import type { BaseLogger } from 'pino';
import type { DynamicRegistrationConfig } from '../interfaces/ltiConfig.js';
import type { LTIDynamicRegistrationSession } from '../interfaces/ltiDynamicRegistrationSession.js';
import type { LTIStorage } from '../interfaces/ltiStorage.js';
import type { DynamicRegistrationForm } from '../schemas/lti13/dynamicRegistration/ltiDynamicRegistration.schema.js';
import { type OpenIDConfiguration } from '../schemas/lti13/dynamicRegistration/openIDConfiguration.schema.js';
import type { RegistrationRequest } from '../schemas/lti13/dynamicRegistration/registrationRequest.schema.js';
/**
 * Service for handling LTI 1.3 dynamic registration workflows.
 *
 * Provides a complete implementation of the LTI 1.3 Dynamic Registration specification,
 * enabling tools to automatically register with LTI platforms without manual configuration.
 * Handles the full registration lifecycle from initiation to completion with security validation.
 *
 * ## Key Features
 * - **Platform Discovery**: Fetches and validates OpenID Connect configuration from LTI platforms
 * - **Security Validation**: Enforces hostname matching and session-based CSRF protection
 * - **Platform Profiles**: Uses a generic registration flow with targeted platform-specific message overrides only where needed
 * - **Service Selection**: Allows administrators to choose which LTI Advantage services to enable (AGS, NRPS, Deep Linking)
 * - **Automatic Storage**: Persists client and deployment configurations for future launches
 *
 * ## Registration Flow
 * 1. **Initiation**: Platform redirects to tool with registration request
 * 2. **Discovery**: Tool fetches platform's OpenID Connect configuration
 * 3. **Form Generation**: Tool presents service selection form to administrator
 * 4. **Registration**: Tool submits registration payload to platform
 * 5. **Storage**: Tool stores received client credentials and deployment information
 *
 * ## Security Features
 * - Session-based registration with 15-minute expiration
 * - CSRF protection via secure session tokens
 * - Hostname validation between OIDC endpoint and issuer
 * - One-time session consumption to prevent replay attacks
 *
 * @example
 * ```typescript
 * const service = new DynamicRegistrationService(
 *   storage,
 *   dynamicRegistrationConfig,
 *   logger
 * );
 *
 * // Initiate registration
 * const formHtml = await service.initiateDynamicRegistration(request, '/lti/register');
 *
 * // Complete registration
 * const successHtml = await service.completeDynamicRegistration(formData);
 * ```
 *
 * @see https://www.imsglobal.org/spec/lti-dr/v1p0 LTI 1.3 Dynamic Registration specification
 */
export declare class DynamicRegistrationService {
    private storage;
    private dynamicRegistrationConfig;
    private logger;
    /**
     * Creates a new DynamicRegistrationService instance.
     *
     * @param storage - Storage adapter for persisting client and deployment configurations
     * @param dynamicRegistrationConfig - Tool configuration including URLs and service settings
     * @param logger - Logger instance for debug and error logging
     */
    constructor(storage: LTIStorage, dynamicRegistrationConfig: DynamicRegistrationConfig, logger: BaseLogger);
    /**
     * Fetches and validates the OpenID Connect configuration from an LTI platform during dynamic registration.
     * Validates that the OIDC endpoint and issuer have matching hostnames for security.
     *
     * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token
     * @returns Validated OpenID configuration with platform endpoints and supported features
     * @throws {Error} When the configuration fetch fails, validation fails, or hostname mismatch detected
     */
    fetchPlatformConfiguration(registrationRequest: RegistrationRequest): Promise<OpenIDConfiguration>;
    /**
     * Initiates LTI 1.3 dynamic registration by fetching platform configuration and generating a registration form.
     * Creates a temporary session and returns HTML form for service selection.
     *
     * @param registrationRequest - Registration request containing openid_configuration URL and optional registration_token
     * @param requestPath - Current request path used to build form action URLs
     * @returns HTML form for service selection and registration completion
     * @throws {Error} When platform configuration fetch fails or session creation fails
     */
    initiateDynamicRegistration(registrationRequest: RegistrationRequest, requestPath: string): Promise<string>;
    /**
     * Completes LTI 1.3 dynamic registration by processing form submission and storing client configuration.
     * Validates session, registers with platform, stores client/deployment data, and returns success page.
     *
     * @param dynamicRegistrationForm - Validated form data containing selected services and session token
     * @returns HTML success page with registration details and close button
     * @throws {Error} When session is invalid, registration fails, or storage operations fail
     */
    completeDynamicRegistration(dynamicRegistrationForm: DynamicRegistrationForm): Promise<string>;
    /**
     * Verifies and consumes a registration session token for security validation.
     * Retrieves the session data and immediately deletes it to prevent replay attacks.
     *
     * @param sessionToken - UUID session token from the registration form
     * @returns Session data if valid and not expired, undefined otherwise
     */
    verifyRegistrationSession(sessionToken: string): Promise<LTIDynamicRegistrationSession | undefined>;
    /**
     * Builds array of OAuth scopes based on selected LTI services during registration.
     * Maps service selections to their corresponding LTI Advantage scope URIs.
     *
     * @param selectedServices - Array of service names selected by administrator ('ags', 'nrps', etc.)
     * @returns Array of OAuth scope URIs to request from the platform
     */
    private buildScopes;
    /**
     * Constructs the complete tool registration payload for platform submission.
     * Combines tool configuration, selected services, and OAuth parameters into LTI 1.3 registration format.
     *
     * @param selectedServices - Array of service names selected by administrator
     * @param openIdConfiguration - OpenID configuration used to select any platform-specific profile overrides
     * @returns Complete registration payload ready for platform submission
     */
    private buildRegistrationPayload;
    private validateDynamicRegistrationResponse;
    private getRegistrationSuccessHtml;
}
//# sourceMappingURL=dynamicRegistration.service.d.ts.map