/**
 * A list of supported [[ITenantLoginOption]] which
 * describe the way a user can login to the Platform.
 */
import { TfaStrategy } from '../tenant';
export interface ITenantLoginOptions {
    /**
     * Link to the resource
     */
    self?: string;
    /**
     * The list of tenant login options
     */
    loginOptions: ITenantLoginOption[];
}
/**
 * Describes the login option which can be requested by any
 * application on startup without login. It describes which kind
 * of login mechanism (e.g. Basic, SSO or OAI-Secure) is
 * supported by the current Platform.
 */
export interface ITenantLoginOption {
    /**
     * Identifies the login option
     */
    id?: string;
    /**
     * Login option type
     */
    type?: TenantLoginOptionType;
    /**
     * Grant type
     */
    grantType?: GrantType;
    /**
     * The origin of the users REMOTE or INTERNAL
     */
    userManagementSource: UserManagementSource;
    /**
     * Link to the resource
     */
    self?: string;
    /**
     * The strategy for Two Factor Authentication
     */
    tfaStrategy?: TfaStrategy;
    /**
     * Indicates whether the login option should be visible on the login page of UI applications.
     * If set to `true` for more than one login option, then the preferred one will be selected according to priority:
     * 1. OAI-Secure: authentication information is stored in a HttpOnly cookie
     * 2. Basic Auth: authentication information is stored in a session storage
     * 3. SSO redirect: allows a user to login with a single 3rd-party authorization server using the OAuth2 protocol.
     * If no login option has `visibleOnLoginPage` set to `true`, the preferred login option will be Basic Auth.
     */
    visibleOnLoginPage?: boolean;
    /**
     * The label which is shown on the login button
     */
    buttonName?: string;
    /**
     * The request which is used to initialize an oauth flow
     */
    initRequest?: string;
    /**
     * Determines if password strength is enforced on system level
     */
    enforceStrength?: boolean;
    /**
     * Minimum length of a password to be considered as a “green” strong one
     */
    greenMinLength?: number;
    /**
     * Determines if password strength is enforced on tenant level
     */
    strengthValidity?: boolean;
    /**
     * Organizations name which provides login option
     */
    providerName?: string;
    /**
     * Basic authentication restrictions.
     */
    authenticationRestrictions?: IAuthenticationRestrictions;
    /**
     * Configuration for OAI-Secure sessions.
     */
    sessionConfiguration?: ISessionConfiguration;
    /**
     * Tenant correct domain for OAI-Secure login option.
     * UI will redirect to this domain if OAI-Secure is
     * set as preferred login mode and domain in browser is wrong.
     */
    loginRedirectDomain?: string;
    /**
     * If true, UI controls SSO flow.
     */
    flowControlledByUI?: boolean;
    /**
     * A flag used only for OAI-SECURE that indicates whether the OAI-SECURE backend implementation supports TFA logging.
     */
    tfaSupported?: boolean;
}
export interface IAuthenticationRestrictions {
    /**
     * The list of user agents which are allowed to use the platform's REST API.
     * The values are compared with `User-Agent` HTTP header.
     */
    trustedUserAgents: string[];
    /**
     * The list of user agents which are forbidden to use the platform's REST API.
     * The values are compared with `User-Agent` HTTP header.
     */
    forbiddenUserAgents: string[];
    /**
     * The list of clients which are forbidden to use the platform's REST API.
     * For now, the only value supported in the array is `'WEB_BROWSERS'` (which blocks all web browsers).
     */
    forbiddenClients: string[];
}
export interface ISessionConfiguration {
    /**
     * The maximum amount of time a session can be active.
     */
    absoluteTimeoutMillis: number;
    /**
     * The maximum amount of sessions per user.
     */
    maximumNumberOfParallelSessions: number;
    /**
     * The timeout after which the session id is automatically renewed. If there is no activity after renewal timeout and before absolute session timeout, the session will not be renewed.
     */
    renewalTimeoutMillis: number;
    /**
     * If `true`, then every request needs to use the same `User-Agent` header as the first request which initiated the session.
     */
    userAgentValidationRequired: boolean;
}
export declare enum TenantLoginOptionType {
    /**
     * OAI-Secure: authentication information is stored in a HttpOnly cookie
     */
    OAUTH2_INTERNAL = "OAUTH2_INTERNAL",
    /**
     * SSO redirect: allows a user to login with a single 3rd-party authorization server using the OAuth2 protocol.
     */
    OAUTH2 = "OAUTH2",
    /**
     * Basic Auth: authentication information is stored in a session storage
     */
    BASIC = "BASIC"
}
export declare enum GrantType {
    AUTHORIZATION_CODE = "AUTHORIZATION_CODE",
    PASSWORD = "PASSWORD"
}
export declare enum UserManagementSource {
    REMOTE = "REMOTE",
    INTERNAL = "INTERNAL"
}
//# sourceMappingURL=ITenantLoginOptions.d.ts.map