import jws from "jws";
import type { ILogger } from "../logging";
export type JwtPayload = {
    aud?: string;
    exp?: number;
    iss?: string;
    sub?: string;
    [key: string]: string | number | undefined;
};
export type JwtTokenOptions = {
    expireIn?: number;
    expireAt?: number;
    audience?: string;
    subject?: string;
    issuer?: string;
    secret?: string;
};
export declare const JWT_CLAIMS: string[];
export type JwtDecodeOptions = {
    secret?: string;
};
export type JwtValidateOptions = {
    algorithm?: string;
    secret?: string;
};
export type JwtValidationResult<T = any> = JwtValidationSuccess<T> | JwtValidationError;
export type JwtValidationSuccess<T = any> = {
    success: true;
    payload: T;
};
export type JwtValidationError<T = any> = {
    success: false;
    error: "invalid" | "malformed" | "expired";
    payload?: T;
};
export type JwtServiceOptions = {
    secret?: string;
    defaultDuration?: number;
};
declare const JwtService_base: {
    new (logger: ILogger, ...args: any[]): import("../services")._BaseService<"not_found" | "invalid_param" | "unauthorized" | "forbidden" | "not_allowed" | "invalid_state" | "misconfiguration" | "not_supported" | "processing_error">;
};
export declare class JwtService extends JwtService_base {
    readonly options: JwtServiceOptions;
    constructor(logger: ILogger, options?: JwtServiceOptions);
    createToken(payload: JwtPayload, options?: JwtTokenOptions): string;
    decode<T = JwtPayload>(token: string, options?: JwtDecodeOptions): {
        header: jws.Header;
        payload: T;
    } | undefined;
    validate<T = JwtPayload>(token: string, options?: JwtValidateOptions): JwtValidationResult<T>;
    protected sign(payload: object, options?: {
        secret?: string;
    }): string;
}
export {};