import type { GuestRequest, LoginRequest, Oauth, RefreshTokenRequest, RegisterRequest, SendResetPasswordEmailRequest, UpdatePasswordByHashRequest, UpdatePasswordRequest } from '../types/api/auth';
import type { RpcContext } from '../types/api/context';
import type { Log } from '../utils/log';
/**
 * Options for configuring the OAuth client.
 */
export interface OAuthOptions {
    clientId: string;
    clientSecret: string;
    apiHost: string;
    additionalHeaders?: HeadersInit;
}
/**
 * Error thrown when OAuth API request fails.
 */
export declare class OAuthRequestError extends Error {
    constructor(message: string, options?: ErrorOptions);
}
/**
 * Creates and returns an OAuthClient instance using the provided RPC context.
 *
 * @param context The RPC context containing OAuth configuration.
 *
 * @returns An instance of the OAuthClient.
 *
 * @throws {Error} If OAuth configuration is missing in the context.
 */
export declare function getOAuthClient(context: RpcContext): OAuthClient;
/**
 * A client for interacting with the Checkout Authentication API
 *
 * @see https://scayle.dev/en/api-guides/authentication-api/
 */
export declare class OAuthClient {
    /**
     * Headers for API requests.
     */
    headers: HeadersInit;
    /**
     * Base URL for the API.
     */
    baseURL: string;
    /**
     * Logger instance.
     */
    logger?: Log;
    /**
     * OAuth client ID.
     */
    clientId: string;
    /**
     * Creates a new instance of the OAuthClient.
     *
     * @param options OAuth client options.
     * @param logger Optional logger instance.
     *
     * @throws {MissingCredentialsError} If client ID or client secret are missing.
     */
    constructor(options: OAuthOptions, logger?: Log);
    /**
     * Register a new User and receive an access token.
     *
     * @param payload The registration data.
     *
     * @returns The OAuth response containing access and refresh tokens.
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/oauth-client/create-new-user
     */
    register(payload: RegisterRequest): Promise<Oauth>;
    /**
     * Login a User and receive an access token.
     *
     * @param payload The login credentials, including the `shopId`.
     *
     * @returns The OAuth response containing access and refresh tokens.
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/oauth-client/log-in-users
     */
    login(payload: LoginRequest): Promise<Oauth>;
    /**
     * Login a User as a guest and receive an access token.
     *
     * @param payload The guest login data.
     *
     * @returns The OAuth response containing access and refresh tokens.
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/oauth-client/log-in-users-as-guest
     */
    guestLogin(payload: GuestRequest): Promise<Oauth>;
    /**
     * Send a reset password email to a User.
     *
     * @param payload The data for sending the reset password email.
     *
     * @returns Nothing (resolves when the request completes successfully).
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/oauth-client/send-password-reset-email
     */
    sendPasswordResetEmail(payload: SendResetPasswordEmailRequest): Promise<void>;
    /**
     * Update password by using hash.
     * All older tokens of the User are also invalidated.
     *
     * @param payload The data for updating the password by hash.
     *
     * @returns The new OAuth response with updated tokens.
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/oauth-client/update-password-by-hash
     */
    updatePasswordByHash(payload: UpdatePasswordByHashRequest): Promise<Oauth>;
    /**
     * Update password via plain string.
     *
     * @param payload The data for updating the password (current and new password).
     * @param accessToken The current access token.
     *
     * @returns Nothing (resolves when the request completes successfully).
     */
    updatePassword(payload: UpdatePasswordRequest, accessToken: string): Promise<void>;
    /**
     * Generate a new access token via a refresh token.
     *
     * @param payload The refresh token request data.
     * @returns The new OAuth response with updated access token.
     */
    refreshToken(payload: RefreshTokenRequest): Promise<Oauth>;
    /**
     * Validate a token.
     *
     * @param accessToken The access token to validate.
     *
     * @returns Nothing (resolves if the token is valid, rejects otherwise).
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/bearer-auth/validate-present-token
     */
    validateToken(accessToken: string): Promise<void>;
    /**
     * Revoke an Access Token and all related Refresh Tokens.
     *
     * Uses a valid Bearer Access Token in the Authorization header and will
     * revoke the token with the given ID (_which could be a different token_).
     * If a external identity provider was used for the target token,
     * the corresponding IDP-AccessToken and IDP-RefreshToken will be revoked as well.
     * In case the identity provider does not support revoking tokens over api calls
     * (_because a frontend redirect is required_) this step will be skipped and the IDP-Tokens
     * will remain valid until they expire or are revoked from IDP side.
     *
     * @param shopId The ID of the shop.
     * @param accessToken The access token to use for authorization.
     * @returns Nothing (resolves when the token is successfully revoked).
     *
     * @see https://scayle.dev/en/api-guides/authentication-api/resources/bearer-auth/delete-access-token-with-id
     */
    revokeToken(shopId: number, accessToken: string): Promise<void>;
    /**
     * Generate a new token based on authorization code.
     *
     * @param code The authorization code.
     *
     * @returns The new OAuth response.
     */
    generateToken(code: string): Promise<Oauth>;
}