import { EventEmitter2 } from "@nestjs/event-emitter";
import { DataSource } from "typeorm";
import { GarmrOptions } from "../garmr.options";
import { Authenticatable } from "../interfaces/authenticatable.interface";
import { TokenService } from "./token.service";
/**
 * Handles user authentication by validating session tokens against stored entities.
 *
 * Accepts a raw JWT token string (not a full Authorization header).
 * Bearer/Cookie extraction is handled by the respective middlewares.
 */
export declare class AuthenticationService {
    private readonly options;
    private readonly tokenService;
    private readonly datasource;
    private readonly eventEmitter;
    constructor(options: GarmrOptions, tokenService: TokenService, datasource: DataSource, eventEmitter: EventEmitter2);
    /**
     * Authenticates a user by validating a raw JWT session token.
     *
     * - Token is verified via TokenService (HS256 algorithm enforced)
     * - Audience must be "session"
     * - User is looked up by the `sub` claim
     *
     * @param token - Raw JWT token string
     * @returns The authenticated entity
     * @throws {@link InvalidCredentialsException} if token is null/undefined, invalid, expired, wrong audience, or missing sub
     * @throws {@link IncorrectCredentialsException} if user in token doesn't exist
     *
     * @fires garmr.authenticated
     */
    authenticate<T extends Authenticatable>(token: string): Promise<T>;
}