import type { AuthHealthCheck, AuthProviderConfig, AuthRequestContext, OAuth2Config, TokenValidationResult } from "../../types/index.js"; import { BaseAuthProvider } from "./BaseAuthProvider.js"; /** * Generic OAuth2/OIDC Provider * * Supports any OAuth2-compliant identity provider with configurable endpoints. * Works with both JWKS-based JWT validation and token introspection. * * Features: * - JWT validation with JWKS (if jwksUrl provided) * - Token introspection endpoint support * - User info endpoint integration * - PKCE support * * @example * ```typescript * const oauth2 = new OAuth2Provider({ * type: "oauth2", * authorizationUrl: "https://idp.example.com/oauth/authorize", * tokenUrl: "https://idp.example.com/oauth/token", * userInfoUrl: "https://idp.example.com/userinfo", * jwksUrl: "https://idp.example.com/.well-known/jwks.json", * clientId: "your-client-id", * clientSecret: "your-client-secret", * }); * * const result = await oauth2.authenticateToken(accessToken); * ``` */ export declare class OAuth2Provider extends BaseAuthProvider { readonly type: "oauth2"; private authorizationUrl; private tokenUrl; private userInfoUrl?; private jwksUrl?; private clientId; private clientSecret?; private scopes; private redirectUrl?; private usePKCE; private jwks; constructor(config: AuthProviderConfig & OAuth2Config); /** * Initialize JWKS for JWT verification (if jwksUrl is provided) */ initialize(): Promise; /** * Validate OAuth2 access token * * Uses JWKS validation if available, otherwise falls back to userinfo endpoint */ authenticateToken(token: string, _context?: AuthRequestContext): Promise; /** * Validate token via userinfo endpoint */ private validateViaUserInfo; /** * Get authorization URL for OAuth2 flow */ getAuthorizationUrl(state: string, codeChallenge?: string): string; /** * Exchange authorization code for tokens */ exchangeCode(code: string, codeVerifier?: string): Promise<{ accessToken: string; refreshToken?: string; idToken?: string; }>; /** * Health check */ healthCheck(): Promise; }