import OreIdContext from '../core/IOreidContext';
import { User } from '../user/user';
import { Observable } from '../utils/observable';
import { AccessTokenHelper } from './accessTokenHelper';
import { AuthResult, LoginWithOreIdResult } from '../core/models';
import { LoginOptions, LoginWithTokenOptions, LoginWithWalletOptions, NewUserWithTokenOptions } from './models';
export declare type SubscriberAuth = (auth: Auth) => void;
export declare class Auth extends Observable<SubscriberAuth> {
    constructor(args: {
        oreIdContext: OreIdContext;
    });
    private _accessTokenHelper;
    private _localState;
    private _oreIdContext;
    private _transitHelper;
    private _ualHelper;
    private _user;
    /** User's OreID (accountName) */
    get accessTokenHelper(): AccessTokenHelper;
    private initAccessTokenHelper;
    /** User's OreID (accountName) */
    get accountName(): string;
    get idToken(): string;
    /** retrieve accessToken saved in local storage - is automatically deleted when token expires */
    get accessToken(): string;
    /** Sets the access token in local storage (and in accessTokenHelper)
     * this token will be used to call ORE ID APIs (on behalf of the user)
     * This token is user-specific - call logout to clear it upon user log-out
     * When the accessToken token expires, it will be deleted from local storage and user will be cleared
     */
    set accessToken(accessToken: string);
    /** set private variable and save to localState
     * NOTE: This is called every time this._accessTokenHelper.accessToken changes (or expires)
     */
    private saveAccessTokenAndNotifySubscribers;
    /** Returns user object matching current accessToken
     *  A newly created object object won't have user.info populated, call user.getData() to retrieve
     */
    get user(): User;
    /** We have a valid access token for the current user */
    get isLoggedIn(): boolean;
    /** runs when accessTokenHelper changes */
    private onUpdateAccessTokenHelper;
    private clearAccessToken;
    /** Calls the 'connect' function on a external wallet (e.g. Metamask)
     *  For most, however, this function returns the chainAccount selected by the user in the wallet app
     *  Different wallets have different behavior. Some do not support this feature. */
    connectWithWallet(loginOptions: LoginWithWalletOptions): Promise<{
        isLoggedIn?: boolean;
        chainAccount?: string;
        permissions?: [{
            name: string;
            publicKey: string;
        }];
        transitWallet?: import("@aikon/eos-transit/lib").Wallet;
        provider?: import("..").ExternalWalletType;
    } | import("..").ConnectToUalProviderResult>;
    /** Connect to the wallet provider
     *  For some wallet types, this will include an unlock and 'login' flow to select a chain account
     *  If a chainAccount is selected, it and it's associated publicKey (if available) will be saved to the user's OreId wallet as an 'external key' */
    private connectToWalletProvider;
    /** Calls the account/convert-oauth api
     * Converts OAuth tokens from some 3rd-party source to OREID Oauth tokens
     * The third-party (e.g. Auth0 or Google) must be registered in the AppRegistration.oauthSettings
     * Returns: OreId issued accessToken and idToken
     * */
    private convertOauthTokens;
    /**
     * Converts OAuth accessToken or idToken from some 3rd-party source (e.g. Google) to OreId OAuth accessToken
     * The third-party (e.g. Auth0 or Google) must be registered in the App Registration's oauthSettings
     * If a user does not curently exist that matches the info in the incoming idToken, an error is thrown
     * Does not requires a user to be logged-in (no current accessToken) or apiKey
     * Returns: OreId issued accessToken
     * */
    loginWithToken(loginOptions: LoginWithTokenOptions): Promise<LoginWithOreIdResult>;
    /** Converts OAuth idToken from some 3rd-party source to OREID Oauth accessTokens
     * The third-party (e.g. Auth0 or Google) must be registered in the AppRegistration.oauthSettings
     * Creates a new OreId user and account from info in the incoming idToken
     * If a matching user already exist, and error is returned
     * Requires a valid idToken but no current accessToken or apiKey
     * Returns: OreId issued accessToken
     * */
    newUserWithToken(userOptions: NewUserWithTokenOptions): Promise<LoginWithOreIdResult>;
    /** Calls api account/login-user-with-token for loginWithToken() (after checking for valid token */
    static checkJwtTokenAndReturnError(jwtTokenString: string): {
        error?: string;
        message?: string;
    };
    /** Calls api account/login-user-with-token for loginWithToken() (after checking for valid token */
    private loginWithAccessOrIdTokenToken;
    /** Calls api account/new-user-with-token for newUserWithToken() (after checking for valid token */
    private newAccountWithIdToken;
    /** clear accessToken and user */
    logout(): void;
    /** Returns a fully formed url to redirect the user's browser to login using ORE ID
     *  This function calls the /auth web endpoint
     *  Returns: Callback returns account, and optionally accessToken and/or idToken for user */
    getLoginUrl(loginOptions: LoginOptions): Promise<LoginWithOreIdResult>;
    /** Extracts and returns the response parameters on the /auth callback URL string
     *  Applies accessToken and idToken (if included on the url) to local state
     */
    handleAuthCallback(callbackUrlString: string): AuthResult;
    /** store response from auth flow (accountName, accessToken, idToken) in localState */
    setAuthResult(authResponse: AuthResult): void;
}