import { BaseAuthProvider } from "./BaseAuthProvider.js";
import type { AuthProviderConfig, SupabaseConfig, AuthUser, TokenValidationResult, AuthRequestContext, AuthHealthCheck, AuthProviderType } from "../../types/index.js";
/**
 * Supabase Authentication Provider
 *
 * Supports Supabase JWT validation and user management.
 * Can validate tokens locally with JWT secret or via Supabase API.
 *
 * Features:
 * - Local JWT validation with JWT secret
 * - API-based token validation
 * - User profile fetching (requires service role key)
 * - Role extraction from app_metadata
 *
 * @example
 * ```typescript
 * const supabase = new SupabaseAuthProvider({
 *   type: "supabase",
 *   url: "https://your-project.supabase.co",
 *   anonKey: "your-anon-key",
 *   jwtSecret: "your-jwt-secret" // Optional for local validation
 * });
 *
 * const result = await supabase.authenticateToken(accessToken);
 * if (result.valid) {
 *   console.log("Authenticated user:", result.user);
 * }
 * ```
 */
export declare class SupabaseAuthProvider extends BaseAuthProvider {
    readonly type: AuthProviderType;
    private supabaseUrl;
    private anonKey;
    private serviceRoleKey?;
    private jwtSecret?;
    constructor(config: AuthProviderConfig & SupabaseConfig);
    /**
     * Validate Supabase JWT
     */
    authenticateToken(token: string, _context?: AuthRequestContext): Promise<TokenValidationResult>;
    /**
     * Convert JWT payload to AuthUser
     */
    private payloadToUser;
    /**
     * Convert Supabase user to AuthUser
     */
    private supabaseUserToAuthUser;
    /**
     * Get user by ID via Supabase Admin API
     * Requires service role key
     */
    getUser(userId: string): Promise<AuthUser | null>;
    /**
     * Get user by email via Supabase Admin API
     * Requires service role key
     */
    getUserByEmail(email: string): Promise<AuthUser | null>;
    /**
     * Health check
     */
    healthCheck(): Promise<AuthHealthCheck>;
}