/**
 * Client Assertion Generation for private_key_jwt
 *
 * Generates JWT client assertion for OAuth authentication
 * Used for both PAR (Pushed Authorization Request) and token endpoint requests
 * RFC 7523: https://datatracker.ietf.org/doc/html/rfc7523
 */
import type { BlueskyConfig } from './types.js';
/**
 * Generate client assertion JWT
 *
 * Note: This requires access to the private key, which should be:
 * 1. Stored in Logto connector config (encrypted by Logto), OR
 * 2. Retrieved from a secure server endpoint
 *
 * For now, we'll support both approaches - if privateKeyJwk is in config, use it.
 * Otherwise, the server should provide an endpoint to generate assertions.
 *
 * @param clientId - The OAuth client identifier
 * @param audience - The audience URL (PAR endpoint or token endpoint)
 * @param config - Bluesky connector configuration
 * @returns JWT client assertion string, or null if private key is not available
 */
export declare function generateClientAssertion(clientId: string, audience: string, config: BlueskyConfig): Promise<string | null>;
//# sourceMappingURL=client-assertion.d.ts.map