import { Logger } from '@n8n/backend-common'; import { GlobalConfig } from '@n8n/config'; import type { AuthenticatedRequest, CredentialsEntity, ICredentialsDb } from '@n8n/db'; import { CredentialsRepository } from '@n8n/db'; import type { Request, Response } from 'express'; import { Cipher } from 'n8n-core'; import type { ICredentialDataDecryptedObject, IWorkflowExecuteAdditionalData } from 'n8n-workflow'; import { AuthService } from '../auth/auth.service'; import { CredentialsFinderService } from '../credentials/credentials-finder.service'; import { CredentialsHelper } from '../credentials-helper'; import type { OAuthRequest } from '../requests'; import { UrlService } from '../services/url.service'; import { ExternalHooks } from '../external-hooks'; import { OauthVersion, type CreateCsrfStateData, type CsrfState, type OAuth1CredentialData } from './types'; import { DynamicCredentialsProxy } from '../credentials/dynamic-credentials-proxy'; import { EventService } from '../events/event.service'; import { OAuthJweServiceProxy } from '../oauth/oauth-jwe-service.proxy'; import { OAuthBrowserBindingService } from '../oauth/oauth-browser-binding.service'; import { CacheService } from '../services/cache/cache.service'; export type OauthFlowState = { csrfSecret: string; codeVerifier?: string; oauthTokenSecret?: string; }; export declare function shouldSkipAuthOnOAuthCallback(): boolean; export declare const skipAuthOnOAuthCallback: boolean; export { OauthVersion, type OAuth1CredentialData, type CreateCsrfStateData, type CsrfState }; export declare class OauthService { protected readonly logger: Logger; private readonly credentialsHelper; private readonly credentialsRepository; private readonly credentialsFinderService; private readonly urlService; private readonly globalConfig; private readonly externalHooks; private readonly cipher; private readonly dynamicCredentialsProxy; private readonly authService; private readonly oauthJweServiceProxy; private readonly browserBindingService; private readonly eventService; private readonly cacheService; constructor(logger: Logger, credentialsHelper: CredentialsHelper, credentialsRepository: CredentialsRepository, credentialsFinderService: CredentialsFinderService, urlService: UrlService, globalConfig: GlobalConfig, externalHooks: ExternalHooks, cipher: Cipher, dynamicCredentialsProxy: DynamicCredentialsProxy, authService: AuthService, oauthJweServiceProxy: OAuthJweServiceProxy, browserBindingService: OAuthBrowserBindingService, eventService: EventService, cacheService: CacheService); private oauthFlowCacheKey; private validateOAuthUrlOrThrow; getBaseUrl(oauthVersion: OauthVersion): string; getCredentialForUpdate(req: OAuthRequest.OAuth1Credential.Auth | OAuthRequest.OAuth2Credential.Auth): Promise; buildCsrfStateData(credential: CredentialsEntity, req: OAuthRequest.OAuth1Credential.Auth | OAuthRequest.OAuth2Credential.Auth): Promise; protected getAdditionalData(): Promise; protected getDecryptedDataForAuthUri(credential: ICredentialsDb, additionalData: IWorkflowExecuteAdditionalData): Promise; protected getDecryptedDataForCallback(credential: ICredentialsDb, additionalData: IWorkflowExecuteAdditionalData): Promise; private getDecryptedData; protected applyDefaultsAndOverwrites(credential: ICredentialsDb, decryptedData: ICredentialDataDecryptedObject, additionalData: IWorkflowExecuteAdditionalData): Promise; encryptAndSaveData(credential: ICredentialsDb, toUpdate: ICredentialDataDecryptedObject, toDelete?: string[]): Promise; static extractAccountIdentifier(tokenData: Record): string | undefined; protected getCredentialWithoutUser(credentialId: string): Promise; createCsrfState(data: CreateCsrfStateData): Promise<[string, string, string]>; storeOauthFlowState(stateToken: string, flowState: OauthFlowState): Promise; consumeOauthFlowState(stateToken: string): Promise; protected decodeCsrfState(encodedState: string, req: AuthenticatedRequest): Promise<[CsrfState & CreateCsrfStateData, CredentialsEntity | null]>; protected verifyCsrfState(flowState: OauthFlowState | undefined, state: CsrfState): boolean; resolveCredential(req: OAuthRequest.OAuth1Credential.Callback | OAuthRequest.OAuth2Credential.Callback): Promise<[ CredentialsEntity, ICredentialDataDecryptedObject, T, CsrfState & CreateCsrfStateData, OauthFlowState ]>; renderCallbackError(res: Response, message: string, reason?: string): void; getOAuthCredentials(credential: CredentialsEntity): Promise; refreshOAuth2CredentialById(credentialId: string, projectId: string): Promise | null>; private hasEditableScopeProperty; private applyBrowserBindingIfEnabled; generateAOauth2AuthUri(credential: CredentialsEntity, csrfData: CreateCsrfStateData, req?: Request, res?: Response): Promise; generateAOauth1AuthUri(credential: CredentialsEntity, csrfData: CreateCsrfStateData, req?: Request, res?: Response): Promise; getOAuth1AccessToken(oauthCredentials: OAuth1CredentialData, params: { oauthToken: string; oauthVerifier: string; oauthTokenSecret: string; }): Promise>; private convertCredentialToOptions; private discoverProtectedResourceMetadata; private selectGrantTypeAndAuthenticationMethod; private mapGrantTypeAndAuthenticationMethod; saveDynamicCredential(credential: CredentialsEntity, oauthTokenData: ICredentialDataDecryptedObject, authHeader: string, credentialResolverId: string, authMetadata?: Record): Promise; }