import { AuthAction, BaseAuthResult, OAuthProviders } from "@turnkey/sdk-types";
export declare const DISCORD_AUTH_URL = "https://discord.com/oauth2/authorize";
export declare const X_AUTH_URL = "https://x.com/i/oauth2/authorize";
export declare const GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
export declare const APPLE_AUTH_URL = "https://account.apple.com/auth/authorize";
export declare const APPLE_AUTH_SCRIPT_URL = "https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js";
export declare const FACEBOOK_AUTH_URL = "https://www.facebook.com/v23.0/dialog/oauth";
export declare const FACEBOOK_GRAPH_URL = "https://graph.facebook.com/v23.0/oauth/access_token";
export declare const TURNKEY_OAUTH_ORIGIN_URL = "https://oauth-origin.turnkey.com";
export declare const TURNKEY_OAUTH_REDIRECT_URL = "https://oauth-redirect.turnkey.com";
/**
 * Builds the OAuth state parameter string
 */
export declare function buildOAuthState(params: {
    provider: OAuthProviders;
    flow: "redirect";
    publicKey: string;
    nonce?: string;
}): string;
/**
 * OAuth provider configuration for unified OAuth flow handling
 */
export interface OAuthProviderConfig {
    /** The provider identifier */
    provider: OAuthProviders;
    /** The base OAuth authorization URL */
    authUrl: string;
    /** OAuth scopes to request */
    scopes: string;
    /** Whether this provider uses PKCE */
    usesPKCE: boolean;
    /** Response type for the OAuth request */
    responseType: string;
    /** Optional response mode (e.g., 'fragment' for Apple) */
    responseMode?: string;
    /** Whether to include nonce in the URL params (vs state) */
    nonceInParams?: boolean;
}
/**
 * Pre-configured OAuth provider settings
 */
export declare const OAUTH_PROVIDER_CONFIGS: Record<OAuthProviders, OAuthProviderConfig>;
/**
 * Parses the OAuth state parameter string into an object
 */
export declare function parseStateParam(stateParam: string | null | undefined): {
    sessionKey?: string;
    oauthIntent?: string;
    provider?: string;
    flow?: string;
    publicKey?: string;
    openModal?: string;
    [key: string]: string | undefined;
};
/**
 * Result from parsing an OAuth response (both popup and redirect flows)
 */
export interface OAuthResponseResult {
    /** The OIDC token (for non-PKCE providers) */
    idToken?: string | null | undefined;
    /** The authorization code (for PKCE providers) */
    authCode?: string | null | undefined;
    /** Session key from state */
    sessionKey?: string | undefined;
    /** The provider from state */
    provider?: string | null;
    /** Flow type from state */
    flow?: string | null;
    /** Public key from state */
    publicKey?: string | null;
    /** Open modal flag from state */
    openModal?: string | null;
    /** OAuth intent from state */
    oauthIntent?: string | null;
    /** Nonce from state */
    nonce?: string | null;
}
/**
 * Unified OAuth response parser for both popup and redirect flows.
 * Handles both:
 * - PKCE flows (Facebook, Discord, X): code in search parameters
 * - Non-PKCE flows (Google, Apple): id_token in hash parameters
 * - Apple's non-standard hash format where state parameters are directly embedded
 *
 * @param url - The full URL to parse (from popup or redirect)
 * @param expectedProvider - Optional provider if already known (for popup flows)
 * @returns Parsed OAuth response data including tokens, codes, and state parameters, or null if invalid
 */
export declare function parseOAuthResponse(url: string, expectedProvider?: OAuthProviders): OAuthResponseResult | null;
export declare function generateChallengePair(): Promise<{
    verifier: string;
    codeChallenge: string;
}>;
/** Provider type for PKCE-based OAuth */
export type PKCEProvider = OAuthProviders.FACEBOOK | OAuthProviders.DISCORD | OAuthProviders.X;
/**
 * Gets the AsyncStorage key name for a PKCE provider's verifier
 */
export declare function getPKCEVerifierKey(provider: PKCEProvider): string;
/**
 * Stores the PKCE verifier in AsyncStorage
 * @param provider - The OAuth provider
 * @param verifier - The verifier string to store
 */
export declare function storePKCEVerifier(provider: PKCEProvider, verifier: string): Promise<void>;
/**
 * Retrieves and removes the PKCE verifier from AsyncStorage
 * @param provider - The OAuth provider
 * @returns The verifier string
 * @throws Error if verifier is not found
 */
export declare function consumePKCEVerifier(provider: PKCEProvider): Promise<string>;
/**
 * Checks if a PKCE verifier exists for a provider (without consuming it)
 * @param provider - The OAuth provider
 * @returns true if verifier exists
 */
export declare function hasPKCEVerifier(provider: PKCEProvider): Promise<boolean>;
/**
 * Stores the OAuth state in AsyncStorage for redirect flows
 * @param state - The OAuth state string to store
 */
export declare function storeOAuthState(state: string): Promise<void>;
/**
 * Consumes the stored OAuth state and validates against returned state
 * @param returnedState - The OAuth state string returned from the provider
 *
 */
export declare function consumeOAuthState(returnedState: string): Promise<void>;
/**
 * Parameters for building an OAuth URL
 */
export interface BuildOAuthUrlParams {
    provider: OAuthProviders;
    clientId: string;
    redirectUri: string;
    publicKey: string;
    nonce: string;
    codeChallenge?: string | undefined;
    /** If true, uses direct provider URLs; if false, uses Turnkey OAuth proxy */
    useOauthProxyOrigin?: boolean;
}
/**
 * Builds the complete OAuth authorization URL for a provider
 * For react-native, can use either:
 * - Direct provider URLs (Discord, X)
 * - Turnkey OAuth proxy (Google, Apple, Facebook)
 */
export declare function buildOAuthUrl(params: BuildOAuthUrlParams): Promise<string>;
/**
 * Parsed result from an InAppBrowser OAuth deep link
 */
export interface ParsedInAppBrowserResult {
    /** The OIDC token (for non-PKCE providers) */
    idToken?: string | null;
    /** The authorization code (for PKCE providers) */
    authCode?: string | null;
    /** Session key from state */
    sessionKey?: string | undefined;
    /** The provider from state */
    provider?: string | null;
    /** Public key from state */
    publicKey?: string | null;
    /** Nonce from state */
    nonce?: string | null;
}
/**
 * Parses the deep link URL returned from InAppBrowser after OAuth redirect
 * @param deepLinkUrl - The URL from InAppBrowser result (e.g., "myapp://?id_token=...&state=...")
 * @returns Parsed OAuth response data
 */
export declare function parseInAppBrowserResult(deepLinkUrl: string): Promise<ParsedInAppBrowserResult>;
/**
 * Completion handler callbacks for OAuth flow
 */
export interface OAuthCompletionCallbacks {
    /** Called on successful OAuth completion */
    onOauthSuccess?: (params: {
        oidcToken: string;
        providerName: string;
        publicKey: string;
        sessionKey?: string;
    }) => void;
    /** Called when OAuth should redirect */
    onOauthRedirect?: (params: {
        idToken: string;
        publicKey: string;
        sessionKey?: string;
    }) => void;
}
/**
 * Parameters for completing an OAuth flow
 */
export interface CompleteOAuthFlowParams {
    provider: OAuthProviders;
    publicKey: string;
    oidcToken: string;
    sessionKey?: string;
    callbacks?: OAuthCompletionCallbacks;
    /** Function to complete the OAuth authentication */
    completeOauth: (params: {
        oidcToken: string;
        publicKey: string;
        providerName: string;
        sessionKey?: string;
    }) => Promise<BaseAuthResult & {
        action: AuthAction;
    }>;
}
/**
 * Unified OAuth completion handler.
 * Routes to the appropriate completion handler based on params:
 * Priority: callbacks.onOauthSuccess > callbacks.onOauthRedirect > completeOauth
 *
 * This is the core completion logic used by InAppBrowser flows.
 */
export declare function completeOAuthFlow(params: CompleteOAuthFlowParams): Promise<void>;
/**
 * Parameters for the unified PKCE flow handler
 */
export interface HandlePKCEFlowParams {
    provider: PKCEProvider;
    publicKey: string;
    authCode: string;
    sessionKey?: string;
    callbacks?: OAuthCompletionCallbacks;
    completeOauth: (params: {
        oidcToken: string;
        publicKey: string;
        providerName: string;
        sessionKey?: string;
    }) => Promise<BaseAuthResult & {
        action: AuthAction;
    }>;
    /** Function to exchange code for token (provider-specific) */
    exchangeCodeForToken: (codeVerifier: string) => Promise<string>;
}
/**
 * Unified PKCE flow handler for all PKCE-based OAuth providers.
 * Handles the complete PKCE flow: verifier retrieval, token exchange, and completion routing.
 *
 * @param params - The PKCE flow parameters
 * @returns A promise that resolves when the flow is complete
 */
export declare function handlePKCEFlow(params: HandlePKCEFlowParams): Promise<void>;
export declare function exchangeCodeForToken(clientId: string, redirectUri: string, code: string, codeVerifier: string): Promise<{
    id_token: string;
}>;
//# sourceMappingURL=oauth.d.ts.map