/** * OAuth2 access-token refresh middleware. Keeps a fresh bearer token * in memory and exposes it via `msg.headers.authorization` so drivers * (SMTP XOAUTH2, Gmail REST, Microsoft Graph) see a valid token every * send. * * Ships Gmail + Microsoft 365 presets; other IdPs are one line of * config. * * @module */ import type { Middleware } from "../types.mjs"; export interface OAuth2TokenCache { get: () => { accessToken: string; expiresAt: number; } | null; set: (accessToken: string, expiresAt: number) => void; } export interface OAuth2Options { tokenEndpoint: string; clientId: string; clientSecret: string; refreshToken: string; /** Extra form fields (e.g. `scope`). */ extraParams?: Record; /** Seconds to subtract from `expires_in` so we refresh before expiry. * Default: 30s. */ skewSeconds?: number; /** Injected for tests. */ now?: () => number; fetch?: typeof fetch; cache?: OAuth2TokenCache; } export interface OAuth2TokenResponse { access_token: string; expires_in: number; token_type?: string; } /** Generic OAuth2 refresh-token → access-token middleware. */ export declare function withOAuth2(options: OAuth2Options): Middleware; /** Gmail OAuth2 preset. Pass `{ clientId, clientSecret, refreshToken }`. */ export declare function oauth2Gmail(config: Omit & { extraParams?: Record; }): Middleware; /** Microsoft 365 / Outlook.com OAuth2 preset. */ export declare function oauth2Microsoft(config: Omit & { tenantId?: string; extraParams?: Record; }): Middleware;