import { Logger } from '@n8n/backend-common';
import { GlobalConfig } from '@n8n/config';
import type { AuthenticatedRequest, CredentialsEntity, ICredentialsDb } from '@n8n/db';
import { CredentialsRepository } from '@n8n/db';
import type { Response } from 'express';
import { Cipher } from 'n8n-core';
import type { ICredentialDataDecryptedObject, IWorkflowExecuteAdditionalData } from 'n8n-workflow';
import { CredentialsFinderService } from '../credentials/credentials-finder.service';
import { CredentialsHelper } from '../credentials-helper';
import type { OAuthRequest } from '../requests';
import { UrlService } from '../services/url.service';
import { ExternalHooks } from '../external-hooks';
import { OauthVersion, type CreateCsrfStateData, type CsrfState, type OAuth1CredentialData } from './types';
import { DynamicCredentialsProxy } from '../credentials/dynamic-credentials-proxy';
export declare function shouldSkipAuthOnOAuthCallback(): boolean;
export declare const skipAuthOnOAuthCallback: boolean;
export { OauthVersion, type OAuth1CredentialData, type CreateCsrfStateData, type CsrfState };
export declare class OauthService {
    protected readonly logger: Logger;
    private readonly credentialsHelper;
    private readonly credentialsRepository;
    private readonly credentialsFinderService;
    private readonly urlService;
    private readonly globalConfig;
    private readonly externalHooks;
    private readonly cipher;
    private readonly dynamicCredentialsProxy;
    constructor(logger: Logger, credentialsHelper: CredentialsHelper, credentialsRepository: CredentialsRepository, credentialsFinderService: CredentialsFinderService, urlService: UrlService, globalConfig: GlobalConfig, externalHooks: ExternalHooks, cipher: Cipher, dynamicCredentialsProxy: DynamicCredentialsProxy);
    private validateOAuthUrlOrThrow;
    getBaseUrl(oauthVersion: OauthVersion): string;
    getCredentialForUpdate(req: OAuthRequest.OAuth1Credential.Auth | OAuthRequest.OAuth2Credential.Auth): Promise<CredentialsEntity>;
    protected getAdditionalData(): Promise<IWorkflowExecuteAdditionalData>;
    protected getDecryptedDataForAuthUri(credential: ICredentialsDb, additionalData: IWorkflowExecuteAdditionalData): Promise<ICredentialDataDecryptedObject>;
    protected getDecryptedDataForCallback(credential: ICredentialsDb, additionalData: IWorkflowExecuteAdditionalData): Promise<ICredentialDataDecryptedObject>;
    private getDecryptedData;
    protected applyDefaultsAndOverwrites<T>(credential: ICredentialsDb, decryptedData: ICredentialDataDecryptedObject, additionalData: IWorkflowExecuteAdditionalData): Promise<T>;
    encryptAndSaveData(credential: ICredentialsDb, toUpdate: ICredentialDataDecryptedObject, toDelete?: string[]): Promise<void>;
    static extractAccountIdentifier(tokenData: Record<string, unknown>): string | undefined;
    protected getCredentialWithoutUser(credentialId: string): Promise<CredentialsEntity | null>;
    createCsrfState(data: CreateCsrfStateData): Promise<[string, string]>;
    protected decodeCsrfState(encodedState: string, req: AuthenticatedRequest): Promise<[CsrfState & CreateCsrfStateData, CredentialsEntity | null]>;
    protected verifyCsrfState(decrypted: ICredentialDataDecryptedObject & {
        csrfSecret?: string;
    }, state: CsrfState): boolean;
    resolveCredential<T>(req: OAuthRequest.OAuth1Credential.Callback | OAuthRequest.OAuth2Credential.Callback): Promise<[
        CredentialsEntity,
        ICredentialDataDecryptedObject,
        T,
        CsrfState & CreateCsrfStateData
    ]>;
    renderCallbackError(res: Response, message: string, reason?: string): void;
    getOAuthCredentials<T>(credential: CredentialsEntity): Promise<T>;
    private hasEditableScopeProperty;
    generateAOauth2AuthUri(credential: CredentialsEntity, csrfData: CreateCsrfStateData): Promise<string>;
    generateAOauth1AuthUri(credential: CredentialsEntity, csrfData: CreateCsrfStateData): Promise<string>;
    private convertCredentialToOptions;
    private discoverProtectedResourceMetadata;
    private selectGrantTypeAndAuthenticationMethod;
    private mapGrantTypeAndAuthenticationMethod;
    saveDynamicCredential(credential: CredentialsEntity, oauthTokenData: ICredentialDataDecryptedObject, authHeader: string, credentialResolverId: string, authMetadata?: Record<string, unknown>): Promise<void>;
}