/**
 * PKCE (Proof Key for Code Exchange) cryptographic utilities.
 * Implements RFC 7636 S256 challenge method.
 *
 * @internal This module is not exported from the main package.
 */
/**
 * Generate a code verifier for PKCE.
 * Uses 32 random bytes encoded as base64url (43 characters).
 *
 * Per RFC 7636: code_verifier must be 43-128 characters using unreserved characters.
 */
export declare function generateCodeVerifier(): string;
/**
 * Compute the S256 code challenge from a verifier.
 * challenge = BASE64URL(SHA256(verifier))
 *
 * Per RFC 7636: S256 method uses SHA-256 hash of the verifier.
 */
export declare function computeCodeChallenge(verifier: string): string;
/**
 * Generate a state parameter for CSRF protection.
 * Uses 16 random bytes encoded as base64url (22 characters).
 */
export declare function generateState(): string;
//# sourceMappingURL=pkce.d.ts.map