/// <reference types="node" />
import { AnyObject, ErrorData, JWTString } from '@naturalcycles/js-lib';
import type { Algorithm, VerifyOptions, JwtHeader, SignOptions } from 'jsonwebtoken';
import * as jsonwebtoken from 'jsonwebtoken';
import { AnySchemaTyped } from '../validation/joi/joi.model';
export { jsonwebtoken };
export type { Algorithm, VerifyOptions, SignOptions, JwtHeader };
export interface JWTServiceCfg {
    /**
     * Public key is required to Verify incoming tokens.
     * Optional if you only want to Decode or Sign.
     */
    publicKey?: string | Buffer;
    /**
     * Private key is required to Sign (create) outgoing tokens.
     * Optional if you only want to Decode or Verify.
     */
    privateKey?: string | Buffer;
    /**
     * Recommended: ES256
     */
    algorithm: Algorithm;
    /**
     * If provided - will be applied to every Sign operation.
     */
    signOptions?: SignOptions;
    /**
     * If provided - will be applied to every Sign operation.
     */
    verifyOptions?: VerifyOptions;
    /**
     * If set - errors thrown from this service will be extended
     * with this errorData (in err.data)
     */
    errorData?: ErrorData;
}
/**
 * Wraps popular `jsonwebtoken` library.
 * You should create one instance of JWTService for each pair of private/public key.
 *
 * Generate key pair like this:
 * openssl ecparam -name secp256k1 -genkey -noout -out key.pem
 * openssl ec -in key.pem -pubout > key.pub.pem
 */
export declare class JWTService {
    cfg: JWTServiceCfg;
    constructor(cfg: JWTServiceCfg);
    sign<T extends AnyObject>(payload: T, schema?: AnySchemaTyped<T>, opt?: SignOptions): JWTString;
    verify<T extends AnyObject>(token: JWTString, schema?: AnySchemaTyped<T>, opt?: VerifyOptions): T;
    decode<T extends AnyObject>(token: JWTString, schema?: AnySchemaTyped<T>): {
        header: JwtHeader;
        payload: T;
        signature: string;
    };
}