import { t as getAccessToken } from "./user-BjHCUkBs.mjs";
import { scopes } from "virtual:wcz-layout";

//#region src/lib/auth/authHandlers.d.ts
/** GET /auth/login — start the flow: stash PKCE + state, redirect to Entra. */
declare function handleLogin(): Promise<Response>;
/** GET /auth/callback — finish the flow: validate state, exchange code, set session. */
declare function handleCallback(): Promise<Response>;
/** GET /auth/logout — clear the local session and sign out of the Entra session. */
declare function handleLogout(): Promise<Response>;
//#endregion
//#region src/lib/auth/msalServer.d.ts
/**
 * On-Behalf-Of flow: Exchange user token for a token to call downstream API
 * Use when: Server needs to call microservice on behalf of the logged-in user
 */
declare const getTokenOnBehalfOf: (userToken: string, scopeKey: keyof typeof scopes) => Promise<string>;
/**
 * Client Credentials flow: Get app-only token (no user context)
 * Use when: Background jobs, scheduled tasks, service-to-service calls
 */
declare const getAppToken: (scopeKey: keyof typeof scopes) => Promise<string>;
//#endregion
export { getAccessToken, getAppToken, getTokenOnBehalfOf, handleCallback, handleLogin, handleLogout };
//# sourceMappingURL=auth.d.mts.map