export type X509Certificate = import("crypto").X509Certificate;
export type ServiceCredentials = {
    clientid: string;
    url: string;
    /**
     * PEM-encoded client certificate
     */
    certificate?: string;
    /**
     * PEM-encoded client key
     */
    key?: string;
    /**
     * to be used as alternative authentication method to mTLS-based authentication. Must be defined when `certificate` is NOT defined.
     */
    clientsecret?: string;
};
export type IdentityServiceCredentials = {
    /**
     * tenant
     */
    app_tid: string;
};
export type XsuaaServiceCredentials = {
    xsappname: string;
    /**
     * domain of service
     */
    uaadomain: string;
    /**
     * URL to fetch tokens based on mTLS. Must be defined when `certificate` is defined.
     */
    certurl?: string;
};
export type XsaServiceCredentials = {
    xsappname: string;
    /**
     * URL to fetch tokens based on mTLS. Must be defined when `certificate` is defined.
     */
    certurl?: string;
};
export type UaaServiceCredentials = {
    /**
     * domain of service
     */
    uaadomain: string;
};
export type ServiceConfig = {
    /**
     * key/value object whose entries override default endpoints of service
     */
    endpoints?: object;
    /**
     * configures different kinds of validation
     */
    validation?: {
        jwks?: {
            shared?: boolean;
            expirationTime?: number;
            refreshPeriod?: number;
        };
    };
    /**
     * default configuration for requests against this Service
     */
    requests?: {
        timeout?: number;
    };
};
export type IdentityServiceConfig = {
    /**
     * configures different kinds of validation
     */
    validation?: {
        x5t?: {
            enabled?: boolean;
        };
        proofToken?: {
            enabled?: boolean;
        };
    };
    /**
     * list of security context extensions that implement a context => Promise\<void\> function called extendSecurityContext
     */
    extensions?: any[];
};
export type SecurityContextConfig = {
    /**
     * jwt token used to build the context
     */
    jwt?: string;
    /**
     * client certificate in PEM format
     */
    clientCertificatePem?: string;
    /**
     * parsed client certificate which will be automatically created from clientCertificatePem
     */
    clientCertificate?: X509Certificate;
    /**
     * correlation id that will be sent along with external requests
     */
    correlationId?: string;
    /**
     * request object from which the jwt and additional information, such as a correlation id and the forwarded client certificate, will be extracted if not provided directly
     */
    req?: Request;
    /**
     * if true, the SecurityContext is created without validating the token. Caution! This flag MUST NOT BE ENABLED, except for testing or when the token has already been validated before, e.g. in DwC contexts.
     */
    skipValidation?: boolean;
};
export type TokenFetchOptions = {
    /**
     * correlationId to correlate log entries with the request
     */
    correlationId?: string;
    /**
     * request timeout in ms
     */
    timeout?: number;
    /**
     * "jwt" or "opaque" (Default: "jwt")
     */
    token_format?: "jwt" | "opaque";
};
export type IdentityServiceTokenFetchOptions = {
    /**
     * can be used to override the app_tid from credentials for this token fetch
     */
    app_tid?: string;
    /**
     * name (or array of names) of API dependency to another application that shall be consumed with this token in the format urn:sap:identity:application:provider:name:<dependencyName>
     */
    resource?: string | string[];
};
export type XsuaaTokenFetchOptions = {
    /**
     * requested scope of token
     */
    scope?: string[];
    /**
     * (aka subdomain) the subdomain of a tenant on the same subaccount from which to fetch a token. Note that this parameter does NOT accept a tenant ID. To pass a zone ID, use the zid parameter instead.
     */
    tenant?: string;
    /**
     * the zone id from which to fetch a token
     */
    zid?: string;
    /**
     * additional authorities that can be freely chosen during token fetch that will be put into the token under az_attr claim (see https://github.com/cloudfoundry/uaa/blob/24c0c23fa36d7c604e365e1be4df658d55dcb211/docs/UAA-APIs.rst#support-for-additional-authorization-attributes)
     */
    authorities?: object;
};
export type GrantType = "client_credentials" | "password" | "urn:ietf:params:oauth:grant-type:jwt-bearer";
export type TokenFetchResponse = {
    /**
     * access token as JWT
     */
    access_token: string;
    /**
     * number of seconds until the access token expires
     */
    expires_in: number;
    token_type: string;
};
export type IdTokenFetchResponse = {
    /**
     * - ID token as JWT
     */
    id_token: string;
};
export type RefreshableTokenFetchResponse = {
    refresh_token: string;
};
export type IdentityServicePasswordTokenFetchResponse = TokenFetchResponse & IdTokenFetchResponse & RefreshableTokenFetchResponse;
export type IdentityServiceJwtBearerTokenFetchResponse = TokenFetchResponse & IdTokenFetchResponse & RefreshableTokenFetchResponse;
export type JwtHeader = {
    kid?: string;
    alg?: string;
};
/**
 * Standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.
 */
export type JwtPayload = {
    iss?: string;
    sub?: string;
    aud?: string | string[];
    exp?: number;
    nbf?: number;
    iat?: number;
    jti?: string;
};
//# sourceMappingURL=Types.d.ts.map