/**
 * MLflow TypeScript SDK Authentication Module
 *
 * This module provides authentication for MLflow tracking servers:
 *
 * ## Databricks-hosted MLflow
 *
 * For `databricks://` URIs, authentication is delegated entirely to the
 * Databricks SDK which supports multiple authentication methods:
 * - Personal Access Tokens (DATABRICKS_TOKEN)
 * - OAuth M2M / Service Principals (DATABRICKS_CLIENT_ID + DATABRICKS_CLIENT_SECRET)
 * - Azure CLI, Azure MSI, Azure Client Secret
 * - Google Cloud credentials
 * - Config file profiles (~/.databrickscfg)
 *
 * Host resolution order:
 * 1. Explicit `host` option
 * 2. DATABRICKS_HOST environment variable
 * 3. Host from ~/.databrickscfg (for the specified profile)
 *
 * ## Self-hosted MLflow (OSS)
 *
 * For HTTP(S) URIs, authentication is resolved in order:
 * 1. Basic Auth (MLFLOW_TRACKING_USERNAME + MLFLOW_TRACKING_PASSWORD)
 * 2. Bearer Token (MLFLOW_TRACKING_TOKEN)
 * 3. No authentication
 *
 * @module auth
 */
/**
 * Function that provides HTTP headers for authenticated requests.
 * Called before each request to support token refresh for OAuth.
 */
export type HeadersProvider = () => Promise<Record<string, string>>;
/**
 * Authentication provider interface used by MLflow clients.
 * Provides methods to get the host URL and authentication headers.
 */
export interface AuthProvider {
    /** Get the host URL for API requests */
    getHost(): string;
    /** Get the function that provides authentication headers */
    getHeadersProvider(): HeadersProvider;
    /**
     * Get the Databricks token if available (for backwards compatibility).
     * Returns undefined for non-Databricks or OAuth-only authentication.
     */
    getDatabricksToken(): string | undefined;
}
/**
 * Configuration options for authentication resolution.
 */
export interface AuthOptions {
    /** Tracking URI: "databricks", "databricks://profile", or HTTP(S) URL */
    trackingUri: string;
    /** Explicit host override (takes precedence over environment) */
    host?: string;
    /** Explicit Databricks token override */
    databricksToken?: string;
    /** Path to Databricks config file (default: ~/.databrickscfg) */
    databricksConfigPath?: string;
    /** Basic auth username for OSS MLflow */
    trackingServerUsername?: string;
    /** Basic auth password for OSS MLflow */
    trackingServerPassword?: string;
    /** Bearer token for OSS MLflow */
    trackingServerToken?: string;
}
/**
 * Check if a tracking URI targets Databricks.
 */
export declare function isDatabricksUri(trackingUri: string): boolean;
/**
 * Parse profile name from a Databricks tracking URI.
 *
 * @example
 * parseDatabricksProfile('databricks') // returns undefined (use DEFAULT)
 * parseDatabricksProfile('databricks://my-profile') // returns 'my-profile'
 */
export declare function parseDatabricksProfile(trackingUri: string): string | undefined;
/**
 * Create an authentication provider for the given configuration.
 *
 * This is the main entry point for authentication. It returns an AuthProvider
 * with methods to get the host URL and authentication headers.
 *
 * @param options - Authentication configuration options
 * @returns AuthProvider for making authenticated requests
 * @throws Error if required configuration is missing
 */
export declare function createAuthProvider(options: AuthOptions): AuthProvider;