/**
 * Authentication service for Zalo API
 */
import { ZaloClient } from "../clients/zalo-client";
import { AccessToken, RefreshTokenResponse, AuthCodeParams, RefreshTokenParams, SocialUserInfo, TokenValidation, AuthScope, PKCEConfig, AuthUrls, OAAuthResult } from "../types/auth";
/**
 * Authentication service for handling OAuth flows and token management
 */
export declare class AuthService {
    private readonly client;
    private readonly appId;
    private readonly appSecret;
    private readonly endpoints;
    constructor(client: ZaloClient, appId: string, appSecret: string);
    /**
     * Generate PKCE code verifier and challenge for Social API
     */
    generatePKCE(): PKCEConfig;
    /**
     * Create OAuth authorization URL for Official Account with PKCE support
     *
     * @param redirectUri - The redirect URI after authorization
     * @param state - Optional state parameter for security. If not provided, auto-generates with 'zalo_oa_' prefix
     * @param usePkce - Whether to use PKCE for enhanced security. If true and pkce not provided, will auto-generate
     * @param pkce - Optional PKCE configuration for enhanced security. If usePkce=true and this is not provided, will be auto-generated
     * @returns Object containing the authorization URL, state, and PKCE config (if used)
     */
    createOAAuthUrl(redirectUri: string, state?: string, pkce?: PKCEConfig, usePkce?: boolean): OAAuthResult;
    /**
     * Create OAuth authorization URL for Social API
     */
    createSocialAuthUrl(redirectUri: string, state?: string, pkce?: PKCEConfig): string;
    /**
     * Exchange authorization code for Official Account access token
     * Now supports PKCE code_verifier for enhanced security
     */
    getOAAccessToken(params: AuthCodeParams): Promise<AccessToken>;
    /**
     * Exchange authorization code for Social API access token
     */
    getSocialAccessToken(params: AuthCodeParams): Promise<AccessToken>;
    /**
     * Refresh Official Account access token
     */
    refreshOAAccessToken(params: RefreshTokenParams): Promise<AccessToken>;
    /**
     * Refresh Social API access token
     */
    refreshSocialAccessToken(params: RefreshTokenParams): Promise<RefreshTokenResponse>;
    /**
     * Get Social user information
     */
    getSocialUserInfo(accessToken: string, fields?: string): Promise<SocialUserInfo>;
    /**
     * Validate access token by attempting to get user info
     */
    validateAccessToken(accessToken: string, scope?: AuthScope): Promise<TokenValidation>;
    /**
     * Get all authentication URLs with optional PKCE support
     */
    getAuthUrls(redirectUri: string, usePkce?: boolean, pkce?: PKCEConfig): AuthUrls;
}
//# sourceMappingURL=auth.service.d.ts.map