/**
 * JWT Token Management
 *
 * Handles JWT signing, verification, and key management for OAuth2 authentication
 */
export interface JwtPayload {
    sub: string;
    email: string;
    name?: string;
    provider: "github" | "google";
    iat?: number;
    exp?: number;
}
export interface TokenPair {
    accessToken: string;
    refreshToken: string;
    expiresIn: number;
}
export interface JwtKeys {
    publicKey: string;
    privateKey: string;
}
/**
 * Token expiration times
 */
export declare const TOKEN_EXPIRATION: {
    ACCESS_TOKEN: number;
    REFRESH_TOKEN: number;
};
/**
 * Sign a JWT access token with RS256 algorithm
 */
export declare function signAccessToken(payload: JwtPayload, privateKey: string): string;
/**
 * Sign a JWT refresh token
 */
export declare function signRefreshToken(userId: string, privateKey: string): string;
/**
 * Create a token pair (access + refresh tokens)
 */
export declare function createTokenPair(payload: JwtPayload, privateKey: string): TokenPair;
/**
 * Verify a JWT token and return the payload
 * @throws Error if token is invalid or expired
 */
export declare function verifyToken(token: string, publicKey: string): JwtPayload;
/**
 * Decode a JWT token without verification (for debugging)
 */
export declare function decodeToken(token: string): JwtPayload | null;
/**
 * Generate a random state parameter for CSRF protection
 */
export declare function generateState(): string;
/**
 * Generate a random PKCE code verifier
 */
export declare function generateCodeVerifier(): string;
/**
 * Generate PKCE code challenge from verifier
 */
export declare function generateCodeChallenge(verifier: string): string;