import { BaseAuthAPI } from "./base-auth-api.js";
/**
 * The response from the authorize endpoint.
 */
export type AuthorizeResponse = {
    /**
     * The authorization request ID.
     */
    auth_req_id: string;
    /**
     * The duration in seconds until the authentication request expires.
     */
    expires_in: number;
    /**
     * The interval in seconds to wait between poll requests.
     */
    interval: number;
};
/**
 * Options for the authorize request.
 */
export type AuthorizeOptions = {
    /**
     * A human-readable string intended to be displayed on both the device calling /bc-authorize and the user’s authentication device.
     */
    binding_message: string;
    /**
     * A space-separated list of OIDC and custom API scopes.
     */
    scope: string;
    /**
     * Unique identifier of the audience for an issued token.
     */
    audience?: string;
    /**
     * Custom expiry time in seconds for this request.
     * @deprecated Use {@link AuthorizeOptions.requested_expiry} instead.
     */
    request_expiry?: string;
    /**
     * Custom expiry time in seconds for this request.
     */
    requested_expiry?: string;
    /**
     * The user ID.
     */
    userId: string;
    /**
     * Optional parameter for subject issuer context.
     */
    subjectIssuerContext?: string;
    /**
     * Optional authorization details to use Rich Authorization Requests (RAR).
     * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests
     */
    authorization_details?: string;
} & Record<string, string>;
export interface AuthorizationDetails {
    readonly type: string;
    readonly [parameter: string]: unknown;
}
/**
 * The response from the token endpoint.
 */
export type TokenResponse = {
    /**
     * The access token.
     */
    access_token: string;
    /**
     * The refresh token, available with the `offline_access` scope.
     */
    refresh_token?: string;
    /**
     * The user's ID Token.
     */
    id_token: string;
    /**
     * The token type of the access token.
     */
    token_type?: string;
    /**
     * The duration in seconds that the access token is valid.
     */
    expires_in: number;
    /**
     * The scopes associated with the token.
     */
    scope: string;
    /**
     * Optional authorization details when using Rich Authorization Requests (RAR).
     * @see https://auth0.com/docs/get-started/apis/configure-rich-authorization-requests
     */
    authorization_details?: AuthorizationDetails[];
};
/**
 * Options for the token request.
 */
export type TokenOptions = {
    /**
     * The authorization request ID.
     */
    auth_req_id: string;
};
/**
 * Interface for the backchannel authentication.
 */
export interface IBackchannel {
    authorize: (options: AuthorizeOptions) => Promise<AuthorizeResponse>;
    backchannelGrant: (options: TokenOptions) => Promise<TokenResponse>;
}
/**
 * Class implementing the backchannel authentication flow.
 */
export declare class Backchannel extends BaseAuthAPI implements IBackchannel {
    /**
     * Initiates a CIBA authorization request.
     *
     * @param {AuthorizeOptions} options - The options for the request.
     * @returns {Promise<AuthorizeResponse>} - The authorization response.
     *
     * @throws {Error} - If the request fails.
     */
    authorize({ userId, ...options }: AuthorizeOptions): Promise<AuthorizeResponse>;
    /**
     * Handles the backchannel grant flow for authentication. Client can poll this method at regular intervals to check if the backchannel auth request has been approved.
     *
     * @param {string} auth_req_id - The authorization request ID. This value is returned from the call to /bc-authorize. Once you have exchanged an auth_req_id for an ID and access token, it is no longer usable.
     * @returns {Promise<TokenResponse>} - A promise that resolves to the token response.
     *
     * @throws {Error} - Throws an error if the request fails.
     *
     * If the authorizing user has not yet approved or rejected the request, you will receive a response like this:
     * ```json
     * {
     *   "error": "authorization_pending",
     *   "error_description": "The end-user authorization is pending"
     * }
     * ```
     *
     * If the authorizing user rejects the request, you will receive a response like this:
     * ```json
     * {
     *   "error": "access_denied",
     *   "error_description": "The end-user denied the authorization request or it has been expired"
     * }
     * ```
     *
     * If you are polling too quickly (faster than the interval value returned from /bc-authorize), you will receive a response like this:
     * ```json
     * {
     *   "error": "slow_down",
     *   "error_description": "You are polling faster than allowed. Try again in 10 seconds."
     * }
     * ```
     */
    backchannelGrant({ auth_req_id }: TokenOptions): Promise<TokenResponse>;
}