/**
 * Copyright (c) Microsoft Corporation. All rights reserved.
 * Licensed under the MIT License.
 */
import { AuthorizationHandlerStatus, AuthorizationHandler, ActiveAuthorizationHandler, AuthorizationHandlerSettings, AuthorizationHandlerTokenOptions } from '../types';
import { TurnContext } from '../../../turnContext';
import { TokenResponse } from '../../../oauth';
declare enum Category {
    SIGNIN = "signin",
    UNKNOWN = "unknown"
}
/**
 * Active handler manager information.
 */
interface AzureBotActiveHandler extends ActiveAuthorizationHandler {
    /**
     * The number of attempts left for the handler to process in case of failure.
     */
    attemptsLeft: number;
    /**
     * The current category of the handler.
     */
    category?: Category;
}
/**
 * Interface defining an authorization handler configuration.
 * @remarks
 * Properties can be configured via environment variables (case-insensitive).
 * Use the format: `AgentApplication__UserAuthorization__handlers__{handlerId}__settings__{propertyName}`
 * where `{handlerId}` is the handler's unique identifier and `{propertyName}` matches the property name.
 *
 * @example
 * ```env
 * # For a handler with id "myAuth":
 * AgentApplication__UserAuthorization__handlers__myAuth__settings__azureBotOAuthConnectionName=MyConnection
 * AgentApplication__UserAuthorization__handlers__myAuth__settings__oboScopes=api://scope1 api://scope2
 * ```
 */
export interface AzureBotAuthorizationOptions {
    /**
     * The type of authorization handler.
     * This property is optional and should not be set when configuring this handler.
     * It is included here for completeness and type safety.
     */
    type?: 'AzureBotUserAuthorization' | undefined;
    /**
     * Connection name for the auth provider.
     */
    azureBotOAuthConnectionName?: string;
    /**
     * Title to display on auth cards/UI.
     */
    title?: string;
    /**
     * Text to display on auth cards/UI.
     */
    text?: string;
    /**
     * Maximum number of attempts for entering the magic code. Defaults to 2.
     */
    invalidSignInRetryMax?: number;
    /**
     * Message displayed when an invalid code is entered.
     * Use `{code}` as a placeholder to display the entered code.
     * Defaults to: 'The code entered is invalid. Please sign-in again to continue.'
     */
    invalidSignInRetryMessage?: string;
    /**
     * Message displayed when the entered code format is invalid.
     * Use `{attemptsLeft}` as a placeholder to display the number of attempts left.
     * Defaults to: 'Please enter a valid **6-digit** code format (_e.g. 123456_).\r\n**{attemptsLeft} attempt(s) left...**'
     */
    invalidSignInRetryMessageFormat?: string;
    /**
     * Message displayed when the maximum number of attempts is exceeded.
     * Use `{maxAttempts}` as a placeholder to display the maximum number of attempts.
     * Defaults to: 'You have exceeded the maximum number of sign-in attempts ({maxAttempts}).'
     */
    invalidSignInRetryMaxExceededMessage?: string;
    /**
     * Connection name to use for on-behalf-of token acquisition.
     */
    oboConnectionName?: string;
    /**
     * Scopes to request for on-behalf-of token acquisition.
     * @remarks When set via environment variable, use comma or space-separated values (e.g. `scope1,scope2` or `scope1 scope2`).
     */
    oboScopes?: string[];
    /**
     * Option to enable SSO when authenticating using Azure Active Directory (AAD). Defaults to true.
     */
    enableSso?: boolean;
}
/**
 * Settings for configuring the AzureBot authorization handler.
 */
export interface AzureBotAuthorizationSettings extends AuthorizationHandlerSettings {
}
/**
 * Default implementation of an authorization handler using Azure Bot Service.
 */
export declare class AzureBotAuthorization implements AuthorizationHandler {
    readonly id: string;
    private options;
    private settings;
    private _onSuccess?;
    private _onFailure?;
    /**
     * Creates an instance of the AzureBotAuthorization.
     * @param id The unique identifier for the handler.
     * @param options The settings for the handler (must be fully resolved).
     * @param settings The authorization handler settings.
     */
    constructor(id: string, options: AzureBotAuthorizationOptions, settings: AzureBotAuthorizationSettings);
    readonly type = "azurebot";
    /**
     * The OBO scopes configured for this handler.
     */
    get scopes(): string[] | undefined;
    /**
     * Maximum number of attempts for magic code entry.
     */
    private get maxAttempts();
    /**
     * Sets a handler to be called when a user successfully signs in.
     * @param callback The callback function to be invoked on successful sign-in.
     */
    onSuccess(callback: (context: TurnContext) => Promise<void> | void): void;
    /**
     * Sets a handler to be called when a user fails to sign in.
     * @param callback The callback function to be invoked on sign-in failure.
     */
    onFailure(callback: (context: TurnContext, reason?: string) => Promise<void> | void): void;
    /**
     * Retrieves the token for the user, optionally using on-behalf-of flow for specified scopes.
     * @param context The turn context.
     * @param options Optional options for token acquisition, including connection and scopes for on-behalf-of flow.
     * @returns The token response containing the token or undefined if not available.
     */
    token(context: TurnContext, options?: AuthorizationHandlerTokenOptions): Promise<TokenResponse>;
    /**
     * Signs out the user from the service.
     * @param context The turn context.
     * @returns True if the signout was successful, false otherwise.
     */
    signout(context: TurnContext): Promise<boolean>;
    /**
     * Initiates the sign-in process for the handler.
     * @param context The turn context.
     * @param active Optional active handler data.
     * @returns The status of the sign-in attempt.
     */
    signin(context: TurnContext, active?: AzureBotActiveHandler): Promise<AuthorizationHandlerStatus>;
    /**
     * Retrieves the base token from the turn state or the user token client.
     * @param context The turn context.
     * @returns The token string or undefined if not available.
     */
    private getBaseToken;
    /**
     * Acquires an on-behalf-of token for the user based on the provided scopes and connection.
     */
    private getOBOToken;
    /**
     * Checks if a token is exchangeable for an on-behalf-of flow.
     */
    private isExchangeable;
    /**
     * Sets the token from the token response or initiates the sign-in flow.
     */
    private setToken;
    /**
     * Handles sign-in related activities.
     */
    private handleSignInActivities;
    /**
     * Verifies the magic code provided by the user.
     */
    private codeVerification;
    private _key;
    /**
     * Sets the authorization context in the turn state.
     */
    private setContext;
    /**
     * Gets the authorization context from the turn state.
     */
    private getContext;
    /**
     * Gets the user token client from the turn context.
     */
    private getUserTokenClient;
    /**
     * Prefixes a message with the handler ID.
     */
    private prefix;
    /**
     * Predefined messages with dynamic placeholders.
     */
    private messages;
}
export {};