import type { OIDCConfig, SignalKPermission } from './types';
/**
 * Map OIDC groups to Signal K permission level
 *
 * Priority:
 * 1. If user is in any admin group → 'admin'
 * 2. Else if user is in any readwrite group → 'readwrite'
 * 3. Else → defaultPermission (typically 'readonly')
 *
 * **Limitations:**
 * - Group matching is **case-sensitive** (e.g., 'Admins' ≠ 'admins')
 * - Groups must be present in the **ID token** (not userinfo endpoint)
 * - Use `groupsAttribute` config to specify a custom claim name
 *
 * @param userGroups - Groups the user belongs to (from OIDC claims)
 * @param config - OIDC configuration with group mappings
 * @returns The mapped permission level
 */
export declare function mapGroupsToPermission(userGroups: string[] | undefined, config: OIDCConfig): SignalKPermission;
//# sourceMappingURL=permission-mapping.d.ts.map