/**
 * PKCE (Proof Key for Code Exchange) utilities for OAuth 2.1
 *
 * Implements RFC 7636 S256 method:
 * - code_verifier: high-entropy cryptographic random string (43-128 chars)
 * - code_challenge: BASE64URL(SHA256(code_verifier))
 */
/**
 * Generate a cryptographically secure PKCE code_verifier.
 * Uses unreserved characters as per RFC 7636: [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
 *
 * @param length - Length of verifier (default 43, min 43, max 128)
 * @returns Base64URL-safe random string
 */
export declare function generatePkceVerifier(length?: number): string;
/**
 * Compute PKCE code_challenge from code_verifier using S256 method.
 *
 * @param verifier - The code_verifier string
 * @returns Base64URL-encoded SHA256 hash of verifier
 */
export declare function computePkceChallenge(verifier: string): Promise<string>;
/**
 * Generate both PKCE verifier and challenge.
 *
 * @param length - Length of verifier (default 43)
 * @returns Object with { verifier, challenge }
 */
export declare function generatePkce(length?: number): Promise<{
    verifier: string;
    challenge: string;
}>;