import { z } from 'zod';
import { type CreateSecret } from '../db-entries/secret.js';
import { SecretType } from '../foundations/index.js';
export declare const encryptedSecretGuard: z.ZodObject<Pick<{
    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
    id: z.ZodType<string, z.ZodTypeDef, string>;
    userId: z.ZodType<string, z.ZodTypeDef, string>;
    type: z.ZodType<SecretType, z.ZodTypeDef, SecretType>;
    encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    metadata: z.ZodType<import("@withtyped/server/lib/types.js").JsonObject, z.ZodTypeDef, import("@withtyped/server/lib/types.js").JsonObject>;
    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
}, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}, {
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}>;
export type EncryptedSecret = z.infer<typeof encryptedSecretGuard>;
export declare const tokenSetGuard: z.ZodObject<{
    id_token: z.ZodOptional<z.ZodString>;
    access_token: z.ZodString;
    refresh_token: z.ZodOptional<z.ZodString>;
}, "strip", z.ZodTypeAny, {
    access_token: string;
    id_token?: string | undefined;
    refresh_token?: string | undefined;
}, {
    access_token: string;
    id_token?: string | undefined;
    refresh_token?: string | undefined;
}>;
export type TokenSet = z.infer<typeof tokenSetGuard>;
export declare const tokenSetMetadataGuard: z.ZodObject<{
    scope: z.ZodOptional<z.ZodString>;
    expiresAt: z.ZodOptional<z.ZodNumber>;
    tokenType: z.ZodOptional<z.ZodString>;
    hasRefreshToken: z.ZodBoolean;
}, "strip", z.ZodTypeAny, {
    hasRefreshToken: boolean;
    scope?: string | undefined;
    expiresAt?: number | undefined;
    tokenType?: string | undefined;
}, {
    hasRefreshToken: boolean;
    scope?: string | undefined;
    expiresAt?: number | undefined;
    tokenType?: string | undefined;
}>;
export type TokenSetMetadata = z.infer<typeof tokenSetMetadataGuard>;
export declare const encryptedTokenSetGuard: z.ZodObject<{
    encryptedTokenSetBase64: z.ZodString;
    metadata: z.ZodObject<{
        scope: z.ZodOptional<z.ZodString>;
        expiresAt: z.ZodOptional<z.ZodNumber>;
        tokenType: z.ZodOptional<z.ZodString>;
        hasRefreshToken: z.ZodBoolean;
    }, "strip", z.ZodTypeAny, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }>;
}, "strip", z.ZodTypeAny, {
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    encryptedTokenSetBase64: string;
}, {
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    encryptedTokenSetBase64: string;
}>;
export type EncryptedTokenSet = z.infer<typeof encryptedTokenSetGuard>;
export type CreateSocialTokenSetSecret = CreateSecret & {
    metadata: TokenSetMetadata;
};
export declare const secretSocialConnectorRelationPayloadGuard: z.ZodObject<Pick<{
    tenantId: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
    secretId: z.ZodType<string, z.ZodTypeDef, string>;
    connectorId: z.ZodType<string, z.ZodTypeDef, string>;
    target: z.ZodType<string, z.ZodTypeDef, string>;
    identityId: z.ZodType<string, z.ZodTypeDef, string>;
}, "connectorId" | "target" | "identityId">, "strip", z.ZodTypeAny, {
    connectorId: string;
    target: string;
    identityId: string;
}, {
    connectorId: string;
    target: string;
    identityId: string;
}>;
export type SecretSocialConnectorRelationPayload = z.infer<typeof secretSocialConnectorRelationPayloadGuard>;
export declare const secretEnterpriseSsoConnectorRelationPayloadGuard: z.ZodObject<Pick<{
    tenantId: z.ZodOptional<z.ZodType<string, z.ZodTypeDef, string>>;
    secretId: z.ZodType<string, z.ZodTypeDef, string>;
    ssoConnectorId: z.ZodType<string, z.ZodTypeDef, string>;
    issuer: z.ZodType<string, z.ZodTypeDef, string>;
    identityId: z.ZodType<string, z.ZodTypeDef, string>;
}, "issuer" | "ssoConnectorId" | "identityId">, "strip", z.ZodTypeAny, {
    issuer: string;
    ssoConnectorId: string;
    identityId: string;
}, {
    issuer: string;
    ssoConnectorId: string;
    identityId: string;
}>;
export type SecretEnterpriseSsoConnectorRelationPayload = z.infer<typeof secretEnterpriseSsoConnectorRelationPayloadGuard>;
export declare const socialTokenSetSecretGuard: z.ZodObject<{
    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
    id: z.ZodType<string, z.ZodTypeDef, string>;
    userId: z.ZodType<string, z.ZodTypeDef, string>;
    encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
} & {
    type: z.ZodLiteral<SecretType>;
    metadata: z.ZodObject<{
        scope: z.ZodOptional<z.ZodString>;
        expiresAt: z.ZodOptional<z.ZodNumber>;
        tokenType: z.ZodOptional<z.ZodString>;
        hasRefreshToken: z.ZodBoolean;
    }, "strip", z.ZodTypeAny, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }>;
    connectorId: z.ZodString;
    identityId: z.ZodString;
    target: z.ZodString;
}, "strip", z.ZodTypeAny, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    updatedAt: number;
    connectorId: string;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    target: string;
    identityId: string;
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    updatedAt: number;
    connectorId: string;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    target: string;
    identityId: string;
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}>;
/**
 * Social token set secret type
 * - Secret type is `FederatedTokenSet`
 * - Metadata is the social connector token set metadata
 * - Joined with the social connector relation
 */
export type SocialTokenSetSecret = z.infer<typeof socialTokenSetSecretGuard>;
export declare const desensitizedSocialTokenSetSecretGuard: z.ZodObject<Omit<{
    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
    id: z.ZodType<string, z.ZodTypeDef, string>;
    userId: z.ZodType<string, z.ZodTypeDef, string>;
    encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
} & {
    type: z.ZodLiteral<SecretType>;
    metadata: z.ZodObject<{
        scope: z.ZodOptional<z.ZodString>;
        expiresAt: z.ZodOptional<z.ZodNumber>;
        tokenType: z.ZodOptional<z.ZodString>;
        hasRefreshToken: z.ZodBoolean;
    }, "strip", z.ZodTypeAny, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }>;
    connectorId: z.ZodString;
    identityId: z.ZodString;
    target: z.ZodString;
}, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    updatedAt: number;
    connectorId: string;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    target: string;
    identityId: string;
}, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    updatedAt: number;
    connectorId: string;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    target: string;
    identityId: string;
}>;
export type DesensitizedSocialTokenSetSecret = z.infer<typeof desensitizedSocialTokenSetSecretGuard>;
export declare const enterpriseSsoTokenSetSecretGuard: z.ZodObject<{
    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
    id: z.ZodType<string, z.ZodTypeDef, string>;
    userId: z.ZodType<string, z.ZodTypeDef, string>;
    encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
} & {
    type: z.ZodLiteral<SecretType>;
    metadata: z.ZodObject<{
        scope: z.ZodOptional<z.ZodString>;
        expiresAt: z.ZodOptional<z.ZodNumber>;
        tokenType: z.ZodOptional<z.ZodString>;
        hasRefreshToken: z.ZodBoolean;
    }, "strip", z.ZodTypeAny, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }>;
    ssoConnectorId: z.ZodString;
    issuer: z.ZodString;
    identityId: z.ZodString;
}, "strip", z.ZodTypeAny, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    issuer: string;
    updatedAt: number;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    ssoConnectorId: string;
    identityId: string;
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    issuer: string;
    updatedAt: number;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    ssoConnectorId: string;
    identityId: string;
    encryptedDek: import("../foundations/index.js").BufferLike;
    iv: import("../foundations/index.js").BufferLike;
    authTag: import("../foundations/index.js").BufferLike;
    ciphertext: import("../foundations/index.js").BufferLike;
}>;
/**
 * Enterprise SSO token set secret type
 * - Secret type is `FederatedTokenSet`
 * - Metadata is the Enterprise SSO connector token set metadata
 * - Joined with the Enterprise SSO connector relation
 */
export type EnterpriseSsoTokenSetSecret = z.infer<typeof enterpriseSsoTokenSetSecretGuard>;
export declare const desensitizedEnterpriseSsoTokenSetSecretGuard: z.ZodObject<Omit<{
    tenantId: z.ZodType<string, z.ZodTypeDef, string>;
    id: z.ZodType<string, z.ZodTypeDef, string>;
    userId: z.ZodType<string, z.ZodTypeDef, string>;
    encryptedDek: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    iv: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    authTag: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    ciphertext: z.ZodType<Buffer, z.ZodTypeDef, Buffer>;
    createdAt: z.ZodType<number, z.ZodTypeDef, number>;
    updatedAt: z.ZodType<number, z.ZodTypeDef, number>;
} & {
    type: z.ZodLiteral<SecretType>;
    metadata: z.ZodObject<{
        scope: z.ZodOptional<z.ZodString>;
        expiresAt: z.ZodOptional<z.ZodNumber>;
        tokenType: z.ZodOptional<z.ZodString>;
        hasRefreshToken: z.ZodBoolean;
    }, "strip", z.ZodTypeAny, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }, {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    }>;
    ssoConnectorId: z.ZodString;
    issuer: z.ZodString;
    identityId: z.ZodString;
}, "encryptedDek" | "iv" | "authTag" | "ciphertext">, "strip", z.ZodTypeAny, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    issuer: string;
    updatedAt: number;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    ssoConnectorId: string;
    identityId: string;
}, {
    type: SecretType;
    id: string;
    userId: string;
    tenantId: string;
    createdAt: number;
    issuer: string;
    updatedAt: number;
    metadata: {
        hasRefreshToken: boolean;
        scope?: string | undefined;
        expiresAt?: number | undefined;
        tokenType?: string | undefined;
    };
    ssoConnectorId: string;
    identityId: string;
}>;
export type DesensitizedEnterpriseSsoTokenSetSecret = z.infer<typeof desensitizedEnterpriseSsoTokenSetSecretGuard>;
export type DesensitizedTokenSetSecret<T extends SocialTokenSetSecret | EnterpriseSsoTokenSetSecret> = Omit<T, 'encryptedDek' | 'iv' | 'authTag' | 'ciphertext'>;
export declare const getThirdPartyAccessTokenResponseGuard: z.ZodObject<{
    scope: z.ZodOptional<z.ZodString>;
    expires_in: z.ZodOptional<z.ZodUnion<[z.ZodNumber, z.ZodString]>>;
    token_type: z.ZodOptional<z.ZodString>;
} & {
    access_token: z.ZodString;
}, "strip", z.ZodTypeAny, {
    access_token: string;
    scope?: string | undefined;
    expires_in?: string | number | undefined;
    token_type?: string | undefined;
}, {
    access_token: string;
    scope?: string | undefined;
    expires_in?: string | number | undefined;
    token_type?: string | undefined;
}>;
export type GetThirdPartyAccessTokenResponse = z.infer<typeof getThirdPartyAccessTokenResponseGuard>;