import type { ZodSchemaLike } from "./tools/ZodSchemaLike";
/**
 * Claims defined by RFC 9068: "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"
 * https://datatracker.ietf.org/doc/html/rfc9068
 *
 * These tokens are intended for consumption by resource servers.
 */
export type DecodedAccessToken_RFC9068 = {
    iss: string;
    sub: string;
    aud: string | string[];
    exp: number;
    iat: number;
    client_id?: string;
    scope?: string;
    jti?: string;
    nbf?: number;
    auth_time?: number;
    cnf?: Record<string, unknown>;
    [key: string]: unknown;
};
export type ParamsOfCreateOidcBackend<DecodedAccessToken> = {
    issuerUri: string;
    decodedAccessTokenSchema?: ZodSchemaLike<DecodedAccessToken_RFC9068, DecodedAccessToken>;
};
export type OidcBackend<DecodedAccessToken extends Record<string, unknown>> = {
    verifyAndDecodeAccessToken(params: {
        accessToken: string;
    }): Promise<ResultOfAccessTokenVerify<DecodedAccessToken>>;
};
export type ResultOfAccessTokenVerify<DecodedAccessToken> = ResultOfAccessTokenVerify.Valid<DecodedAccessToken> | ResultOfAccessTokenVerify.Invalid;
export declare namespace ResultOfAccessTokenVerify {
    type Valid<DecodedAccessToken> = {
        isValid: true;
        decodedAccessToken: DecodedAccessToken;
        decodedAccessToken_original: DecodedAccessToken_RFC9068;
        errorCase?: never;
        errorMessage?: never;
    };
    type Invalid = {
        isValid: false;
        errorCase: "expired" | "invalid signature" | "does not respect schema";
        errorMessage: string;
        decodedAccessToken?: never;
        decodedAccessToken_original?: never;
    };
}
export declare function createOidcBackend<DecodedAccessToken extends Record<string, unknown> = DecodedAccessToken_RFC9068>(params: ParamsOfCreateOidcBackend<DecodedAccessToken>): Promise<OidcBackend<DecodedAccessToken>>;