import { OAuthScope } from './oauthCommon.ts';
export type InstantDBOAuthAccessToken = {
    /**
     * Token that can be used to access the Instant platform API on behalf of a user
     */
    token: string;
    /**
     * The date when the token expires (2 weeks from when it was issued by default)
     */
    expiresAt: Date;
};
export declare function handleClientRedirect(): () => void;
export declare function startInstantOAuthClientOnlyFlow({ clientId, apiURI, redirectUri, scopes, }: {
    clientId: string;
    apiURI: string;
    redirectUri: string;
    scopes: OAuthScope[];
}): Promise<InstantDBOAuthAccessToken>;
/**
 * Configuration for {@link OAuthHandler}.
 */
export interface OAuthHandlerConfig {
    /**
     * Must exactly match one of the **Authorized Redirect URIs** in your OAuth
     * client settings on the Instant dashboard.
     */
    redirectUri: string;
    /** OAuth client ID from the Instant dashboard. */
    clientId: string;
    /**
     * Optional Instant API base-URL.
     * Defaults to `https://api.instantdb.com`.
     */
    apiURI?: string | null;
}
/**
 * Thin wrapper that drives InstantDB’s browser-only OAuth flow.
 */
export declare class OAuthHandler {
    /** Redirect URI that the provider will call back into. */
    readonly redirectUri: string;
    /** OAuth client ID. */
    readonly clientId: string;
    /**
     * Base URL for InstantDB’s REST API.
     * Defaults to `https://api.instantdb.com`.
     */
    readonly apiURI: string;
    constructor(config: OAuthHandlerConfig);
    /**
     * **Client-only flow** using PKCE (no client-secret required).
     * Opens a popup to start the OAuth flow.
     * Returns an {@link InstantDBOAuthAccessToken}.
     * *Refresh tokens are **not** available in this flow.*
     *
     * @example
     * const oauthHandler = new OAuthHandler({
     *   clientId: YOUR_CLIENT_ID,
     *   redirectUri: YOUR_REDIRECT_URI,
     * });
     *
     * function ConnectToInstant() {
     *   const handleConnect = async () => {
     *     try {
     *       const token = await oauthHandler.startClientOnlyFlow(['apps-write']);
     *       console.log('success!', token)
     *     } catch (e) {
     *       console.log('OAuth flow failed', e);
     *     }
     *   }
     *   return <button onClick={handleConnect}>Connect to Instant</button>
     * }
     */
    startClientOnlyFlow(scopes: OAuthScope[]): Promise<InstantDBOAuthAccessToken>;
    /**
     * Call from the page served at {@link OAuthHandlerConfig.redirectUri}.
     * Parses `state` & `code` from the URL, exchanges them for an access token,
     * then automatically closes the popup/window.
     *
     * @example
     * ```tsx
     * const oauthHandler = new OAuthHandler({
     *   clientId: YOUR_CLIENT_ID,
     *   redirectUri: YOUR_REDIRECT_URI,
     * })
     *
     * function RedirectPage() {
     *   useEffect(() => {
     *     return oauthHandler.handleClientRedirect();
     *   }, []);
     *   return <div>Loading…</div>;
     * }
     * ```
     */
    handleClientRedirect(): () => void;
}
//# sourceMappingURL=oauth.d.ts.map