import type { CachingOptions } from './cache';
import type { DestinationOptions, IasOptions, IasOptionsTechnicalUser } from './destination';
import type { Service } from './environment-accessor';
import type { ClientCredentialsResponse } from './xsuaa-service-types';
import type { JwtPayload } from './jsonwebtoken-type';
export { identityServicesCache } from './environment-accessor';
/**
 * @internal
 * Represents the response to an IAS token request using client credentials or JWT bearer grant.
 * This interface extends the XSUAA `ClientCredentialsResponse` response with IAS-specific fields.
 */
export interface IasTokenResponse extends ClientCredentialsResponse {
    /**
     * Audience claim from the JWT token.
     */
    aud: string | string[];
    /**
     * IAS API resources. Empty when no resource parameter is specified in the token request.
     */
    ias_apis: string[];
    /**
     * The SCIM ID of the user (not present for technical user tokens).
     */
    scim_id?: string;
    /**
     * Custom issuer claim from the JWT token.
     */
    custom_iss?: string;
    /**
     * Application tenant ID claim from the JWT token.
     */
    app_tid?: string;
    /**
     * IAS tokens don't have scope property.
     */
    scope: '';
    /**
     * @internal
     */
    refresh_token?: string;
}
/**
 * @internal
 * Checks whether the IAS token to XSUAA token exchange should be applied.
 * @param options - Configuration for how to retrieve destinations from the destination service.
 * @returns A boolean value, that indicates whether the token exchange should be applied.
 */
export declare function shouldExchangeToken(options: DestinationOptions): boolean;
/**
 * Make a client credentials request against the IAS OAuth2 endpoint.
 * Supports both certificate-based (mTLS) and client secret authentication.
 * @param service - Service as it is defined in the environment variable.
 * @param options - Options for token fetching, including authenticationType to specify authentication mode, optional resource parameter for app2app, appTid for multi-tenant scenarios, and extraParams for additional OAuth2 parameters.
 * @returns Client credentials token response.
 * @internal
 */
export declare function fetchIasToken(service: string | Service, options?: IasOptions & CachingOptions & {
    jwt?: JwtPayload;
}): Promise<IasTokenResponse>;
/**
 * Resolves `app_tid` based on supplied IAS options and tenant context.
 * @param iasOptions - IAS technical user options.
 * @param service - Service binding for identity service.
 * @param jwt - Optional JWT payload for current-tenant context.
 * @returns The BTP app_tid based on `requestAs` configuration.
 * @internal
 */
export declare function getIasAppTid(iasOptions: IasOptionsTechnicalUser, service: Service, jwt?: JwtPayload): string | undefined;