/**
 * CognitoProvider - AWS Cognito User Pools provider implementation
 *
 * Provides JWT validation, session management, and RBAC for AWS Cognito.
 */
import type { AuthProviderConfig, AuthUser, TokenValidationResult } from "../../types/index.js";
import { BaseAuthProvider } from "./BaseAuthProvider.js";
/**
 * CognitoProvider - AWS Cognito User Pools integration
 *
 * Features:
 * - Cognito ID token and access token validation
 * - JWKS-based signature verification
 * - Cognito groups for roles
 * - Custom attributes support
 * - Session management
 *
 * @example
 * ```typescript
 * const provider = new CognitoProvider({
 *   type: 'cognito',
 *   userPoolId: 'us-east-1_xxxxx',
 *   clientId: 'your-client-id',
 *   region: 'us-east-1',
 * });
 *
 * const result = await provider.authenticateToken(idToken);
 * if (result.valid) {
 *   console.log('User:', result.user);
 * }
 * ```
 */
export declare class CognitoProvider extends BaseAuthProvider {
    readonly type: "cognito";
    private cognitoConfig;
    private jwksUri;
    private jwksCacheDuration;
    private expectedIssuer;
    constructor(config: AuthProviderConfig);
    /**
     * Validate and authenticate a Cognito JWT token
     */
    authenticateToken(token: string): Promise<TokenValidationResult>;
    /**
     * Verify token signature using JWKS
     */
    private verifySignature;
    /**
     * Fetch JWKS with caching
     */
    private getJWKS;
    /**
     * Extract Cognito-specific user data from claims
     */
    private extractCognitoUser;
    /**
     * Get user from Cognito
     * Note: Requires AWS SDK for full implementation
     */
    getUser(_userId: string): Promise<AuthUser | null>;
}