import { CacheKeyManifest } from './key-manifest';
import { CacheEntry, ICache, CacheKey, DecodedToken, IdTokenEntry } from './shared';
export declare class CacheManager {
    private cache;
    private keyManifest?;
    private nowProvider;
    constructor(cache: ICache, keyManifest?: CacheKeyManifest | undefined, nowProvider?: () => number | Promise<number>);
    setIdToken(clientId: string, idToken: string, decodedToken: DecodedToken): Promise<void>;
    getIdToken(cacheKey: CacheKey): Promise<IdTokenEntry | undefined>;
    get(cacheKey: CacheKey, expiryAdjustmentSeconds?: number, useMrrt?: boolean, cacheMode?: string): Promise<Partial<CacheEntry> | undefined>;
    private modifiedCachedEntry;
    set(entry: CacheEntry): Promise<void>;
    remove(client_id: string, audience?: string, scope?: string): Promise<void>;
    stripRefreshToken(refreshToken: string): Promise<void>;
    clear(clientId?: string): Promise<void>;
    private wrapCacheEntry;
    private getCacheKeys;
    /**
     * Returns the cache key to be used to store the id token
     * @param clientId The client id used to link to the id token
     * @returns The constructed cache key, as a string, to store the id token
     */
    private getIdTokenCacheKey;
    /**
     * Finds the corresponding key in the cache based on the provided cache key.
     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
     * The first key in the cache that satisfies the following conditions is returned
     *  - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
     *  - `clientId` is strict equal to the `cacheKey.clientId`
     *  - `audience` is strict equal to the `cacheKey.audience`
     *  - `scope` contains at least all the `cacheKey.scope` values
     *  *
     * @param keyToMatch The provided cache key
     * @param allKeys A list of existing cache keys
     */
    private matchExistingCacheKey;
    /**
     * Returns the first entry that contains a refresh_token that satisfies the following conditions
     * The keys inside the cache are in the format {prefix}::{clientId}::{audience}::{scope}.
     * - `prefix` is strict equal to Auth0's internally configured `keyPrefix`
     * - `clientId` is strict equal to the `cacheKey.clientId`
     * @param keyToMatch The provided cache key
     * @param allKeys A list of existing cache keys
     */
    private getEntryWithRefreshToken;
    /**
     * Returns all distinct refresh tokens stored for a given audience and client.
     *
     * Multiple cache entries may exist for the same audience when different scope
     * combinations were obtained via separate authorization flows, each potentially
     * carrying a different refresh token. A Set is used to deduplicate tokens that
     * are shared across entries (e.g. MRRT).
     *
     * @param audience The audience to look up
     * @param clientId The client id to scope the lookup
     */
    getRefreshTokensByAudience(audience: string, clientId: string): Promise<string[]>;
    /**
     * Updates the refresh token in all cache entries that contain the old refresh token.
     *
     * When a refresh token is rotated, multiple cache entries (for different audiences/scopes)
     * may share the same refresh token. This method propagates the new refresh token to all
     * matching entries.
     *
     * @param oldRefreshToken The refresh token that was used and is now invalid
     * @param newRefreshToken The new refresh token received from the server
     */
    updateEntry(oldRefreshToken: string, newRefreshToken: string): Promise<void>;
}