import { ConvexCtx, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, RequestLike, ResolvedHandlerUrls, TokenStoreInit, stackAppInternalsSymbol } from "../../common.js";
import { Customer, CustomerBilling, CustomerInvoicesList, CustomerInvoicesRequestOptions, CustomerProductsList, CustomerProductsRequestOptions, Item } from "../../customers/index.js";
import { TeamPermission } from "../../permissions/index.js";
import { ApiKey } from "../../api-keys/index.js";
import { DeprecatedOAuthConnection, OAuthConnection } from "../../connected-accounts/index.js";
import { ContactChannel } from "../../contact-channels/index.js";
import { NotificationCategory } from "../../notification-categories/index.js";
import { ActiveSession, Auth, BaseUser, InternalUserExtra, OAuthProvider, ProjectCurrentUser, TokenPartialUser, UserExtra, UserUpdateOptions } from "../../users/index.js";
import { EditableTeamMemberProfile, ReceivedTeamInvitation, SentTeamInvitation, Team, TeamUser } from "../../teams/index.js";
import { AdminOwnedProject, AdminProjectUpdateOptions, Project } from "../../projects/index.js";
import { AnalyticsOptions } from "./session-replay.js";
import { StackClientApp, StackClientAppConstructorOptions, StackClientAppJson } from "../interfaces/client-app.js";
import { CookieHelper } from "../../../cookie.js";
import { TokenObject } from "./common.js";
import { CrossDomainHandoffParams } from "./redirect-page-urls.js";
import { _StackAdminAppImplIncomplete } from "./admin-app-impl.js";
import { KnownErrors, StackClientInterface } from "@stackframe/stack-shared";
import { CurrentUserCrud } from "@stackframe/stack-shared/dist/interface/crud/current-user";
import { Result } from "@stackframe/stack-shared/dist/utils/results";
import { ProviderType } from "@stackframe/stack-shared/dist/utils/oauth";
import { RequestListener } from "@stackframe/stack-shared/dist/interface/client-interface";
import * as yup from "yup";
import { ClientProjectsCrud } from "@stackframe/stack-shared/dist/interface/crud/projects";
import * as _stackframe_stack_shared_dist_sessions0 from "@stackframe/stack-shared/dist/sessions";
import { InternalSession } from "@stackframe/stack-shared/dist/sessions";
import { ProjectPermissionsCrud } from "@stackframe/stack-shared/dist/interface/crud/project-permissions";
import { TeamPermissionsCrud } from "@stackframe/stack-shared/dist/interface/crud/team-permissions";
import { TeamsCrud } from "@stackframe/stack-shared/dist/interface/crud/teams";
import { TeamApiKeysCrud, UserApiKeysCrud, teamApiKeysCreateOutputSchema, userApiKeysCreateOutputSchema } from "@stackframe/stack-shared/dist/interface/crud/project-api-keys";
import { UsersCrud } from "@stackframe/stack-shared/dist/interface/crud/users";
import { ContactChannelsCrud } from "@stackframe/stack-shared/dist/interface/crud/contact-channels";
import { ItemCrud } from "@stackframe/stack-shared/dist/interface/crud/items";
import { NotificationPreferenceCrud } from "@stackframe/stack-shared/dist/interface/crud/notification-preferences";
import { OAuthProviderCrud } from "@stackframe/stack-shared/dist/interface/crud/oauth-providers";
import { TeamInvitationCrud } from "@stackframe/stack-shared/dist/interface/crud/team-invitation";
import { TeamMemberProfilesCrud } from "@stackframe/stack-shared/dist/interface/crud/team-member-profiles";
import { CustomerInvoicesListResponse } from "@stackframe/stack-shared/dist/interface/crud/invoices";
import { CustomerProductsListResponse } from "@stackframe/stack-shared/dist/interface/crud/products";
import { SessionsCrud } from "@stackframe/stack-shared/dist/interface/crud/sessions";
import { Store } from "@stackframe/stack-shared/dist/utils/stores";
import * as cookie from "cookie";

//#region src/lib/stack-app/apps/implementations/client-app-impl.d.ts
type StackClientAppImplConstructorOptionsResolved<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & {
  inheritsFrom?: undefined;
};
declare class _StackClientAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string = string> implements StackClientApp<HasTokenStore, ProjectId> {
  /**
   * There is a circular dependency between the admin app and the client app, as the former inherits from the latter and
   * the latter needs to use the former when creating a new instance of an internal project.
   *
   * To break it, we set the admin app here lazily instead of importing it directly. This variable is set by ./index.ts,
   * which imports both this file and ./admin-app-impl.ts.
   */
  static readonly LazyStackAdminAppImpl: {
    value: typeof _StackAdminAppImplIncomplete | undefined;
  };
  protected readonly _options: StackClientAppImplConstructorOptionsResolved<HasTokenStore, ProjectId>;
  protected readonly _extraOptions: {
    uniqueIdentifier?: string;
    checkString?: string;
    interface?: StackClientInterface;
  } | undefined;
  protected _uniqueIdentifier: string | undefined;
  protected _interface: StackClientInterface;
  protected readonly _tokenStoreInit: TokenStoreInit<HasTokenStore>;
  protected readonly _redirectMethod: RedirectMethod | undefined;
  protected readonly _urlOptions: HandlerUrlOptions;
  protected readonly _oauthScopesOnSignIn: Partial<OAuthScopesOnSignIn>;
  private readonly _analyticsOptions;
  private _sessionRecorder;
  private _eventTracker;
  private __DEMO_ENABLE_SLIGHT_FETCH_DELAY;
  private readonly _ownedAdminApps;
  private readonly _currentUserCache;
  private readonly _currentProjectCache;
  private readonly _ownedProjectsCache;
  private readonly _currentUserPermissionsCache;
  private readonly _currentUserProjectPermissionsCache;
  private readonly _currentUserTeamsCache;
  /** @deprecated Used by legacy getConnectedAccount(providerId) — uses old per-provider access token endpoint */
  private readonly _currentUserOAuthConnectionAccessTokensCache;
  /** @deprecated Used by legacy getConnectedAccount(providerId) — combines token check + redirect */
  private readonly _currentUserOAuthConnectionCache;
  private readonly _currentUserConnectedAccountsCache;
  private readonly _currentUserOAuthConnectionAccessTokensByAccountCache;
  private readonly _currentUserValidConnectedAccountForProviderCache;
  private readonly _teamMemberProfilesCache;
  private readonly _teamInvitationsCache;
  private readonly _currentUserTeamProfileCache;
  private readonly _currentUserTeamInvitationsCache;
  private readonly _clientContactChannelsCache;
  private readonly _userApiKeysCache;
  private readonly _teamApiKeysCache;
  private readonly _notificationCategoriesCache;
  private readonly _currentUserOAuthProvidersCache;
  private readonly _userItemCache;
  private readonly _teamItemCache;
  private readonly _customItemCache;
  private readonly _userProductsCache;
  private readonly _teamProductsCache;
  private readonly _customProductsCache;
  private readonly _userInvoicesCache;
  private readonly _teamInvoicesCache;
  private readonly _customerBillingCache;
  private readonly _convexPartialUserCache;
  private readonly _trustedParentDomainCache;
  private _anonymousSignUpInProgress;
  private _prefetchedCrossDomainHandoffParams;
  private _prefetchedCrossDomainHandoffParamsFetchedAt;
  private _isPrefetchingCrossDomainHandoffParams;
  protected _createCookieHelper(overrideTokenStoreInit?: TokenStoreInit): Promise<CookieHelper>;
  /** @deprecated Used by legacy getConnectedAccount(providerId) — combines user check + token check + redirect into one cache */
  protected _getUserOAuthConnectionCacheFn(options: {
    getUser: () => Promise<CurrentUserCrud['Client']['Read'] | null>;
    getOrWaitOAuthToken: () => Promise<{
      accessToken: string;
    } | null>;
    useOAuthToken: () => {
      accessToken: string;
    } | null;
    providerId: ProviderType;
    scope: string | null;
  } & ({
    redirect: true;
    session: InternalSession | null;
  } | {
    redirect: false;
  })): Promise<DeprecatedOAuthConnection | null>;
  protected _createOAuthConnectionFromCrudItem(item: {
    provider: string;
    provider_account_id: string;
  }, session: InternalSession): OAuthConnection;
  constructor(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>, extraOptions?: {
    uniqueIdentifier?: string;
    checkString?: string;
    interface?: StackClientInterface;
  });
  protected _initUniqueIdentifier(): void;
  /**
   * Cloudflare workers does not allow use of randomness on the global scope (on which the Stack app is probably
   * initialized). For that reason, we generate the unique identifier lazily when it is first needed instead of in the
   * constructor.
   */
  protected _getUniqueIdentifier(): string;
  protected _checkFeatureSupport(name: string, options: any): Promise<never>;
  protected _useCheckFeatureSupport(name: string, options: any): never;
  protected _memoryTokenStore: Store<TokenObject>;
  protected _nextServerCookiesTokenStores: WeakMap<object, Store<TokenObject>>;
  protected _requestTokenStores: WeakMap<RequestLike, Store<TokenObject>>;
  protected _storedBrowserCookieTokenStore: Store<TokenObject> | null;
  private _mostRecentQueuedCookieRefreshIndex;
  protected get _legacyRefreshTokenCookieName(): string;
  protected get _refreshTokenCookieName(): string;
  private _getRefreshTokenDefaultCookieNameForSecure;
  private _getCustomRefreshCookieName;
  private _getDomainFromCustomRefreshCookieName;
  private _formatRefreshCookieValue;
  private _formatAccessCookieValue;
  private _parseStructuredRefreshCookie;
  private _extractRefreshTokenFromCookieMap;
  protected _getTokensFromCookies(cookies: cookie.Cookies): TokenObject;
  protected get _accessTokenCookieName(): string;
  private _getAllBrowserCookies;
  private _getRefreshTokenCookieNamePatterns;
  private _collectRefreshTokenCookieNames;
  private _prepareRefreshCookieUpdate;
  private _ensureCrossSubdomainCookieExists;
  private _queueCustomRefreshCookieUpdate;
  private _getTrustedParentDomain;
  protected _getBrowserCookieTokenStore(): Store<TokenObject>;
  protected _getOrCreateTokenStore(cookieHelper: CookieHelper, overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject>;
  protected _useTokenStore(overrideTokenStoreInit?: TokenStoreInit): Store<TokenObject>;
  /**
   * A map from token stores and session keys to sessions.
   *
   * This isn't just a map from session keys to sessions for two reasons:
   *
   * - So we can garbage-collect Session objects when the token store is garbage-collected
   * - So different token stores are separated and don't leak information between each other, eg. if the same user sends two requests to the same server they should get a different session object
   */
  private _sessionsByTokenStoreAndSessionKey;
  protected _getSessionFromTokenStore(tokenStore: Store<TokenObject>): InternalSession;
  protected _getSession(overrideTokenStoreInit?: TokenStoreInit): Promise<InternalSession>;
  protected _useSession(overrideTokenStoreInit?: TokenStoreInit): InternalSession;
  protected _signInToAccountWithTokens(tokens: {
    accessToken: string | null;
    refreshToken: string;
  }): Promise<void>;
  protected _hasPersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): this is StackClientApp<true, ProjectId>;
  protected _ensurePersistentTokenStore(overrideTokenStoreInit?: TokenStoreInit): asserts this is StackClientApp<true, ProjectId>;
  protected _isInternalProject(): this is {
    projectId: "internal";
  };
  protected _ensureInternalProject(): asserts this is {
    projectId: "internal";
  };
  protected _clientProjectFromCrud(crud: ClientProjectsCrud['Client']['Read']): Project;
  protected _clientPermissionFromCrud(crud: TeamPermissionsCrud['Client']['Read'] | ProjectPermissionsCrud['Client']['Read']): TeamPermission;
  protected _clientTeamUserFromCrud(crud: TeamMemberProfilesCrud['Client']['Read']): TeamUser;
  protected _clientSentTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): SentTeamInvitation;
  protected _clientReceivedTeamInvitationFromCrud(session: InternalSession, crud: TeamInvitationCrud['Client']['Read']): ReceivedTeamInvitation;
  protected _baseApiKeyFromCrud(crud: TeamApiKeysCrud['Client']['Read'] | UserApiKeysCrud['Client']['Read'] | yup.InferType<typeof teamApiKeysCreateOutputSchema> | yup.InferType<typeof userApiKeysCreateOutputSchema>): Omit<ApiKey<"user", boolean>, "revoke" | "update"> | Omit<ApiKey<"team", boolean>, "revoke" | "update">;
  protected _clientApiKeyFromCrud(session: InternalSession, crud: TeamApiKeysCrud['Client']['Read']): ApiKey<"team">;
  protected _clientApiKeyFromCrud(session: InternalSession, crud: UserApiKeysCrud['Client']['Read']): ApiKey<"user">;
  protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof teamApiKeysCreateOutputSchema>): ApiKey<"team", true>;
  protected _clientApiKeyFromCrud(session: InternalSession, crud: yup.InferType<typeof userApiKeysCreateOutputSchema>): ApiKey<"user", true>;
  protected _clientTeamFromCrud(crud: TeamsCrud['Client']['Read'], session: InternalSession): Team;
  protected _clientContactChannelFromCrud(crud: ContactChannelsCrud['Client']['Read'], session: InternalSession): ContactChannel;
  protected _clientNotificationCategoryFromCrud(crud: NotificationPreferenceCrud['Client']['Read'], session: InternalSession): NotificationCategory;
  protected _clientOAuthProviderFromCrud(crud: OAuthProviderCrud['Client']['Read'], session: InternalSession): OAuthProvider;
  protected _clientItemFromCrud(crud: ItemCrud['Client']['Read']): Item;
  protected _customerProductsFromResponse(response: CustomerProductsListResponse): CustomerProductsList;
  protected _customerInvoicesFromResponse(response: CustomerInvoicesListResponse): CustomerInvoicesList;
  protected _customerBillingFromResponse(response: {
    has_customer: boolean;
    default_payment_method: {
      id: string;
      brand: string | null;
      last4: string | null;
      exp_month: number | null;
      exp_year: number | null;
    } | null;
  }): CustomerBilling;
  protected _createAuth(session: InternalSession): Auth;
  protected _editableTeamProfileFromCrud(crud: TeamMemberProfilesCrud['Client']['Read'], session: InternalSession): EditableTeamMemberProfile;
  protected _createBaseUser(crud: NonNullable<CurrentUserCrud['Client']['Read']> | UsersCrud['Server']['Read']): BaseUser;
  protected _createUserExtraFromCurrent(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): UserExtra;
  protected _createInternalUserExtra(session: InternalSession): InternalUserExtra;
  protected _createCustomer(userIdOrTeamId: string, type: "user" | "team", session: InternalSession | null): Omit<Customer, "id">;
  getItem(options: {
    itemId: string;
    userId: string;
  } | {
    itemId: string;
    teamId: string;
  } | {
    itemId: string;
    customCustomerId: string;
  }): Promise<Item>;
  useItem(options: {
    itemId: string;
    userId: string;
  } | {
    itemId: string;
    teamId: string;
  } | {
    itemId: string;
    customCustomerId: string;
  }): Item;
  listProducts(options: CustomerProductsRequestOptions): Promise<CustomerProductsList>;
  listInvoices(options: CustomerInvoicesRequestOptions): Promise<CustomerInvoicesList>;
  cancelSubscription(options: {
    productId: string;
    subscriptionId?: string;
  } | {
    productId: string;
    subscriptionId?: string;
    teamId: string;
  }): Promise<void>;
  useProducts(options: CustomerProductsRequestOptions): CustomerProductsList;
  useInvoices(options: CustomerInvoicesRequestOptions): CustomerInvoicesList;
  protected _currentUserFromCrud(crud: NonNullable<CurrentUserCrud['Client']['Read']>, session: InternalSession): ProjectCurrentUser<ProjectId>;
  protected _clientSessionFromCrud(crud: SessionsCrud['Client']['Read']): ActiveSession;
  protected _getOwnedAdminApp(forProjectId: string, session: InternalSession): _StackAdminAppImplIncomplete<false, string>;
  get projectId(): ProjectId;
  get version(): string;
  private _botChallengeSiteKeysWarned;
  private _getBotChallengeSiteKeys;
  private _getBotChallengeFlowFailure;
  private _normalizeBotChallengeResult;
  private _toInterfaceBotChallengeInput;
  private _executeResultWithBotChallengeFlow;
  protected _isTrusted(url: string): Promise<boolean>;
  get urls(): Readonly<ResolvedHandlerUrls>;
  protected _prefetchCrossDomainHandoffParamsIfNeeded(): void;
  protected _getCrossDomainHandoffParamsForUrlsGetter(currentUrl: URL): CrossDomainHandoffParams | null;
  protected _getCrossDomainHandoffParamsForRedirect(currentUrl: URL): Promise<CrossDomainHandoffParams>;
  protected _getLocalOAuthCallbackHandlerUrl(): string;
  protected _createCrossDomainAuthRedirectUrl(options: {
    redirectUri: string;
    state: string;
    codeChallenge: string;
    afterCallbackRedirectUrl: string;
  }): Promise<string>;
  protected _getFreshPrefetchedCrossDomainHandoffParams(): CrossDomainHandoffParams | null;
  protected _getCurrentUrl(): Promise<URL | null>;
  protected _redirectTo(options: {
    url: URL | string;
    replace?: boolean;
  }): Promise<void>;
  useNavigate(): (to: string) => void;
  protected _redirectIfTrusted(url: string, options?: RedirectToOptions): Promise<void>;
  protected _redirectToHandler(handlerName: keyof HandlerUrls, options?: RedirectToOptions): Promise<void>;
  redirectToSignIn(options?: RedirectToOptions): Promise<void>;
  redirectToSignUp(options?: RedirectToOptions): Promise<void>;
  redirectToSignOut(options?: RedirectToOptions): Promise<void>;
  redirectToEmailVerification(options?: RedirectToOptions): Promise<void>;
  redirectToPasswordReset(options?: RedirectToOptions): Promise<void>;
  redirectToForgotPassword(options?: RedirectToOptions): Promise<void>;
  redirectToHome(options?: RedirectToOptions): Promise<void>;
  redirectToOAuthCallback(options?: RedirectToOptions): Promise<void>;
  redirectToMagicLinkCallback(options?: RedirectToOptions): Promise<void>;
  redirectToAfterSignIn(options?: RedirectToOptions): Promise<void>;
  redirectToAfterSignUp(options?: RedirectToOptions): Promise<void>;
  redirectToOnboarding(options?: RedirectToOptions): Promise<void>;
  redirectToAfterSignOut(options?: RedirectToOptions): Promise<void>;
  redirectToAccountSettings(options?: RedirectToOptions): Promise<void>;
  redirectToError(options?: RedirectToOptions): Promise<void>;
  redirectToTeamInvitation(options?: RedirectToOptions): Promise<void>;
  redirectToMfa(options?: RedirectToOptions): Promise<void>;
  sendForgotPasswordEmail(email: string, options?: {
    callbackUrl?: string;
  }): Promise<Result<undefined, KnownErrors["UserNotFound"]>>;
  sendMagicLinkEmail(email: string, options?: {
    callbackUrl?: string;
  }): Promise<Result<{
    nonce: string;
  }, KnownErrors["RedirectUrlNotWhitelisted"] | KnownErrors["BotChallengeFailed"]>>;
  resetPassword(options: {
    password: string;
    code: string;
  }): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
  verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
  verifyTeamInvitationCode(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
  acceptTeamInvitation(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
  getTeamInvitationDetails(code: string): Promise<Result<{
    teamDisplayName: string;
  }, KnownErrors["VerificationCodeError"]>>;
  verifyEmail(code: string): Promise<Result<undefined, KnownErrors["VerificationCodeError"]>>;
  getUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'redirect';
  }): Promise<ProjectCurrentUser<ProjectId>>;
  getUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'throw';
  }): Promise<ProjectCurrentUser<ProjectId>>;
  getUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'anonymous';
  }): Promise<ProjectCurrentUser<ProjectId>>;
  getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> | null>;
  useUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'redirect';
  }): ProjectCurrentUser<ProjectId>;
  useUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'throw';
  }): ProjectCurrentUser<ProjectId>;
  useUser(options: GetCurrentUserOptions<HasTokenStore> & {
    or: 'anonymous';
  }): ProjectCurrentUser<ProjectId>;
  useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> | null;
  _getTokenPartialUserFromSession(session: InternalSession, options: GetCurrentPartialUserOptions<HasTokenStore>): TokenPartialUser | null;
  _getPartialUserFromConvex(ctx: ConvexCtx): Promise<TokenPartialUser | null>;
  getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & {
    from: 'token';
  }): Promise<TokenPartialUser | null>;
  getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & {
    from: 'convex';
  }): Promise<TokenPartialUser | null>;
  usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & {
    from: 'token';
  }): TokenPartialUser | null;
  usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & {
    from: 'convex';
  }): TokenPartialUser | null;
  getConvexClientAuth(options: {
    tokenStore: TokenStoreInit;
  }): (args: {
    forceRefreshToken: boolean;
  }) => Promise<string | null>;
  getConvexHttpClientAuth(options: {
    tokenStore: TokenStoreInit;
  }): Promise<string>;
  protected _updateClientUser(update: UserUpdateOptions, session: InternalSession): Promise<void>;
  signInWithOAuth(provider: ProviderType, options?: {
    returnTo?: string;
  }): Promise<void>;
  /**
   * Handles MFA verification by redirecting to the OTP page
   */
  protected _experimentalMfa(error: KnownErrors['MultiFactorAuthenticationRequired'], session: InternalSession): Promise<never>;
  /**
   * @deprecated
   * TODO remove
   */
  protected _catchMfaRequiredError<T, E>(callback: () => Promise<Result<T, E>>): Promise<Result<T | {
    accessToken: string;
    refreshToken: string;
    newUser: boolean;
  }, E>>;
  signInWithCredential(options: {
    email: string;
    password: string;
    noRedirect?: boolean;
  }): Promise<Result<undefined, KnownErrors["EmailPasswordMismatch"] | KnownErrors["InvalidTotpCode"]>>;
  signUpWithCredential(options: {
    email: string;
    password: string;
    noRedirect?: boolean;
    noVerificationCallback?: boolean;
    verificationCallbackUrl?: string;
  }): Promise<Result<undefined, KnownErrors["UserWithEmailAlreadyExists"] | KnownErrors['PasswordRequirementsNotMet'] | KnownErrors["BotChallengeFailed"]>>;
  _signUpAnonymously(): Promise<{
    accessToken: string;
    refreshToken: string;
  }>;
  signInWithMagicLink(code: string, options?: {
    noRedirect?: boolean;
  }): Promise<Result<undefined, KnownErrors["VerificationCodeError"] | KnownErrors["InvalidTotpCode"]>>;
  /**
   * Initiates a CLI authentication process that allows a command line application
   * to get a refresh token for a user's account.
   *
   * This process works as follows:
   * 1. The CLI app calls this method, which initiates the auth process with the server
   * 2. The server returns a polling code and a login code
   * 3. The CLI app opens a browser window to the appUrl with the login code as a parameter
   * 4. The user logs in through the browser and confirms the authorization
   * 5. The CLI app polls for the refresh token using the polling code
   *
   * @param options Options for the CLI login
   * @param options.appUrl The URL of the app that will handle the CLI auth confirmation
   * @param options.expiresInMillis Optional duration in milliseconds before the auth attempt expires (default: 2 hours)
   * @param options.maxAttempts Optional maximum number of polling attempts (default: Infinity)
   * @param options.waitTimeMillis Optional time to wait between polling attempts (default: 2 seconds)
   * @param options.promptLink Optional function to call with the login URL and code to prompt the user to open the browser
   * @param options.anonRefreshToken Optional anonymous refresh token from the CLI's token store to associate with this login attempt
   * @returns Result containing either the refresh token or an error
   */
  promptCliLogin(options: {
    appUrl: string;
    expiresInMillis?: number;
    maxAttempts?: number;
    waitTimeMillis?: number;
    promptLink?: (url: string, loginCode: string) => void;
    anonRefreshToken?: string;
  }): Promise<Result<string, KnownErrors["CliAuthError"] | KnownErrors["CliAuthExpiredError"] | KnownErrors["CliAuthUsedError"]>>;
  signInWithMfa(totp: string, code: string, options?: {
    noRedirect?: boolean;
  }): Promise<Result<undefined, KnownErrors["VerificationCodeError"] | KnownErrors["InvalidTotpCode"]>>;
  signInWithPasskey(): Promise<Result<undefined, KnownErrors["PasskeyAuthenticationFailed"] | KnownErrors["InvalidTotpCode"] | KnownErrors["PasskeyWebAuthnError"]>>;
  callOAuthCallback(): Promise<boolean>;
  protected _signOut(session: InternalSession, options?: {
    redirectUrl?: URL | string;
  }): Promise<void>;
  signOut(options?: {
    redirectUrl?: URL | string;
    tokenStore?: TokenStoreInit;
  }): Promise<void>;
  getAccessToken(options?: {
    tokenStore?: TokenStoreInit;
  }): Promise<string | null>;
  useAccessToken(options?: {
    tokenStore?: TokenStoreInit;
  }): string | null;
  getRefreshToken(options?: {
    tokenStore?: TokenStoreInit;
  }): Promise<string | null>;
  useRefreshToken(options?: {
    tokenStore?: TokenStoreInit;
  }): string | null;
  getAuthHeaders(options?: {
    tokenStore?: TokenStoreInit;
  }): Promise<{
    "x-stack-auth": string;
  }>;
  useAuthHeaders(options?: {
    tokenStore?: TokenStoreInit;
  }): {
    "x-stack-auth": string;
  };
  getAuthJson(options?: {
    tokenStore?: TokenStoreInit;
  }): Promise<{
    accessToken: string | null;
    refreshToken: string | null;
  }>;
  useAuthJson(options?: {
    tokenStore?: TokenStoreInit;
  }): {
    accessToken: string | null;
    refreshToken: string | null;
  };
  getProject(): Promise<Project>;
  useProject(): Project;
  protected _listOwnedProjects(session: InternalSession): Promise<AdminOwnedProject[]>;
  protected _useOwnedProjects(session: InternalSession): AdminOwnedProject[];
  protected _createProject(session: InternalSession, newProject: AdminProjectUpdateOptions & {
    displayName: string;
    teamId: string;
  }): Promise<AdminOwnedProject>;
  protected _refreshUser(session: InternalSession): Promise<void>;
  protected _refreshSession(session: InternalSession): Promise<void>;
  protected _refreshUsers(): Promise<void>;
  protected _refreshProject(): Promise<void>;
  protected _refreshOwnedProjects(session: InternalSession): Promise<void>;
  static get [stackAppInternalsSymbol](): {
    fromClientJson: <HasTokenStore extends boolean, ProjectId extends string>(json: StackClientAppJson<HasTokenStore, ProjectId>) => StackClientApp<HasTokenStore, ProjectId>;
  };
  get [stackAppInternalsSymbol](): {
    toClientJson: () => StackClientAppJson<HasTokenStore, ProjectId>;
    setCurrentUser: (userJsonPromise: Promise<CurrentUserCrud["Client"]["Read"] | null>) => void;
    getConstructorOptions: () => {
      baseUrl?: string | {
        browser: string;
        server: string;
      };
      extraRequestHeaders?: Record<string, string>;
      projectId?: ProjectId | undefined;
      publishableClientKey?: string;
      urls?: HandlerUrlOptions;
      oauthScopesOnSignIn?: Partial<OAuthScopesOnSignIn>;
      tokenStore?: TokenStoreInit<HasTokenStore> | undefined;
      redirectMethod?: RedirectMethod;
      inheritsFrom?: StackClientApp<any, any>;
      noAutomaticPrefetch?: boolean;
      analytics?: AnalyticsOptions;
    } & {
      tokenStore: TokenStoreInit<HasTokenStore>;
    } & (string extends ProjectId ? unknown : {
      projectId: ProjectId;
    } | {
      inheritsFrom: StackClientApp<any, ProjectId>;
    }) & {
      inheritsFrom?: undefined;
    };
    sendSessionReplayBatch: (body: string, options: {
      keepalive: boolean;
    }) => Promise<Result<Response, Error>>;
    sendAnalyticsEventBatch: (body: string, options: {
      keepalive: boolean;
    }) => Promise<Result<Response, Error>>;
    addRequestListener: (listener: RequestListener) => () => void;
    sendRequest: (path: string, requestOptions: RequestInit, requestType?: "client" | "server" | "admin") => Promise<Response & {
      usedTokens: {
        accessToken: _stackframe_stack_shared_dist_sessions0.AccessToken;
        refreshToken: _stackframe_stack_shared_dist_sessions0.RefreshToken | null;
      } | null;
    }>;
    refreshOwnedProjects: () => Promise<void>;
    signInWithTokens: (tokens: {
      accessToken: string;
      refreshToken: string;
    }) => Promise<void>;
  };
}
//#endregion
export { _StackClientAppImplIncomplete };
//# sourceMappingURL=client-app-impl.d.ts.map