/// <reference types="node" />
import { IncomingMessage } from 'http';
import { AxiosRequestConfig } from 'axios';
import { Jwt, JwtPayload } from 'jsonwebtoken';
import { TokenKey } from './xsuaa-service-types';
import { Cache } from './cache';
import type { RegisteredJWTClaimsTenant } from './tenant';
import type { RegisteredJWTClaimsUser } from './user';
/**
 * Decode JWT.
 * @param token - JWT to be decoded
 * @returns Decoded payload.
 */
export declare function decodeJwt(token: string): JwtPayload;
/**
 * Decode JWT and return the complete decoded token.
 * @param token - JWT to be decoded.
 * @returns Decoded token containing payload, header and signature.
 */
export declare function decodeJwtComplete(token: string): Jwt;
/**
 * Retrieve JWT from a request that is based on the node `IncomingMessage`. Fails if no authorization header is given or has the wrong format. Expected format is 'Bearer <TOKEN>'.
 * @param req - Request to retrieve the JWT from
 * @returns JWT found in header
 */
export declare function retrieveJwt(req: IncomingMessage): string | undefined;
/**
 * Verifies the given JWT and returns the decoded payload.
 * @param token - JWT to be verified
 * @param options - Options to control certain aspects of JWT verification behavior.
 * @returns A Promise to the decoded and verified JWT.
 */
export declare function verifyJwt(token: string, options?: VerifyJwtOptions): Promise<JwtPayload>;
/**
 * Options to control certain aspects of JWT verification behavior.
 */
export interface VerifyJwtOptions {
    cacheVerificationKeys?: boolean;
}
export declare const verificationKeyCache: Cache<TokenKey>;
/**
 * Verifies the given JWT with the given key and returns the decoded payload.
 * @param token - JWT to be verified.
 * @param key - Key to use for verification.
 * @returns A Promise to the decoded and verified JWT.
 */
export declare function verifyJwtWithKey(token: string, key: string): Promise<JwtPayload>;
/**
 * Get the issuer URL of a decoded JWT.
 * @param decodedToken - Token to read the issuer URL from.
 * @returns The issuer URL if available.
 */
export declare function issuerUrl(decodedToken: JwtPayload): string | undefined;
/**
 * Retrieve the audiences of a decoded JWT based on the audiences and scopes in the token.
 * @param decodedToken - Token to retrieve the audiences from.
 * @returns A set of audiences.
 */
export declare function audiences(decodedToken: JwtPayload): Set<string>;
/**
 * Wraps the access token in header's authorization.
 * @param token - Token to attach in request header
 * @returns The request header that holds the access token
 */
export declare function wrapJwtInHeader(token: string): AxiosRequestConfig;
export declare function readPropertyWithWarn(jwtPayload: JwtPayload, property: string): any;
/**
 * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
 * Interface to represent the registered claims of a JWT.
 */
export declare type RegisteredJWTClaims = RegisteredJWTClaimsBasic & RegisteredJWTClaimsUser & RegisteredJWTClaimsTenant;
/**
 * @deprecated Since v1.46.0. This interface will not be replaced. Use the higher level JWT types directly.
 * Interface to represent the basic properties like issuer, audience etc.
 */
export interface RegisteredJWTClaimsBasic {
    iss?: string;
    exp?: number;
    sub?: string;
    aud?: string[];
    nbf?: string;
    iat?: number;
    jti?: string;
}
/**
 * @deprecated Since v1.46.0. Use `JwtHeader` instead.
 * Interface to represent the basic properties of a JWT header.
 */
export interface JWTHeader {
    alg: string;
    typ: string;
    jku?: string;
}
/**
 * @deprecated Since v1.20.0. Use [[JWTPayload]] if you want to represent the decoded JWT payload or [[CompleteDecodedJWT]] for the full decoded object.
 * Interface to represent the payload of a JWT.
 */
export interface DecodedJWT extends RegisteredJWTClaims {
    [otherKey: string]: any;
}
/**
 * @deprecated Since v1.46.0. Use `JwtPayload` instead.
 * Interface to represent the payload of a JWT.
 */
export interface JWTPayload extends RegisteredJWTClaims {
    [otherKey: string]: any;
}
/**
 * @deprecated Since v1.46.0. Use `Jwt` instead.
 * Interface to represent header and  payload of a JWT.
 */
export interface CompleteDecodedJWT extends RegisteredJWTClaims {
    header: JWTHeader;
    payload: JWTPayload;
    signature: string;
}
export declare type JwtKeyMapping<InterfaceT, JwtKeysT> = {
    [key in keyof InterfaceT]: {
        keyInJwt: JwtKeysT extends string ? JwtKeysT : keyof JwtKeysT;
        extractorFunction: (jwtPayload: JwtPayload) => any;
    };
};
/**
 * Checks if a given key is present in the decoded JWT. If not, an error is thrown.
 * @param key - The key of the representation in typescript
 * @param mapping - The mapping between the typescript keys and the JWT key
 * @param jwtPayload - JWT payload to check fo the given key.
 */
export declare function checkMandatoryValue<InterfaceT, JwtKeysT>(key: keyof InterfaceT, mapping: JwtKeyMapping<InterfaceT, JwtKeysT>, jwtPayload: JwtPayload): void;
/**
 * Object holding a decoded JWT payload received by decoding the encoded string also in this object.
 */
export interface JwtPair {
    decoded: JwtPayload;
    encoded: string;
}
/**
 * The user JWT can be a full JWT containing user information but also a reduced one setting only the iss value
 * This method divides the two cases.
 * @param token - Token to be investigated
 * @returns Boolean value with true if the input is a UserJwtPair
 */
export declare function isUserToken(token: JwtPair | undefined): token is JwtPair;
//# sourceMappingURL=jwt.d.ts.map