/*
 * Copyright (C) 2023 Jonni Liljamo <jonni@liljamo.com>
 *
 * This file is licensed under AGPL-3.0-or-later, see NOTICE and LICENSE for
 * more information.
 */
package auth

import (
	"context"
	"errors"

	"github.com/coreos/go-oidc/v3/oidc"
	"golang.org/x/oauth2"
)

type Auth struct {
	*oidc.Provider
	oauth2.Config
}

func NewAuth() (*Auth, error) {
	provider, config, err := NewProviderAndConfig()
	if err != nil {
		return nil, err
	}

	return &Auth{
		Provider: provider,
		Config: config,
	}, nil
}

func (a *Auth) VerifyIDToken(c context.Context, token *oauth2.Token) (*oidc.IDToken, error) {
	idToken, ok := token.Extra("id_token").(string)
	if !ok {
		return nil, errors.New("No id_token field in oauth2 token")
	}

	oidcConfig := &oidc.Config{
		ClientID: a.ClientID,
	}

	return a.Verifier(oidcConfig).Verify(c, idToken)
}