import { TokenParams as _TokenParams } from '@backstage/plugin-auth-node';
/** Represents any form of serializable JWK */
export interface AnyJWK extends Record<string, string> {
    use: 'sig';
    alg: string;
    kid: string;
    kty: string;
}
/**
 * @public
 * @deprecated import from `@backstage/plugin-auth-node` instead
 */
export type TokenParams = _TokenParams;
/**
 * A TokenIssuer is able to issue verifiable ID Tokens on demand.
 */
export type TokenIssuer = {
    /**
     * Issues a new ID Token
     */
    issueToken(params: _TokenParams): Promise<string>;
    /**
     * List all public keys that are currently being used to sign tokens, or have been used
     * in the past within the token expiration time, including a grace period.
     */
    listPublicKeys(): Promise<{
        keys: AnyJWK[];
    }>;
};
/**
 * A JWK stored by a KeyStore
 */
export type StoredKey = {
    key: AnyJWK;
    createdAt: Date;
};
/**
 * A KeyStore stores JWKs for later and shared use.
 */
export type KeyStore = {
    /**
     * Store a new key to be used for signing.
     */
    addKey(key: AnyJWK): Promise<void>;
    /**
     * Remove all keys with the provided kids.
     */
    removeKeys(kids: string[]): Promise<void>;
    /**
     * List all stored keys.
     */
    listKeys(): Promise<{
        items: StoredKey[];
    }>;
};