/**
 * Device Authorization Flow
 *
 * Implements OAuth 2.0 Device Authorization Grant (RFC 8628) for CLI authentication.
 * Extracted from login.ts for reuse in wizard credential gathering.
 */
export interface DeviceAuthResponse {
    device_code: string;
    user_code: string;
    verification_uri: string;
    verification_uri_complete: string;
    expires_in: number;
    interval: number;
}
export interface DeviceAuthOptions {
    clientId: string;
    authkitDomain: string;
    scopes?: string[];
    timeoutMs?: number;
    onPoll?: () => void;
    onSlowDown?: (newIntervalMs: number) => void;
}
export interface DeviceAuthResult {
    accessToken: string;
    idToken: string;
    expiresAt: number;
    userId: string;
    email?: string;
    refreshToken?: string;
}
export declare class DeviceAuthError extends Error {
    constructor(message: string);
}
export declare class DeviceAuthTimeoutError extends DeviceAuthError {
    constructor(message: string);
}
/**
 * Request a device code from the OAuth authorization server.
 * Returns the device code, user code, and verification URIs.
 */
export declare function requestDeviceCode(options: DeviceAuthOptions): Promise<DeviceAuthResponse>;
/**
 * Poll for token after user has authorized in the browser.
 * Handles authorization_pending and slow_down responses per RFC 8628.
 */
export declare function pollForToken(deviceCode: string, options: DeviceAuthOptions & {
    interval: number;
}): Promise<DeviceAuthResult>;