import { OIDCAuthState } from './types';
/**
 * Generate a cryptographically random state parameter
 * Used for CSRF protection in OAuth2 flows
 */
export declare function generateState(): string;
/**
 * Generate a cryptographically random nonce
 * Used for ID token replay protection
 */
export declare function generateNonce(): string;
/**
 * Create a complete auth state object for the OIDC flow
 */
export declare function createAuthState(redirectUri: string, originalUrl: string): OIDCAuthState;
/**
 * Validate that the returned state matches the stored state
 * and that the state hasn't expired
 */
export declare function validateState(returnedState: string, storedState: OIDCAuthState): void;
/**
 * Encrypt the auth state for storage in a cookie
 * Uses AES-256-GCM for authenticated encryption
 */
export declare function encryptState(state: OIDCAuthState, secretKey: string): string;
/**
 * Decrypt the auth state from a cookie
 */
export declare function decryptState(encryptedState: string, secretKey: string): OIDCAuthState;
//# sourceMappingURL=state.d.ts.map