@mochabug/adapt-sdk 0.1.1

package/dist/genproto/mochabugapis/adapt/plugins/v1/oauth2_service_pb.d.ts

@@ -0,0 +1,805 @@
+import type { GenEnum, GenFile, GenMessage } from "@bufbuild/protobuf/codegenv2";
+import type { File, FileJson } from "./file_pb";
+import type { Message } from "@bufbuild/protobuf";
+/**
+ * Describes the file mochabugapis/adapt/plugins/v1/oauth2_service.proto.
+ */
+export declare const file_mochabugapis_adapt_plugins_v1_oauth2_service: GenFile;
+/**
+ * OAuth2 service configuration
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Definition
+ */
+export type Oauth2Definition = Message<"mochabugapis.adapt.plugins.v1.Oauth2Definition"> & {
+    /**
+     * The OAuth2 grant type to be used.
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.Oauth2GrantType grant_type = 1;
+     */
+    grantType: Oauth2GrantType;
+    /**
+     * The requested scopes (OPTIONAL per RFC 6749 Section 3.3).
+     * If omitted, the authorization server will use a pre-defined default or fail.
+     *
+     * @generated from field: repeated string scopes = 2;
+     */
+    scopes: string[];
+    /**
+     * The client authentication method.
+     * REQUIRED when grant_type is:
+     *   - OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
+     *   - OAUTH2_GRANT_TYPE_CLIENT_CREDENTIALS
+     *
+     * MUST NOT be set when grant_type is:
+     *   - OAUTH2_GRANT_TYPE_JWT_BEARER
+     *   - OAUTH2_GRANT_TYPE_SAML2_BEARER
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.Oauth2AuthType auth_method = 3;
+     */
+    authMethod?: Oauth2AuthType;
+    /**
+     * Algorithm used for signing assertions.
+     * REQUIRED when:
+     *   - grant_type is OAUTH2_GRANT_TYPE_JWT_BEARER
+     *   - grant_type is OAUTH2_GRANT_TYPE_SAML2_BEARER
+     *   - auth_method is OAUTH2_AUTH_TYPE_PRIVATE_KEY_JWT
+     *   - auth_method is OAUTH2_AUTH_TYPE_SAML2_BEARER
+     *
+     * MUST NOT be set otherwise.
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.PrivateKeyAlg alg = 4;
+     */
+    alg?: PrivateKeyAlg;
+    /**
+     * Client ID.
+     * This is required when used as plugin_oauth2, but not onto a vertex => oauth2
+     *
+     * @generated from field: optional string client_id = 5;
+     */
+    clientId?: string;
+    /**
+     * The token endpoint URL.
+     *
+     * @generated from field: string token_endpoint = 6;
+     */
+    tokenEndpoint: string;
+    /**
+     * Configuration specific to the Authorization Code grant type.
+     * REQUIRED when grant_type is OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE.
+     * MUST NOT be set otherwise.
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.Oauth2Code code = 7;
+     */
+    code?: Oauth2Code;
+};
+/**
+ * OAuth2 service configuration
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Definition
+ */
+export type Oauth2DefinitionJson = {
+    /**
+     * The OAuth2 grant type to be used.
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.Oauth2GrantType grant_type = 1;
+     */
+    grantType?: Oauth2GrantTypeJson;
+    /**
+     * The requested scopes (OPTIONAL per RFC 6749 Section 3.3).
+     * If omitted, the authorization server will use a pre-defined default or fail.
+     *
+     * @generated from field: repeated string scopes = 2;
+     */
+    scopes?: string[];
+    /**
+     * The client authentication method.
+     * REQUIRED when grant_type is:
+     *   - OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE
+     *   - OAUTH2_GRANT_TYPE_CLIENT_CREDENTIALS
+     *
+     * MUST NOT be set when grant_type is:
+     *   - OAUTH2_GRANT_TYPE_JWT_BEARER
+     *   - OAUTH2_GRANT_TYPE_SAML2_BEARER
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.Oauth2AuthType auth_method = 3;
+     */
+    authMethod?: Oauth2AuthTypeJson;
+    /**
+     * Algorithm used for signing assertions.
+     * REQUIRED when:
+     *   - grant_type is OAUTH2_GRANT_TYPE_JWT_BEARER
+     *   - grant_type is OAUTH2_GRANT_TYPE_SAML2_BEARER
+     *   - auth_method is OAUTH2_AUTH_TYPE_PRIVATE_KEY_JWT
+     *   - auth_method is OAUTH2_AUTH_TYPE_SAML2_BEARER
+     *
+     * MUST NOT be set otherwise.
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.PrivateKeyAlg alg = 4;
+     */
+    alg?: PrivateKeyAlgJson;
+    /**
+     * Client ID.
+     * This is required when used as plugin_oauth2, but not onto a vertex => oauth2
+     *
+     * @generated from field: optional string client_id = 5;
+     */
+    clientId?: string;
+    /**
+     * The token endpoint URL.
+     *
+     * @generated from field: string token_endpoint = 6;
+     */
+    tokenEndpoint?: string;
+    /**
+     * Configuration specific to the Authorization Code grant type.
+     * REQUIRED when grant_type is OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE.
+     * MUST NOT be set otherwise.
+     *
+     * @generated from field: optional mochabugapis.adapt.plugins.v1.Oauth2Code code = 7;
+     */
+    code?: Oauth2CodeJson;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.Oauth2Definition.
+ * Use `create(Oauth2DefinitionSchema)` to create a new message.
+ */
+export declare const Oauth2DefinitionSchema: GenMessage<Oauth2Definition, {
+    jsonType: Oauth2DefinitionJson;
+}>;
+/**
+ * The code grant type
+ * IMPORTANT: it has to be configured with refresh token in order to work correctly
+ * this is not needed for client credentials of course since we are owning the client
+ * WE ONLY SUPPORT OIDC since we need the sub claim to distinguish between different users
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Code
+ */
+export type Oauth2Code = Message<"mochabugapis.adapt.plugins.v1.Oauth2Code"> & {
+    /**
+     * The auth endpoint (i.e. where it gets redirected for login)
+     *
+     * @generated from field: string auth_endpoint = 1;
+     */
+    authEndpoint: string;
+    /**
+     * Additional parameters used for the oauth2 login endpoint
+     * Do not include state or nonce here since we're generating them
+     * in the backend. All params will be encoded in the URL
+     *
+     * @generated from field: map<string, string> additional_params = 2;
+     */
+    additionalParams: {
+        [key: string]: string;
+    };
+    /**
+     * Whether or not to use the PKCE extension
+     *
+     * @generated from field: bool use_pkce = 3;
+     */
+    usePkce: boolean;
+};
+/**
+ * The code grant type
+ * IMPORTANT: it has to be configured with refresh token in order to work correctly
+ * this is not needed for client credentials of course since we are owning the client
+ * WE ONLY SUPPORT OIDC since we need the sub claim to distinguish between different users
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Code
+ */
+export type Oauth2CodeJson = {
+    /**
+     * The auth endpoint (i.e. where it gets redirected for login)
+     *
+     * @generated from field: string auth_endpoint = 1;
+     */
+    authEndpoint?: string;
+    /**
+     * Additional parameters used for the oauth2 login endpoint
+     * Do not include state or nonce here since we're generating them
+     * in the backend. All params will be encoded in the URL
+     *
+     * @generated from field: map<string, string> additional_params = 2;
+     */
+    additionalParams?: {
+        [key: string]: string;
+    };
+    /**
+     * Whether or not to use the PKCE extension
+     *
+     * @generated from field: bool use_pkce = 3;
+     */
+    usePkce?: boolean;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.Oauth2Code.
+ * Use `create(Oauth2CodeSchema)` to create a new message.
+ */
+export declare const Oauth2CodeSchema: GenMessage<Oauth2Code, {
+    jsonType: Oauth2CodeJson;
+}>;
+/**
+ * The actual oauth2 config
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Config
+ */
+export type Oauth2Config = Message<"mochabugapis.adapt.plugins.v1.Oauth2Config"> & {
+    /**
+     * The client id, required for client credentials on vertices only
+     *
+     * @generated from field: optional string client_id = 1;
+     */
+    clientId?: string;
+    /**
+     * The auth method is required to be set
+     *
+     * @generated from oneof mochabugapis.adapt.plugins.v1.Oauth2Config.auth_method
+     */
+    authMethod: {
+        /**
+         * Use basic authentication for the client
+         *
+         * @generated from field: mochabugapis.adapt.plugins.v1.BasicAuth basic_auth = 2;
+         */
+        value: BasicAuth;
+        case: "basicAuth";
+    } | {
+        /**
+         * Use form authentication for the client
+         *
+         * @generated from field: mochabugapis.adapt.plugins.v1.FormAuth form_auth = 3;
+         */
+        value: FormAuth;
+        case: "formAuth";
+    } | {
+        /**
+         * Use private JWT authentication for the client
+         *
+         * @generated from field: mochabugapis.adapt.plugins.v1.PrivateJWTAuth private_jwt_auth = 4;
+         */
+        value: PrivateJWTAuth;
+        case: "privateJwtAuth";
+    } | {
+        /**
+         * Use mTLS authentication for the client
+         *
+         * @generated from field: mochabugapis.adapt.plugins.v1.MTLSAuth mtls_auth = 5;
+         */
+        value: MTLSAuth;
+        case: "mtlsAuth";
+    } | {
+        /**
+         * Use SAML bearer authentication for the client
+         *
+         * @generated from field: mochabugapis.adapt.plugins.v1.SAMLAuth saml_auth = 6;
+         */
+        value: SAMLAuth;
+        case: "samlAuth";
+    } | {
+        /**
+         * In case we have code flow with consent
+         *
+         * @generated from field: bool consent = 7;
+         */
+        value: boolean;
+        case: "consent";
+    } | {
+        case: undefined;
+        value?: undefined;
+    };
+};
+/**
+ * The actual oauth2 config
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.Oauth2Config
+ */
+export type Oauth2ConfigJson = {
+    /**
+     * The client id, required for client credentials on vertices only
+     *
+     * @generated from field: optional string client_id = 1;
+     */
+    clientId?: string;
+    /**
+     * Use basic authentication for the client
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.BasicAuth basic_auth = 2;
+     */
+    basicAuth?: BasicAuthJson;
+    /**
+     * Use form authentication for the client
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.FormAuth form_auth = 3;
+     */
+    formAuth?: FormAuthJson;
+    /**
+     * Use private JWT authentication for the client
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.PrivateJWTAuth private_jwt_auth = 4;
+     */
+    privateJwtAuth?: PrivateJWTAuthJson;
+    /**
+     * Use mTLS authentication for the client
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.MTLSAuth mtls_auth = 5;
+     */
+    mtlsAuth?: MTLSAuthJson;
+    /**
+     * Use SAML bearer authentication for the client
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.SAMLAuth saml_auth = 6;
+     */
+    samlAuth?: SAMLAuthJson;
+    /**
+     * In case we have code flow with consent
+     *
+     * @generated from field: bool consent = 7;
+     */
+    consent?: boolean;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.Oauth2Config.
+ * Use `create(Oauth2ConfigSchema)` to create a new message.
+ */
+export declare const Oauth2ConfigSchema: GenMessage<Oauth2Config, {
+    jsonType: Oauth2ConfigJson;
+}>;
+/**
+ * Basic auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.BasicAuth
+ */
+export type BasicAuth = Message<"mochabugapis.adapt.plugins.v1.BasicAuth"> & {
+    /**
+     * The password
+     *
+     * @generated from field: string client_secret = 1;
+     */
+    clientSecret: string;
+};
+/**
+ * Basic auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.BasicAuth
+ */
+export type BasicAuthJson = {
+    /**
+     * The password
+     *
+     * @generated from field: string client_secret = 1;
+     */
+    clientSecret?: string;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.BasicAuth.
+ * Use `create(BasicAuthSchema)` to create a new message.
+ */
+export declare const BasicAuthSchema: GenMessage<BasicAuth, {
+    jsonType: BasicAuthJson;
+}>;
+/**
+ * Form auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.FormAuth
+ */
+export type FormAuth = Message<"mochabugapis.adapt.plugins.v1.FormAuth"> & {
+    /**
+     * The password
+     *
+     * @generated from field: string client_secret = 1;
+     */
+    clientSecret: string;
+};
+/**
+ * Form auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.FormAuth
+ */
+export type FormAuthJson = {
+    /**
+     * The password
+     *
+     * @generated from field: string client_secret = 1;
+     */
+    clientSecret?: string;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.FormAuth.
+ * Use `create(FormAuthSchema)` to create a new message.
+ */
+export declare const FormAuthSchema: GenMessage<FormAuth, {
+    jsonType: FormAuthJson;
+}>;
+/**
+ * Private JWT auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.PrivateJWTAuth
+ */
+export type PrivateJWTAuth = Message<"mochabugapis.adapt.plugins.v1.PrivateJWTAuth"> & {
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 1;
+     */
+    privateKey?: File;
+    /**
+     * Optional subject for impersonation
+     * If not provided, the client_id will be used as the subject
+     *
+     * @generated from field: optional string subject = 2;
+     */
+    subject?: string;
+};
+/**
+ * Private JWT auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.PrivateJWTAuth
+ */
+export type PrivateJWTAuthJson = {
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 1;
+     */
+    privateKey?: FileJson;
+    /**
+     * Optional subject for impersonation
+     * If not provided, the client_id will be used as the subject
+     *
+     * @generated from field: optional string subject = 2;
+     */
+    subject?: string;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.PrivateJWTAuth.
+ * Use `create(PrivateJWTAuthSchema)` to create a new message.
+ */
+export declare const PrivateJWTAuthSchema: GenMessage<PrivateJWTAuth, {
+    jsonType: PrivateJWTAuthJson;
+}>;
+/**
+ * mTLS auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.MTLSAuth
+ */
+export type MTLSAuth = Message<"mochabugapis.adapt.plugins.v1.MTLSAuth"> & {
+    /**
+     * The certificate in PEM format
+     * The content of the file must be PEM format after decoding
+     * If a certificate chain is presented. The server certificate must be the first one
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File certificate = 1;
+     */
+    certificate?: File;
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 2;
+     */
+    privateKey?: File;
+    /**
+     * The CA certificate in PEM format. Trusted server authority file
+     * The content of the file must be PEM format after decoding
+     * The content must contain a CERTIFICATE block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File ca_certificate = 3;
+     */
+    caCertificate?: File;
+    /**
+     * The expected hostname for certificate verification (SNI - Server Name Indication).
+     *
+     * If present, the client will:
+     * 1. Send this hostname in the TLS SNI extension during the handshake
+     * 2. Verify that the server's certificate authenticates this specific hostname
+     *
+     * If not provided:
+     * - The hostname is derived from the target upstream address
+     * - For IP addresses, certificate verification may fail unless the cert includes the IP as a SAN
+     *
+     * ## Use Cases
+     *
+     * 1. **IP-based connections with hostname certificates:**
+     *    - Upstream address: 192.168.1.100:443
+     *    - certificate_host: "api.example.com"
+     *    - Server presents cert for api.example.com
+     *
+     * 2. **Load balancers or proxies:**
+     *    - Upstream address: lb.internal:443
+     *    - certificate_host: "api.example.com"
+     *    - Verify against the public hostname, not internal LB name
+     *
+     * 3. **Shared hosting / Virtual hosting:**
+     *    - Multiple services on same IP, different certs via SNI
+     *    - Server selects correct certificate based on SNI hostname
+     *
+     * ## Certificate Verification
+     *
+     * The server certificate must contain this hostname in either:
+     * - Common Name (CN) field
+     * - Subject Alternative Name (SAN) extension
+     *
+     * ## Format
+     *
+     * Must be a valid hostname (DNS name), not an IP address.
+     * Examples: "api.example.com", "service.internal", "*.example.com" (for wildcard matching)
+     *
+     * @generated from field: optional string certificate_host = 4;
+     */
+    certificateHost?: string;
+};
+/**
+ * mTLS auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.MTLSAuth
+ */
+export type MTLSAuthJson = {
+    /**
+     * The certificate in PEM format
+     * The content of the file must be PEM format after decoding
+     * If a certificate chain is presented. The server certificate must be the first one
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File certificate = 1;
+     */
+    certificate?: FileJson;
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 2;
+     */
+    privateKey?: FileJson;
+    /**
+     * The CA certificate in PEM format. Trusted server authority file
+     * The content of the file must be PEM format after decoding
+     * The content must contain a CERTIFICATE block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File ca_certificate = 3;
+     */
+    caCertificate?: FileJson;
+    /**
+     * The expected hostname for certificate verification (SNI - Server Name Indication).
+     *
+     * If present, the client will:
+     * 1. Send this hostname in the TLS SNI extension during the handshake
+     * 2. Verify that the server's certificate authenticates this specific hostname
+     *
+     * If not provided:
+     * - The hostname is derived from the target upstream address
+     * - For IP addresses, certificate verification may fail unless the cert includes the IP as a SAN
+     *
+     * ## Use Cases
+     *
+     * 1. **IP-based connections with hostname certificates:**
+     *    - Upstream address: 192.168.1.100:443
+     *    - certificate_host: "api.example.com"
+     *    - Server presents cert for api.example.com
+     *
+     * 2. **Load balancers or proxies:**
+     *    - Upstream address: lb.internal:443
+     *    - certificate_host: "api.example.com"
+     *    - Verify against the public hostname, not internal LB name
+     *
+     * 3. **Shared hosting / Virtual hosting:**
+     *    - Multiple services on same IP, different certs via SNI
+     *    - Server selects correct certificate based on SNI hostname
+     *
+     * ## Certificate Verification
+     *
+     * The server certificate must contain this hostname in either:
+     * - Common Name (CN) field
+     * - Subject Alternative Name (SAN) extension
+     *
+     * ## Format
+     *
+     * Must be a valid hostname (DNS name), not an IP address.
+     * Examples: "api.example.com", "service.internal", "*.example.com" (for wildcard matching)
+     *
+     * @generated from field: optional string certificate_host = 4;
+     */
+    certificateHost?: string;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.MTLSAuth.
+ * Use `create(MTLSAuthSchema)` to create a new message.
+ */
+export declare const MTLSAuthSchema: GenMessage<MTLSAuth, {
+    jsonType: MTLSAuthJson;
+}>;
+/**
+ * SAML bearer auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.SAMLAuth
+ */
+export type SAMLAuth = Message<"mochabugapis.adapt.plugins.v1.SAMLAuth"> & {
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 1;
+     */
+    privateKey?: File;
+    /**
+     * The certificate in PEM format
+     * The content of the file must be PEM format after decoding
+     * If a certificate chain is presented. The server certificate must be the first one
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File certificate = 2;
+     */
+    certificate?: File;
+};
+/**
+ * SAML bearer auth
+ *
+ * @generated from message mochabugapis.adapt.plugins.v1.SAMLAuth
+ */
+export type SAMLAuthJson = {
+    /**
+     * The private key in PEM format
+     * The content of the file must be PEM format after decoding
+     * The content must contain a PRIVATE KEY block
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File private_key = 1;
+     */
+    privateKey?: FileJson;
+    /**
+     * The certificate in PEM format
+     * The content of the file must be PEM format after decoding
+     * If a certificate chain is presented. The server certificate must be the first one
+     *
+     * @generated from field: mochabugapis.adapt.plugins.v1.File certificate = 2;
+     */
+    certificate?: FileJson;
+};
+/**
+ * Describes the message mochabugapis.adapt.plugins.v1.SAMLAuth.
+ * Use `create(SAMLAuthSchema)` to create a new message.
+ */
+export declare const SAMLAuthSchema: GenMessage<SAMLAuth, {
+    jsonType: SAMLAuthJson;
+}>;
+/**
+ * The algorithm used for signing JWT or SAML assertions
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.PrivateKeyAlg
+ */
+export declare enum PrivateKeyAlg {
+    /**
+     * Unknown algorithm (invalid)
+     *
+     * @generated from enum value: PRIVATE_KEY_ALG_UNSPECIFIED = 0;
+     */
+    UNSPECIFIED = 0,
+    /**
+     * RS256 algorithm
+     *
+     * @generated from enum value: PRIVATE_KEY_ALG_RS256 = 1;
+     */
+    RS256 = 1
+}
+/**
+ * The algorithm used for signing JWT or SAML assertions
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.PrivateKeyAlg
+ */
+export type PrivateKeyAlgJson = "PRIVATE_KEY_ALG_UNSPECIFIED" | "PRIVATE_KEY_ALG_RS256";
+/**
+ * Describes the enum mochabugapis.adapt.plugins.v1.PrivateKeyAlg.
+ */
+export declare const PrivateKeyAlgSchema: GenEnum<PrivateKeyAlg, PrivateKeyAlgJson>;
+/**
+ * The OAuth2 grant type
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.Oauth2GrantType
+ */
+export declare enum Oauth2GrantType {
+    /**
+     * Not specified (invalid)
+     *
+     * @generated from enum value: OAUTH2_GRANT_TYPE_UNSPECIFIED = 0;
+     */
+    UNSPECIFIED = 0,
+    /**
+     * Authorization Code Grant
+     * grant_type=authorization_code
+     *
+     * @generated from enum value: OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE = 1;
+     */
+    AUTHORIZATION_CODE = 1,
+    /**
+     * Client Credentials Grant
+     * grant_type=client_credentials
+     *
+     * @generated from enum value: OAUTH2_GRANT_TYPE_CLIENT_CREDENTIALS = 2;
+     */
+    CLIENT_CREDENTIALS = 2,
+    /**
+     * JWT Bearer Assertion Grant
+     * grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer
+     *
+     * @generated from enum value: OAUTH2_GRANT_TYPE_JWT_BEARER = 3;
+     */
+    JWT_BEARER = 3,
+    /**
+     * SAML 2.0 Bearer Assertion Grant
+     * grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer
+     *
+     * @generated from enum value: OAUTH2_GRANT_TYPE_SAML2_BEARER = 4;
+     */
+    SAML2_BEARER = 4
+}
+/**
+ * The OAuth2 grant type
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.Oauth2GrantType
+ */
+export type Oauth2GrantTypeJson = "OAUTH2_GRANT_TYPE_UNSPECIFIED" | "OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE" | "OAUTH2_GRANT_TYPE_CLIENT_CREDENTIALS" | "OAUTH2_GRANT_TYPE_JWT_BEARER" | "OAUTH2_GRANT_TYPE_SAML2_BEARER";
+/**
+ * Describes the enum mochabugapis.adapt.plugins.v1.Oauth2GrantType.
+ */
+export declare const Oauth2GrantTypeSchema: GenEnum<Oauth2GrantType, Oauth2GrantTypeJson>;
+/**
+ * The OAuth2 client authentication method
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.Oauth2AuthType
+ */
+export declare enum Oauth2AuthType {
+    /**
+     * Not specified (invalid)
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_UNSPECIFIED = 0;
+     */
+    UNSPECIFIED = 0,
+    /**
+     * Basic Authentication (client ID and secret in Authorization header)
+     * client_secret_basic
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_BASIC = 1;
+     */
+    BASIC = 1,
+    /**
+     * Form Authentication (client ID and secret in form body)
+     * client_secret_post
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_FORM = 2;
+     */
+    FORM = 2,
+    /**
+     * Private Key JWT Authentication
+     * client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_PRIVATE_KEY_JWT = 3;
+     */
+    PRIVATE_KEY_JWT = 3,
+    /**
+     * Mutual TLS Authentication
+     * tls_client_auth / self_signed_tls_client_auth
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_MTLS = 4;
+     */
+    MTLS = 4,
+    /**
+     * SAML 2.0 Bearer Assertion for Client Authentication
+     * client_assertion_type=urn:ietf:params:oauth:client-assertion-type:saml2-bearer
+     *
+     * @generated from enum value: OAUTH2_AUTH_TYPE_SAML2_BEARER = 5;
+     */
+    SAML2_BEARER = 5
+}
+/**
+ * The OAuth2 client authentication method
+ *
+ * @generated from enum mochabugapis.adapt.plugins.v1.Oauth2AuthType
+ */
+export type Oauth2AuthTypeJson = "OAUTH2_AUTH_TYPE_UNSPECIFIED" | "OAUTH2_AUTH_TYPE_BASIC" | "OAUTH2_AUTH_TYPE_FORM" | "OAUTH2_AUTH_TYPE_PRIVATE_KEY_JWT" | "OAUTH2_AUTH_TYPE_MTLS" | "OAUTH2_AUTH_TYPE_SAML2_BEARER";
+/**
+ * Describes the enum mochabugapis.adapt.plugins.v1.Oauth2AuthType.
+ */
+export declare const Oauth2AuthTypeSchema: GenEnum<Oauth2AuthType, Oauth2AuthTypeJson>;
+//# sourceMappingURL=oauth2_service_pb.d.ts.map