import type { Result } from "../common/Result";
export declare type JwtValidatorConfig = JwtValidatorConfigMultipleKeys | JwtValidatorConfigSingleKey;
export interface JwtValidatorConfigBase {
    audience: string[];
    ignoreExpiration?: boolean;
    skipSignatureVerification?: boolean;
}
export interface JwtValidatorConfigSingleKey extends JwtValidatorConfigBase {
    publicKey: string;
}
export interface JwtValidatorConfigMultipleKeys extends JwtValidatorConfigBase {
    publicKeys: string[];
}
export declare enum ErrorCodes {
    MissingToken = 400,
    InvalidToken = 401,
    MalformedPayload = 500,
    MissingUserPayload = 501,
    WrongPayloadType = 502
}
export interface ValidationError {
    code: ErrorCodes;
    message?: string;
    data?: any;
    inner?: Error;
}
export interface JwtValidationResult {
    user: string;
    expires: Date;
    claims: JwtClaims;
}
export interface JwtClaims {
    sub: string;
    iss: string;
    iat: number;
    exp: number;
    scope?: string;
    altostra?: Record<string, unknown>;
    permissions?: string[];
}
export declare const AltostraClaimNamespace = "https://altostra.com";
export declare class JwtValidator {
    #private;
    constructor(config: JwtValidatorConfig);
    validate(token?: string): Result<JwtValidationResult, ValidationError>;
    static decodeUnverified(cleanToken: string, config: DecodeUnverifiedConfig): Result<JwtValidationResult, ValidationError>;
}
export declare type DecodeUnverifiedConfig = Pick<JwtValidatorConfigBase, 'ignoreExpiration' | 'skipSignatureVerification'>;