import { Request, Response } from '@alinea/iso';
import type { Config } from 'alinea/core/Config';
import type { AuthApi, AuthedContext, RequestContext } from 'alinea/core/Connection';
export interface OAuth2Options {
    /**
     * OAuth2 clientId
     */
    clientId: string;
    /**
     * OAuth2 clientSecret
     *
     * This is required when using the 'client_secret_basic' authenticationMethod
     * for the client_credentials and password flows, but not authorization_code
     * or implicit.
     */
    clientSecret?: string;
    /**
     * The JSON Web Key Set (JWKS) URI.
     */
    jwksUri: string;
    /**
     * The /authorize endpoint.
     *
     * Required only for the browser-portion of the authorization_code flow.
     */
    authorizationEndpoint: string;
    /**
     * The token endpoint.
     *
     * Required for most grant types and refreshing tokens.
     */
    tokenEndpoint: string;
    /**
     * Revocation endpoint.
     *
     * Required for revoking tokens. Not supported by all servers.
     */
    revocationEndpoint?: string;
}
export declare class OAuth2 implements AuthApi {
    #private;
    constructor(context: RequestContext, config: Config, options: OAuth2Options);
    authenticate(request: Request): Promise<Response>;
    verify(request: Request): Promise<AuthedContext>;
}