/**
 * Supports parsing tunnel access token JWT properties to allow for some pre-validation
 * and diagnostics.
 *
 * Applications generally should not attempt to interpret or rely on any token properties
 * other than `expiration`, because the service may change or omit those claims in the future.
 * Other claims are exposed here only for diagnostic purposes.
 */
export declare class TunnelPlanTokenProperties {
    readonly clusterId?: string | undefined;
    readonly issuer?: string | undefined;
    readonly expiration?: Date | undefined;
    readonly userEmail?: string | undefined;
    readonly tunnelPlanId?: string | undefined;
    readonly subscriptionId?: string | undefined;
    readonly scopes?: string[] | undefined;
    private constructor();
    /**
     * Checks if the tunnel access token expiration claim is in the past.
     *
     * (Does not throw if the token is an invalid format.)
     */
    static validateTokenExpiration(token: string): void;
    /**
     * Attempts to parse a tunnel access token (JWT). This does NOT validate the token
     * signature or any claims.
     */
    static tryParse(token: string): TunnelPlanTokenProperties | null;
    /**
     * Gets the tunnal access token trace string.
     * 'none' if null or undefined, parsed token info if can be parsed, or 'token' if cannot be parsed.
     */
    static getTokenTrace(token?: string | null | undefined): string;
    private static base64UrlDecode;
}
//# sourceMappingURL=tunnelPlanTokenProperties.d.ts.map