import { ICoreInjector } from '@tsdi/core';
import { AfterInit } from '@tsdi/components';
import { Strategy } from './Strategy';
import { IStrategyOption } from './IAuthenticator';
import { Context } from 'koa';
import { SessionStore, StateStore } from '../stores';
import { ValidationResult } from './results';
export declare type OIDCVerifyFunction = (ctx: Context, iss: string, sub: string, profile: any, jwtClaims?: string, accessToken?: string, refreshToken?: string, params?: any) => Promise<{
    user: any;
    info: any;
}>;
export interface OIDCConfigure {
    issuer?: string;
    authorizationURL?: string;
    tokenURL?: string;
    userInfoURL?: string;
    clientID: string;
    clientSecret: string;
    callbackURL?: string;
    registrationURL?: string;
    _raw?: any;
    nonce?: any;
    display?: string;
    prompt?: string;
    timestamp?: number;
    params?: any;
}
export interface OIDCOption extends IStrategyOption, OIDCConfigure {
    sessionKey?: string;
    identifierField?: string;
    scope: string | string[];
    store?: SessionStore;
    customHeaders?: any;
    skipUserProfile?: boolean | ((issuer: string, subject: string) => Promise<any>);
    passReqToCallback?: string;
    verify: OIDCVerifyFunction;
    getClient?: (issuer: string) => Promise<any>;
    /**
     * Return extra parameters to be included in the authorization request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting authorization.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    authorizationParams: (options: any) => any;
}
/**
 * OIDC authenticate strategy
 *
 * @export
 * @class OIDCStrategy
 * @extends {Strategy}
 * @implements {AfterInit}
 */
export declare class OIDCStrategy extends Strategy implements AfterInit {
    protected stateStore: StateStore;
    protected scope: string | string[];
    protected identifierField: string;
    protected issuer: string;
    protected sessionKey: string;
    protected tokenURL: string;
    protected authorizationURL: string;
    protected clientID: string;
    protected clientSecret: string;
    protected callbackURL?: string;
    protected userInfoURL?: string;
    protected customHeaders?: any;
    protected verify: OIDCVerifyFunction;
    protected passReqToCallback: string;
    protected skipUserProfile?: boolean | ((issuer: string, subject: string) => Promise<any>);
    /**
     * Return extra parameters to be included in the authorization request.
     *
     * Some OAuth 2.0 providers allow additional, non-standard parameters to be
     * included when requesting authorization.  Since these parameters are not
     * standardized by the OAuth 2.0 specification, OAuth 2.0-based authentication
     * strategies can overrride this function in order to populate these parameters
     * as required by the provider.
     *
     */
    protected authorizationParams: (options: any) => any;
    options: OIDCOption;
    injector: ICoreInjector;
    onAfterInit(): Promise<void>;
    authenticate(ctx: Context, options?: any): Promise<ValidationResult>;
    private shouldLoadUserProfile;
    private parseOAuthError;
    protected getConfigure(identifier: string): Promise<OIDCConfigure>;
    protected dynamicConfigure(identifier: string): Promise<OIDCConfigure>;
    protected manualConfigure(identifier: string): Promise<OIDCConfigure>;
    static ρAnn(): any;
}
export declare class Resolver {
    resolve(identifier: any): Promise<string>;
    static ρAnn(): any;
}