import type { Agents } from "got"; import type { MutualTLSOptions } from "./schema/config"; export interface DiscoveryOptions { timeout?: number; agent?: Agents; mTLS?: MutualTLSOptions; } /** * Rewrites any string value in a value (object, array, or primitive) that starts with * canonicalBase to use targetBase instead. Does not mutate the original. * Used for both OIDC discovery documents and resource server response bodies (e.g. links). * @param {*} value - Object, array or primitive to rewrite * @param {string} canonicalBase - Base URL to replace * @param {string} targetBase - Base URL to use instead * @returns {*} A copy of value with matching URLs rewritten */ export declare function rewriteUrlsInObject(value: T, canonicalBase: string, targetBase: string): T; /** * Rewrites URL fields in an OIDC discovery document so that endpoint URLs use the * target base. Leaves the discovery "issuer" field unchanged so that JWT iss claim * validation continues to work when the IdP still issues tokens with the canonical issuer. * @param {Object} doc - OIDC discovery document * @param {string} canonicalBase - Base URL to replace * @param {string} targetBase - Base URL to use instead * @returns {Object} Discovery document with endpoint URLs rewritten */ export declare function rewriteDiscoveryUrls(doc: Record, canonicalBase: string, targetBase: string): Record; export interface OpenIDDiscoveryMetadata { issuer: string; authorization_endpoint?: string; token_endpoint?: string; jwks_uri?: string; [key: string]: unknown; } /** * Rewrites a discovery document so endpoint URLs use the identity service base (e.g. gateway). * Single source of truth for canonical/target computation; used by both initial fetch and cache refresh. * @param {string} identityServiceUrl - Identity service base URL (e.g. gateway or https://identity.moneyhub.co.uk) * @param {Record} doc - Raw OIDC discovery document * @returns {Record} Discovery document with endpoint URLs rewritten (issuer unchanged) */ export declare function rewriteDiscoveryDocForIdentityUrl(identityServiceUrl: string, doc: Record): Record; /** * Fetches the raw OpenID discovery document from identityServiceUrl/oidc (no URL rewriting). * @param {string} identityServiceUrl - Identity service base URL * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings * @returns {Promise} Raw OpenID discovery metadata */ export declare function getDiscovery(identityServiceUrl: string, options?: DiscoveryOptions): Promise; /** * Fetches the OpenID discovery document from identityServiceUrl/oidc and rewrites * all endpoint URLs (but not the issuer field) to use the configured identity service url, so that * when used behind a gateway all OIDC traffic goes through the gateway. * @param {string} identityServiceUrl - Identity service URL (e.g. https://identity.moneyhub.co.uk) * @param {DiscoveryOptions} options - Optional timeout, agent or mTLS settings * @returns {Promise} OpenID discovery metadata with URLs rewritten for the gateway */ export declare function getDiscoveryWithGatewayUrl(identityServiceUrl: string, options?: DiscoveryOptions): Promise; /** * Infers the canonical API base from a response link URL (e.g. links.self) by taking * origin and path up to and including the version segment (e.g. /v3). * @param {string} linkUrl - Full link URL from a resource response * @returns {string|null} Canonical base URL or null if it cannot be inferred */ export declare function inferCanonicalBaseFromLinkUrl(linkUrl: string): string | null; /** * Rewrites URL strings in a resource server response body (e.g. links.self, links.next, * links.prev) so that any canonical API base is replaced with resourceServerUrl. * Returns the body unchanged if no links or no canonical base can be inferred. * @param {*} body - Resource server response body (typically with a links property) * @param {string} resourceServerUrl - Base URL for the resource server (e.g. gateway URL) * @returns {*} Body with link URLs rewritten to use resourceServerUrl */ export declare function rewriteResourceServerResponseUrls(body: T, resourceServerUrl: string): T; //# sourceMappingURL=discovery.d.ts.map