import '../node-crypto-polyfill.js';
import { AuthProviderType } from '@redocly/config';
import type { AuthProviderConfig, OidcIssuerMetadata, OidcProviderConfig, Saml2ProviderConfig, SsoConfig } from '@redocly/config';
import type { UserIDToken } from '../types';
export type AuthProviderLoginParams = OidcLoginParams | Saml2LoginParams;
export type OidcJwk = {
    n: string;
    e: string;
    kid: string;
    alg: string;
    use: string;
};
export type OidcLoginParams = {
    type: AuthProviderType.OIDC;
    name: string;
    idpId: string;
    authorizationEndpoint?: string;
    clientId?: string;
    responseType: 'code';
    scope: string;
    extraParams: Record<string, string | undefined>;
    pkce?: boolean;
};
export type Saml2LoginParams = {
    type: AuthProviderType.SAML2;
    name: string;
    idpId: string;
    issuerId: string;
    entityId: string;
    ssoUrl: string;
    extraParams?: Record<string, string | undefined>;
};
export declare function isOidcProviderConfig(providerConfig: AuthProviderConfig | undefined): providerConfig is OidcProviderConfig;
export declare function isSaml2ProviderConfig(providerConfig: AuthProviderConfig | undefined): providerConfig is Saml2ProviderConfig;
export declare function getAuthProviderLoginParams(idpId: string, providerConfig: AuthProviderConfig): Promise<AuthProviderLoginParams | undefined>;
export declare function getOidcLoginParams(idpId: string, providerConfig: OidcProviderConfig): Promise<OidcLoginParams>;
export declare function getSaml2LoginParams(idpId: string, providerConfig: Saml2ProviderConfig): Saml2LoginParams;
export declare function oidcExchangeCodeForToken(tokenUrl: string, code: string, redirectUri: string, idpConfig: OidcProviderConfig, extraParams?: Record<string, string>): Promise<{
    access_token?: string;
    id_token?: string;
    error?: string;
    error_description?: string;
}>;
export declare function buildOidcLoginUrl(origin: string, { authorizationEndpoint, clientId, responseType, scope, extraParams, idpId, pkce, }: Partial<OidcLoginParams>, redirectTo: string | null, inviteCode?: string, options?: {
    redirectUriOverride?: string;
    sourceOverride?: 'portal' | 'mcp';
    branchOverride?: string | undefined;
}): {
    loginUrl?: string;
    cookies?: Record<string, {
        value: string;
        options: object;
    }>;
};
export declare function buildOidcLogoutUrl(endSessionEndpoint: string, postLogoutUrl: string, idTokenHint: string, state?: string): string;
type McpAuthorizationCodePayload = {
    client_id: string;
    redirect_uri: string;
    id_token: string;
    idp_access_token?: string;
    iat: number;
    exp: number;
};
export declare function createMcpAuthorizationCode(params: {
    idToken: string;
    idpAccessToken?: string;
    clientId: string;
    redirectUri: string;
    ttlSec?: number;
}): Promise<string>;
export declare function verifyMcpAuthorizationCode(code: string): Promise<McpAuthorizationCodePayload>;
export declare function createMcpSessionResource(sessionId: string | null | undefined): {
    id: string;
    object: "mcp_session";
    uri: string;
};
export declare function rewritePreviewAuthRedirectUri(redirectUri: string): string;
export declare function parsePreviewBranch(origin: string): string | undefined;
export declare function buildLoginUrl(idpLoginParams: AuthProviderLoginParams, redirectOrigin: string, redirectTo: string | null, inviteCode?: string): {
    loginUrl?: string;
    cookies?: Record<string, {
        value: string;
        options: object;
    }>;
};
export declare function buildSAML2LoginUrl(origin: string, idpLoginParams: Saml2LoginParams, redirectTo: string | null, inviteCode?: string): {
    loginUrl: string;
};
export declare function encodeSAML2(samlRequest: string): string;
export declare function decodeSamlResponse(samlResponse: string): string;
export declare function parseOidcState(state?: string): Record<string, unknown>;
export declare function parseSamlResponse(responseXml: string): {
    uid: string;
    success: boolean;
    expiresAt: number;
    issuerId: string | undefined;
    entityId: string | undefined;
    attrs: {
        [k: string]: string;
    };
    cert: string;
    nameFormat: string;
    destination: string;
};
export declare const oidcMetadataCache: Record<string, OidcIssuerMetadata>;
export declare const oidcJwksCache: {
    jwks: Record<string, (OidcJwk & {
        idpId: string;
    }) | null>;
};
export declare function getOidcMetadata(idpId: string, providerConfig: OidcProviderConfig): Promise<OidcIssuerMetadata>;
export declare function getRedoclyTokenPayload(token: string): Promise<Record<string, unknown>>;
export declare function isRedoclySso(config: OidcProviderConfig): boolean;
export declare function verifySAMLResponse(responseXml: string, cert: string): Promise<boolean>;
export declare function extractUserClaims(uid: string, nameFormat: string, attrs: Record<string, string>, teamsJWTClaimName?: string): UserIDToken;
export declare function getUserParamsFromCookies(ssoConfig: SsoConfig, cookies: Record<string, string>): Promise<Record<string, any>>;
export declare function getUsernameFromPayload(token: any): any;
export {};
//# sourceMappingURL=auth.d.ts.map