKValidationError } from "../errors/sdkvalidationerror.js";
/**
 * The type of authentication being used.
 *
 * @remarks
 * Use 'OAUTH_*' when Glean calls an external API (e.g., Jira) on behalf of a user to obtain an OAuth token.
 * 'OAUTH_ADMIN' utilizes an admin token for external API calls on behalf all users.
 * 'OAUTH_USER' uses individual user tokens for external API calls.
 * 'DWD' refers to domain wide delegation.
 */
export declare const AuthConfigType: {
    readonly None: "NONE";
    readonly OauthUser: "OAUTH_USER";
    readonly OauthAdmin: "OAUTH_ADMIN";
    readonly ApiKey: "API_KEY";
    readonly BasicAuth: "BASIC_AUTH";
    readonly Dwd: "DWD";
};
/**
 * The type of authentication being used.
 *
 * @remarks
 * Use 'OAUTH_*' when Glean calls an external API (e.g., Jira) on behalf of a user to obtain an OAuth token.
 * 'OAUTH_ADMIN' utilizes an admin token for external API calls on behalf all users.
 * 'OAUTH_USER' uses individual user tokens for external API calls.
 * 'DWD' refers to domain wide delegation.
 */
export type AuthConfigType = OpenEnum<typeof AuthConfigType>;
/**
 * The type of grant type being used.
 */
export declare const GrantType: {
    readonly AuthCode: "AUTH_CODE";
    readonly ClientCredentials: "CLIENT_CREDENTIALS";
};
/**
 * The type of grant type being used.
 */
export type GrantType = OpenEnum<typeof GrantType>;
/**
 * Auth status of the tool.
 */
export declare const AuthConfigStatus: {
    readonly AwaitingAuth: "AWAITING_AUTH";
    readonly Authorized: "AUTHORIZED";
    readonly AuthDisabled: "AUTH_DISABLED";
};
/**
 * Auth status of the tool.
 */
export type AuthConfigStatus = OpenEnum<typeof AuthConfigStatus>;
/**
 * The OAuth 2.0 token endpoint authentication method (RFC 7591). Determines how the client authenticates when exchanging an authorization code for a token. client_secret_post sends credentials as form fields, client_secret_basic sends them via Authorization header, none omits client secret and relies on PKCE only. Values use lowercase to match the OAuth 2.0 wire format (RFC 7591 Section 2).
 */
export declare const TokenEndpointAuthMethod: {
    readonly ClientSecretPost: "client_secret_post";
    readonly ClientSecretBasic: "client_secret_basic";
    readonly None: "none";
};
/**
 * The OAuth 2.0 token endpoint authentication method (RFC 7591). Determines how the client authenticates when exchanging an authorization code for a token. client_secret_post sends credentials as form fields, client_secret_basic sends them via Authorization header, none omits client secret and relies on PKCE only. Values use lowercase to match the OAuth 2.0 wire format (RFC 7591 Section 2).
 */
export type TokenEndpointAuthMethod = OpenEnum<typeof TokenEndpointAuthMethod>;
/**
 * Config for tool's authentication method.
 */
export type AuthConfig = {
    /**
     * Whether or not this tool is hosted on-premise.
     */
    isOnPrem?: boolean | undefined;
    /**
     * Whether or not this uses central auth.
     */
    usesCentralAuth?: boolean | undefined;
    /**
     * The type of authentication being used.
     *
     * @remarks
     * Use 'OAUTH_*' when Glean calls an external API (e.g., Jira) on behalf of a user to obtain an OAuth token.
     * 'OAUTH_ADMIN' utilizes an admin token for external API calls on behalf all users.
     * 'OAUTH_USER' uses individual user tokens for external API calls.
     * 'DWD' refers to domain wide delegation.
     */
    type?: AuthConfigType | undefined;
    /**
     * The type of grant type being used.
     */
    grantType?: GrantType | undefined;
    /**
     * Auth status of the tool.
     */
    status?: AuthConfigStatus | undefined;
    /**
     * The URL where users will be directed to start the OAuth flow.
     */
    clientUrl?: string | undefined;
    /**
     * A list of strings denoting the different scopes or access levels required by the tool.
     */
    scopes?: Array<string> | undefined;
    /**
     * A list of strings denoting the different audience which can access the tool.
     */
    audiences?: Array<string> | undefined;
    /**
     * The OAuth provider's endpoint, where access tokens are requested.
     */
    authorizationUrl?: string | undefined;
    /**
     * The OAuth 2.0 Resource Indicator (RFC 8707) for the protected resource. Discovered from Protected Resource Metadata (RFC 9728) during DCR. Included in authorization and token exchange requests when present.
     */
    resource?: string | undefined;
    /**
     * The OAuth 2.0 token endpoint authentication method (RFC 7591). Determines how the client authenticates when exchanging an authorization code for a token. client_secret_post sends credentials as form fields, client_secret_basic sends them via Authorization header, none omits client secret and relies on PKCE only. Values use lowercase to match the OAuth 2.0 wire format (RFC 7591 Section 2).
     */
    tokenEndpointAuthMethod?: TokenEndpointAuthMethod | undefined;
    /**
     * The time the tool was last authorized in ISO format (ISO 8601).
     */
    lastAuthorizedAt?: Date | undefined;
};
/** @internal */
export declare const AuthConfigType$inboundSchema: z.ZodType<AuthConfigType, z.ZodTypeDef, unknown>;
/** @internal */
export declare const AuthConfigType$outboundSchema: z.ZodType<string, z.ZodTypeDef, AuthConfigType>;
/** @internal */
export declare const GrantType$inboundSchema: z.ZodType<GrantType, z.ZodTypeDef, unknown>;
/** @internal */
export declare const GrantType$outboundSchema: z.ZodType<string, z.ZodTypeDef, GrantType>;
/** @internal */
export declare const AuthConfigStatus$inboundSchema: z.ZodType<AuthConfigStatus, z.ZodTypeDef, unknown>;
/** @internal */
export declare const AuthConfigStatus$outboundSchema: z.ZodType<string, z.ZodTypeDef, AuthConfigStatus>;
/** @internal */
export declare const TokenEndpointAuthMethod$inboundSchema: z.ZodType<TokenEndpointAuthMethod, z.ZodTypeDef, unknown>;
/** @internal */
export declare const TokenEndpointAuthMethod$outboundSchema: z.ZodType<string, z.ZodTypeDef, TokenEndpointAuthMethod>;
/** @internal */
export declare const AuthConfig$inboundSchema: z.ZodType<AuthConfig, z.ZodTypeDef, unknown>;
/** @internal */
export type AuthConfig$Outbound = {
    isOnPrem?: boolean | undefined;
    usesCentralAuth?: boolean | undefined;
    type?: string | undefined;
    grantType?: string | undefined;
    status?: string | undefined;
    client_url?: string | undefined;
    scopes?: Array<string> | undefined;
    audiences?: Array<string> | undefined;
    authorization_url?: string | undefined;
    resource?: string | undefined;
    token_endpoint_auth_method?: string | undefined;
    lastAuthorizedAt?: string | undefined;
};
/** @internal */
export declare const AuthConfig$outboundSchema: z.ZodType<AuthConfig$Outbound, z.ZodTypeDef, AuthConfig>;
export declare function authConfigToJSON(authConfig: AuthConfig): string;
export declare function authConfigFromJSON(jsonString: string): SafeParseResult<AuthConfig, SDKValidationError>;
//# sourceMappingURL=authconfig.d.ts.map