import { OAuthTokenIntrospectionResponse, RealmPrincipal } from '@sage-bionetworks/synapse-client';
export type SessionState = {
    token: string | undefined;
    realmId: string | undefined;
    userId: string | undefined;
    isAuthenticated: boolean;
    hasInitializedSession: boolean;
};
export type SynapseSessionManagerOptions = {
    /** The realm that an unauthenticated user should be signed in to. Defaults to "0", the public Synapse realm */
    defaultRealm?: string;
    /** If defined, specifies the allowable elapsed time in seconds since the last time the End-User was actively authenticated.
     * If the elapsed time is greater than this value, the session will be cleared and the user will have to re-authenticate. */
    maxAge?: number;
    /** Called if the user is not authenticated when the session is initialized. */
    onMissingExpectedAuthentication?: () => void;
    /** Called when a stored token fails validation (e.g. expired). Called after the session manager signs out.
     * If not provided, the session manager will call `window.location.reload()` after signing out. */
    onSessionInvalid?: () => void;
};
/**
 * Framework-agnostic session manager for Synapse applications.
 *
 * Handles the full session lifecycle: token retrieval from browser cookies,
 * token validation via OAuth2 introspection, periodic refresh, and sign-out.
 *
 * Can be used directly from any JavaScript context (GWT/JsInterop, vanilla JS, etc.)
 * or wrapped by a framework-specific adapter (e.g. a React hook via `useSyncExternalStore`).
 *
 * Implements the external store contract: use {@link subscribe} and {@link getSnapshot}
 * to integrate with React's `useSyncExternalStore`, or any other subscription-based framework.
 */
export declare class SynapseSessionManager {
    private state;
    private listeners;
    private intervalId;
    private options;
    constructor(options?: SynapseSessionManagerOptions);
    /**
     * Subscribe to state changes. The listener is called whenever session state is updated.
     * @returns an unsubscribe function.
     *
     * Compatible with React's `useSyncExternalStore(manager.subscribe, manager.getSnapshot)`.
     */
    subscribe(listener: () => void): () => void;
    /**
     * Get the current session state snapshot. Returns a stable reference that only
     * changes when the state is updated.
     *
     * Compatible with React's `useSyncExternalStore(manager.subscribe, manager.getSnapshot)`.
     */
    getSnapshot(): SessionState;
    /**
     * Get the server-side (SSR) snapshot: always returns the unauthenticated initial state.
     * Required by React's `useSyncExternalStore` when rendering on the server.
     */
    getServerSnapshot(): SessionState;
    /**
     * Update mutable options. Values are read at `refreshSession`/`clearSession` call time,
     * so changes take effect on the next refresh cycle.
     */
    setOptions(options: Pick<SynapseSessionManagerOptions, 'defaultRealm' | 'maxAge'>): void;
    /**
     * Start the session manager: performs an initial refresh and sets up the periodic refresh interval.
     */
    start(): void;
    /**
     * Stop the periodic refresh and clean up resources.
     */
    dispose(): void;
    /**
     * Refresh the session by reading the stored token, validating it, and updating state.
     * If no token is stored, initializes an anonymous session.
     * If the token is invalid, signs out and triggers onSessionInvalid (or reloads the page).
     */
    refreshSession(): Promise<void>;
    /**
     * Clear the current session by signing out and initializing an anonymous session.
     * Does NOT handle navigation/reload — the caller is responsible for that.
     */
    clearSession(): Promise<void>;
    /**
     * Attempt to get the stored access token from the browser cookie.
     * Returns the token string, or undefined if not found or on error.
     */
    static getStoredToken(): Promise<string | undefined>;
    /**
     * Validate the token by calling the token introspection service.
     * @return the introspection response if valid, or null if the token is invalid
     */
    static validateToken(accessToken: string, maxAge?: number): Promise<OAuthTokenIntrospectionResponse | null>;
    /**
     * Get the realm principals for the current token.
     */
    static getCurrentRealmPrincipals(accessToken: string): Promise<RealmPrincipal>;
    /**
     * Initialize the session for an anonymous user.
     * @return the new anonymous token.
     */
    private initAnonymousUserState;
    private updateState;
    private emitChange;
}
//# sourceMappingURL=SynapseSessionManager.d.ts.map