import type { BunRequest } from "../core/request";
import type { AuthUser, Handler } from "../types";
export interface JwtOptions {
    secret?: string | Buffer | ((header: JwtHeader) => Promise<string | Buffer>);
    jwksUri?: string;
    jwksCacheTtl?: number;
    algorithms?: JwtAlgorithm[];
    audience?: string | string[];
    issuer?: string | string[];
    credentialsRequired?: boolean;
    getToken?: (req: BunRequest) => string | undefined;
    isRevoked?: (payload: JwtPayload, token: string) => Promise<boolean>;
    onVerified?: (payload: JwtPayload, req: BunRequest) => Promise<AuthUser> | AuthUser;
    role?: string | string[];
    scope?: string | string[];
    roleField?: string;
    scopeField?: string;
    requestProperty?: string;
}
export type JwtAlgorithm = "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512";
export interface JwtHeader {
    alg: string;
    typ?: string;
    kid?: string;
    [key: string]: unknown;
}
export interface JwtPayload {
    iss?: string;
    sub?: string;
    aud?: string | string[];
    exp?: number;
    nbf?: number;
    iat?: number;
    jti?: string;
    [key: string]: unknown;
}
export declare function decodeUnsafe(token: string): {
    header: JwtHeader;
    payload: JwtPayload;
    raw: [string, string, string];
} | null;
export declare function verifyHmac(headerB64: string, payloadB64: string, signatureB64: string, secret: string | Buffer, alg: "HS256" | "HS384" | "HS512"): Promise<boolean>;
export declare function jwt(options: JwtOptions): Handler;
export declare function jwtSign(payload: JwtPayload, secret: string | Buffer, options?: {
    algorithm?: "HS256" | "HS384" | "HS512";
    expiresIn?: number;
    issuer?: string;
    audience?: string;
    subject?: string;
}): string;
export declare function jwtDecode(token: string): JwtPayload | null;
//# sourceMappingURL=jwt.d.ts.map