package sso

import (
	"context"

	"atlas9.dev/c/core"
	"atlas9.dev/c/core/iam"
)

// TODO how am i going to encrypt secrets?
type Config struct {
	ID     core.ID
	Tenant core.ID
	Name   string

	// OAuth2 credentials
	ClientID     string
	ClientSecret string

	// Scopes to request (e.g. []string{"openid", "email", "profile"})
	Scopes []string

	IssuerUrl     string
	JwksUrl       string
	AuthUrl       string
	DeviceAuthUrl string
	TokenUrl      string
}

var (
	Cap_Sso_Write = iam.NewCap("Cap_Sso_Write")
	Cap_Sso_Read  = iam.NewCap("Cap_Sso_Read")
)

type Store interface {
	Save(ctx context.Context, c *Config) error
	Get(ctx context.Context, tenant, id core.ID) (*Config, error)
	List(ctx context.Context, tenant core.ID) (*core.Page[Config], error)
	Delete(ctx context.Context, tenant, id core.ID) (*Config, error)
	GetByDomain(ctx context.Context, tenant, domain core.ID) (*Config, error)
	SetDomainOwner(ctx context.Context, tenant, domain, config core.ID) error
}