import { JWTPayload, ProtectedHeaderParameters } from 'jose';
import { RemoteJWKSetOptions } from 'jose/dist/types/jwks/remote';
import { VerifyOptions } from './types.js';
export type PublicKeys = {
    [key: string]: string;
};
export type DecodedToken = {
    header: ProtectedHeaderParameters;
    payload: JWTPayload;
};
export interface SignatureVerifier {
    verify(token: string, options: VerifyOptions): Promise<void>;
}
export interface KeyFetcher {
    fetchPublicKeys(): Promise<PublicKeys>;
}
export declare class UrlKeyFetcher implements KeyFetcher {
    private clientCertUrl;
    constructor(clientCertUrl: string);
    private fetchPublicKeysResponse;
    private fetchAndCachePublicKeys;
    fetchPublicKeys(): Promise<PublicKeys>;
}
export declare class JWKSSignatureVerifier implements SignatureVerifier {
    private options?;
    private jwksUrl;
    constructor(jwksUrl: string, options?: RemoteJWKSetOptions | undefined);
    private getPublicKey;
    verify(token: string, options: VerifyOptions): Promise<void>;
}
export declare class PublicKeySignatureVerifier implements SignatureVerifier {
    private keyFetcher;
    constructor(keyFetcher: KeyFetcher);
    static withCertificateUrl(clientCertUrl: string): PublicKeySignatureVerifier;
    private getPublicKey;
    verify(token: string, options: VerifyOptions): Promise<void>;
    private verifyWithoutKid;
    private verifyWithAllKeys;
}
export declare function fetchPublicKey(fetcher: KeyFetcher, header: ProtectedHeaderParameters): Promise<string>;