import IGirafeContext from '../context/icontext.js';
import AbstractConnectManager from './abstractconnectmanager.js';
import GMFManager from './gmfmanager.js';
/**
 * For diverse reasons, this could NOT be done using the oAuth2 mechanisms of GMF:
 * 1. There is no .well-know discovery endpoint
 * 2. The token endpoint needs a client_secret, and for security reasons it has to be called from the backend itself.
 *    There is not custom backend for GeoGirafe and we cannot do this.
 * 3. The redirect url is limited to exact matches, and we cannot pass the state of the application in the redirect_uri
 * 4. Using GMF oAuth2 routes for authentification does not authenticate the user to the backend.
 *    It just tells the client that you have a correct user in GMF.
 *    But you do not get any valid cookie for the GMF Backend.
 *
 * For all those reasons, we cannot use the geomapfish oAuth process
 * Instead we will use the login.html page of the backend to delegate the login to the backend
 * This will be a standard GMF login, there is no oAuth Process here.
 *
 * NOTE: If the geogirafe client is not running on the same domain as the GMF backend,
 * the GMF Backend needs to be configured with :
 * - CORS with credentials for specific domain (this can be done for example with an lua script at the in the haproxy configuration)
 * - The frontend domain has to be allowed as referer in the vars.yaml file.
 * - The variable AUTHTKT_SAMESITE has to be set to None, to allow authentication cookies to be sent to the backend from another domain
 * There is no need for any oAuth2 configuration in the admin tool.
 */
export default class GMFConnectManager extends AbstractConnectManager {
    private readonly gmfManager;
    constructor(context: IGirafeContext, gmfManager: GMFManager);
    private get authConfig();
    private isAuthentified;
    initialize(): Promise<void>;
    login(): Promise<void>;
    silentLogin(): Promise<void>;
    logout(): Promise<void>;
    private redirectToIssuerLogin;
    private handleLoggedInToIssuer;
    private refreshToken;
}
