import { OIDCAuthState, OIDCConfig, OIDCProviderMetadata, OIDCTokens } from './types';
type FetchFn = typeof fetch;
/**
 * Set the fetch function (for testing)
 */
export declare function setFetchFunction(fn: FetchFn): void;
/**
 * Reset the fetch function to the default
 */
export declare function resetFetchFunction(): void;
/**
 * Exchange an authorization code for tokens
 * @param code The authorization code from the callback
 * @param config OIDC configuration
 * @param metadata Discovery document metadata
 * @param authState The auth state containing code verifier
 * @returns The token response
 * @throws OIDCError if the exchange fails
 */
export declare function exchangeAuthorizationCode(code: string, config: OIDCConfig, metadata: OIDCProviderMetadata, authState: OIDCAuthState): Promise<OIDCTokens>;
/**
 * Fetch additional claims from the userinfo endpoint
 *
 * The ID token typically only contains minimal claims (sub, iss, aud, etc.).
 * Claims like groups, email, name are returned via the userinfo endpoint.
 *
 * @param accessToken The access token from the token response
 * @param metadata Discovery document metadata containing userinfo_endpoint
 * @param issuer The configured OIDC issuer URL (for hostname validation)
 * @returns Additional claims from the userinfo endpoint, or undefined if unavailable
 */
export declare function fetchUserinfo(accessToken: string, metadata: OIDCProviderMetadata, issuer: string): Promise<Record<string, unknown> | undefined>;
export {};
//# sourceMappingURL=token-exchange.d.ts.map