import type { LaminaOAuthConfig } from '../types.js'; /** * Full stored-tokens shape returned by `getStoredTokens`. * Used by the refresh logic in LaminaContext. */ export interface StoredTokens { accessToken: string; /** ms timestamp; null when expiry was not provided by the auth server. */ expiresAt: number | null; refreshToken: string | null; } /** * Reads the full stored-tokens record without touching localStorage on expiry. * Returns null only when nothing is stored or the JSON is malformed. * * Distinct from `getStoredToken` (which clears expired entries and returns * just the access token string). Callers that want to refresh use this one * so they can inspect `expiresAt` and `refreshToken`. */ export declare function getStoredTokens(config: LaminaOAuthConfig): StoredTokens | null; export declare function getStoredToken(config: LaminaOAuthConfig): string | null; export declare function storeToken(config: LaminaOAuthConfig, accessToken: string, refreshToken?: string, expiresInSeconds?: number): void; export declare function clearToken(config: LaminaOAuthConfig): void; /** * Notifies the listener whenever the stored token for this config changes — * either from a sibling Studio tab (browser `storage` event, fired on every * tab EXCEPT the one that wrote) or from this same tab (custom event we * dispatch from `storeToken` / `clearToken`, since `storage` doesn't fire in * the writing tab). * * Listener is parameterless to match `useSyncExternalStore`'s contract — it * just signals "re-read the snapshot." Consumers should call `getStoredToken` * to read the current value. * * Returns an unsubscribe function for cleanup. */ export declare function subscribeToTokenChanges(config: LaminaOAuthConfig, listener: () => void): () => void; /** * Resolves the OAuth client_id (registering dynamically if needed), generates * a PKCE pair, stashes the verifier in sessionStorage, and returns the * authorize URL. * * Does NOT open the popup — that's the caller's job, and they must do it * synchronously inside the user-gesture event (a click) BEFORE awaiting this * function. Otherwise Safari/Firefox/Chrome will classify the popup as * non-user-initiated and block it. Recommended pattern: * * const popup = window.open('about:blank', 'lamina-oauth', features); // sync * const url = await prepareOAuthFlow(config, baseUrl); // async * popup.location.href = url; // navigate */ export declare function prepareOAuthFlow(config: LaminaOAuthConfig, baseUrl: string): Promise; /** * Exchanges an authorization code for tokens. * * Uses the client_id resolved at login time — it's already in localStorage by * the time this runs, so no extra registration call is made here. */ export declare function exchangeCode(config: LaminaOAuthConfig, baseUrl: string, code: string): Promise<{ accessToken: string; refreshToken?: string; expiresIn?: number; }>; export declare function refreshIfNeeded(config: LaminaOAuthConfig, baseUrl: string): Promise; /** * Refreshes an expired token using the refresh token. */ export declare function refreshAccessToken(config: LaminaOAuthConfig, baseUrl: string, refreshToken: string): Promise<{ accessToken: string; refreshToken?: string; expiresIn?: number; }>;