/**
 * OAuth Flow Handler
 *
 * Handles OAuth 2.1 flows for:
 * 1. SERV as authorization server (client access to SERV)
 * 2. SERV as client (third-party OAuth for photon access)
 */
import type { ElicitationRequest, PhotonGrant, Session } from '../types/index.js';
import type { TokenVault } from '../vault/token-vault.js';
export interface OAuthProviderConfig {
    id: string;
    name: string;
    authorizationUrl: string;
    tokenUrl: string;
    userInfoUrl?: string;
    scopes: string[];
    clientId: string;
    clientSecret: string;
}
export declare class OAuthProviderRegistry {
    private providers;
    /**
     * Register a provider with credentials
     */
    register(providerId: string, clientId: string, clientSecret: string): void;
    /**
     * Register a custom provider
     */
    registerCustom(config: OAuthProviderConfig): void;
    /**
     * Get a provider by ID
     */
    get(providerId: string): OAuthProviderConfig | null;
    /**
     * Check if a provider is registered
     */
    has(providerId: string): boolean;
}
export interface ElicitationStore {
    create(request: Omit<ElicitationRequest, 'id' | 'createdAt'>): Promise<ElicitationRequest>;
    get(id: string): Promise<ElicitationRequest | null>;
    update(id: string, data: Partial<ElicitationRequest>): Promise<void>;
    delete(id: string): Promise<void>;
    cleanup(): Promise<number>;
}
export declare class MemoryElicitationStore implements ElicitationStore {
    private requests;
    create(data: Omit<ElicitationRequest, 'id' | 'createdAt'>): Promise<ElicitationRequest>;
    get(id: string): Promise<ElicitationRequest | null>;
    update(id: string, data: Partial<ElicitationRequest>): Promise<void>;
    delete(id: string): Promise<void>;
    cleanup(): Promise<number>;
}
export interface GrantStore {
    find(tenantId: string, photonId: string, provider: string, userId?: string): Promise<PhotonGrant | null>;
    create(grant: Omit<PhotonGrant, 'id' | 'createdAt' | 'updatedAt'>): Promise<PhotonGrant>;
    update(id: string, data: Partial<PhotonGrant>): Promise<void>;
    delete(id: string): Promise<void>;
    findByUser(tenantId: string, userId: string): Promise<PhotonGrant[]>;
}
export declare class MemoryGrantStore implements GrantStore {
    private grants;
    private key;
    find(tenantId: string, photonId: string, provider: string, userId?: string): Promise<PhotonGrant | null>;
    create(data: Omit<PhotonGrant, 'id' | 'createdAt' | 'updatedAt'>): Promise<PhotonGrant>;
    update(id: string, data: Partial<PhotonGrant>): Promise<void>;
    delete(id: string): Promise<void>;
    findByUser(tenantId: string, userId: string): Promise<PhotonGrant[]>;
}
export interface OAuthFlowConfig {
    /** Base URL for callbacks (e.g., 'https://serv.example.com') */
    baseUrl: string;
    /** Secret for state encryption */
    stateSecret: string;
    /** Provider registry */
    providers: OAuthProviderRegistry;
    /** Elicitation store */
    elicitationStore: ElicitationStore;
    /** Grant store */
    grantStore: GrantStore;
    /** Token vault for encryption */
    tokenVault: TokenVault;
}
export declare class OAuthFlowHandler {
    private config;
    constructor(config: OAuthFlowConfig);
    /**
     * Start an OAuth elicitation flow
     */
    startElicitation(session: Session, photonId: string, provider: string, scopes: string[]): Promise<{
        url: string;
        elicitationId: string;
    }>;
    /**
     * Handle OAuth callback
     */
    handleCallback(code: string, state: string, tenantId: string): Promise<{
        success: boolean;
        error?: string;
    }>;
    /**
     * Check if a grant exists and is valid
     */
    checkGrant(tenantId: string, photonId: string, provider: string, requiredScopes: string[], userId?: string): Promise<{
        valid: boolean;
        token?: string;
    }>;
    /**
     * Exchange authorization code for tokens
     */
    private exchangeCode;
    /**
     * Refresh an expired grant
     */
    private refreshGrant;
}
//# sourceMappingURL=oauth.d.ts.map