import { DependencyContainer } from "tsyringe";
import { AuthenticationManagerInterface } from "../interfaces/authentication-manager.interface";
import { IdentityInterface, Request, TracingManagerInterface } from "@pristine-ts/common";
import { LogHandlerInterface } from "@pristine-ts/logging";
import { AuthenticatorFactory } from "../factories/authenticator.factory";
import { IdentityProviderInterface } from "../interfaces/identity-provider.interface";
/**
 * The authentication manager provides authentication by returning the identity executing the action.
 * It is tagged and can be injected using AuthenticationManagerInterface which facilitates mocking.
 */
export declare class AuthenticationManager implements AuthenticationManagerInterface {
    private readonly identityProviders;
    private readonly logHandler;
    private readonly tracingManager;
    private readonly authenticatorFactory;
    /**
     * The authentication manager provides authentication by returning the identity executing the action.
     * @param identityProviders The identity providers to use to provide the identity. All services tagged with ServiceDefinitionTagEnum.IdentityProvider will be injected here.
     * @param logHandler The log handler to output logs.
     * @param tracingManager The tracing manager used to attach markers and per-provider spans to the active trace.
     * @param authenticatorFactory The factory to create the authenticator.
     */
    constructor(identityProviders: IdentityProviderInterface[], logHandler: LogHandlerInterface, tracingManager: TracingManagerInterface, authenticatorFactory: AuthenticatorFactory);
    /**
     * Authenticates a request by providing the identity that made the request.
     * Drops markers at each decision point — "no authenticator for this route," "authenticator
     * resolved to X," "identity returned by authenticator," "identity enriched by provider Y" —
     * so the trace tells the auth story without anyone having to read interleaved logs.
     * @param request The request to authenticate
     * @param routeContext The context associated with the route.
     * @param container The dependency container from which to resolve the authenticator.
     */
    authenticate(request: Request, routeContext: any, container: DependencyContainer): Promise<IdentityInterface | undefined>;
}