import { fetchConfig } from "../shared";
import { OAuth } from "./idp_oauth";
import { PolicyCache } from "./rbac_local";
import { JwtConfig } from "../shared/sessions";
import { SessionsAuthorizationCheck } from "./sessions";
export interface IDPScopeResult {
    scope: string;
    description: string;
    /**
     * Indicates whether the scope can be granted. Users can only grant scopes if they have the required
     * permissions.
     */
    is_grantable: boolean;
}
export interface IntrospectTokenRequest {
    token: string;
    client_id: string;
    client_secret?: string;
    token_type_hint?: string;
}
interface IntrospectTokenInactiveResponse {
    active: false;
    request_id: string;
    status_code: number;
}
interface IntrospectTokenActiveResponse {
    active: true;
    request_id: string;
    status_code: number;
    sub?: string;
    scope?: string;
    aud?: string[];
    exp?: number;
    iat?: number;
    iss?: string;
    nbf?: number;
    client_id?: string;
    token_type?: string;
}
export type IntrospectTokenResponse = IntrospectTokenActiveResponse | IntrospectTokenInactiveResponse;
export interface IntrospectTokenClaims {
    subject: string;
    scope: string;
    custom_claims: Record<string, any>;
    audience: string | string[];
    expires_at: number;
    issued_at: number;
    issuer: string;
    not_before: number;
    token_type: string;
}
export declare class IDP {
    private fetchConfig;
    private jwksClient;
    private jwtOptions;
    private policyCache;
    oauth: OAuth;
    constructor(fetchConfig: fetchConfig, jwtConfig: JwtConfig, policyCache: PolicyCache);
    introspectTokenNetwork(data: IntrospectTokenRequest, options?: {
        authorization_check?: SessionsAuthorizationCheck;
    }): Promise<IntrospectTokenClaims>;
    introspectTokenLocal(tokenJWT: string, options?: {
        clock_tolerance_seconds?: number;
        current_date?: Date;
        authorization_check?: SessionsAuthorizationCheck;
    }): Promise<IntrospectTokenClaims>;
}
export {};