import { PKCEPair } from '../types';
/**
 * Mask a secret (client_secret or password) using iRacing's masking algorithm.
 * This is required for the password_limited and authorization_code grants.
 *
 * The masking algorithm is: base64(sha256(secret + normalized_id))
 * where normalized_id is the id trimmed and lowercased.
 *
 * @param secret - The secret to mask (client_secret or password)
 * @param id - The identifier to mask with (client_id for client_secret, username for password)
 * @returns Base64 encoded SHA-256 hash
 */
export declare function maskSecret(secret: string, id: string): string;
/**
 * Generate a PKCE code pair for authorization code flow.
 * Creates a code_verifier and derives a code_challenge from it.
 *
 * @returns PKCEPair with codeChallenge and codeVerifier
 */
export declare function generatePKCEPair(): PKCEPair;
/**
 * Generate a random state parameter for authorization code flow.
 * The state parameter is used to prevent CSRF attacks.
 *
 * @returns Random state string
 */
export declare function generateState(): string;
/**
 * Check if a token has expired based on the expiry time.
 *
 * @param expiresAt - The timestamp when the token expires (milliseconds)
 * @param bufferSeconds - Number of seconds to consider as buffer before actual expiry (default: 30)
 * @returns true if token has expired or will expire within buffer time
 */
export declare function isTokenExpired(expiresAt: number, bufferSeconds?: number): boolean;
//# sourceMappingURL=index.d.ts.map