import { AfterInit } from '@tsdi/components';
import { OAuth2 } from './oauth2';
import { Strategy } from './Strategy';
import { IStrategyOption } from './IAuthenticator';
import { StateStore } from '../stores';
import { Context } from 'koa';
import { FailResult, SuccessResult, RedirectResult } from './results';
export declare type VerifyFunction = (accessToken: string, refreshToken: string, params: any, profile: object) => Promise<{
    user: any;
    info: any;
}>;
/**
 * oauth2 option.
 *
 * @export
 * @interface OAuth2Option
 * @extends {IStrategyOption}
 */
export interface OAuth2Option extends IStrategyOption {
    authorizationURL: string;
    tokenURL: string;
    verify: VerifyFunction;
    skipUserProfile: boolean;
    scopeSeparator: string;
    callbackURL?: string;
    scope?: string | string[];
    sessionKey?: string;
    clientSecret: string;
    customHeaders?: any;
    stateStore?: object | boolean;
    /**
     * Retrieve user profile from service provider.
     *
     * OAuth 2.0-based authentication strategies can overrride this function in
     * order to load the user's profile from the service provider.  This assists
     * applications (and users of those applications) in the initial registration
     * process by automatically submitting required information.
     */
    userProfile?: (accessToken: string) => Promise<any>;
    /**
     * Return extra parameters to be included in the token request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting an access token.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    tokenParams: (options: any) => any;
    /**
     * Return extra parameters to be included in the authorization request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting authorization.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    authorizationParams(options: any): any;
}
/**
* Creates an instance of `OAuth2Strategy`.
*
* The OAuth 2.0 authentication strategy authenticates requests using the OAuth
* 2.0 framework.
*
* OAuth 2.0 provides a facility for delegated authentication, whereby users can
* authenticate using a third-party service such as Facebook.  Delegating in
* this manner involves a sequence of events, including redirecting the user to
* the third-party service for authorization.  Once authorization has been
* granted, the user is redirected back to the application and an authorization
* code can be used to obtain credentials.
*
* Applications must supply a `verify` callback, for which the function
* signature is:
*
*     function(accessToken, refreshToken, profile, done) { ... }
*
* The verify callback is responsible for finding or creating the user, and
* invoking `done` with the following arguments:
*
*     done(err, user, info);
*
* `user` should be set to `false` to indicate an authentication failure.
* Additional `info` can optionally be passed as a third argument, typically
* used to display informational messages.  If an exception occured, `err`
* should be set.
*
* Params:
*
*   - `authorizationURL`  URL used to obtain an authorization grant
*   - `tokenURL`          URL used to obtain an access token
*   - `clientId`          identifies client to service provider
*   - `clientSecret`      secret used to establish ownership of the client identifer
*   - `callbackURL`       URL to which the service provider will redirect the user after obtaining authorization
*   - `passReqToCallback` when `true`, `req` is the first argument to the verify callback (default: `false`)
*
* Examples:
*
*     passport.use(new OAuth2Strategy({
*         authorizationURL: 'https://www.example.com/oauth2/authorize',
*         tokenURL: 'https://www.example.com/oauth2/token',
*         clientId: '123-456-789',
*         clientSecret: 'shhh-its-a-secret'
*         callbackURL: 'https://www.example.net/auth/example/callback'
*       },
*       function(accessToken, refreshToken, profile, done) {
*         User.findOrCreate(..., function (err, user) {
*           done(err, user);
*         });
*       }
*     ));
*
*/
export declare class OAuth2Strategy extends Strategy implements AfterInit {
    protected oauth2: OAuth2;
    protected stateStore: StateStore;
    protected clientId: string;
    protected authorizationURL: string;
    protected tokenURL: string;
    protected verify: VerifyFunction;
    protected skipUserProfile: boolean;
    protected scopeSeparator: string;
    protected callbackURL?: string;
    protected scope?: string | string[];
    protected sessionKey?: string;
    clientSecret: string;
    customHeaders?: any;
    /**
     * Retrieve user profile from service provider.
     *
     * OAuth 2.0-based authentication strategies can overrride this function in
     * order to load the user's profile from the service provider.  This assists
     * applications (and users of those applications) in the initial registration
     * process by automatically submitting required information.
     */
    protected userProfile: (accessToken: string) => Promise<any>;
    /**
     * Return extra parameters to be included in the token request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting an access token.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    protected tokenParams: (options: any) => any;
    /**
     * Return extra parameters to be included in the authorization request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting authorization.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    protected authorizationParams: (options: any) => any;
    onAfterInit(): Promise<void>;
    authenticate(ctx: Context, options?: any): Promise<FailResult | RedirectResult | SuccessResult>;
    /**
     * Parse error response from OAuth 2.0 endpoint.
     *
     * OAuth 2.0-based authentication strategies can overrride this function in
     * order to parse error responses received from the token endpoint, allowing the
     * most informative message to be displayed.
     *
     * If this function is not overridden, the body will be parsed in accordance
     * with RFC 6749, section 5.2.
     *
     */
    private parseOAuthError;
    /**
     * Load user profile, contingent upon options.
     *
     */
    private loadUserProfile;
    static ρAnn(): any;
}