package auth

import (
	"encoding/json"
	"net/url"

	"github.com/google/go-querystring/query"
)

type Claim string

const (
	// The email address of the user that authorized the app.
	Email Claim = "email"

	// A Boolean value that indicates whether Twitch has verified the user’s email address. Is true if Twitch has verified the user’s email address.
	EmailVerified Claim = "email_verified"

	// A URL to the user’s profile image if they included one; otherwise, a default image.
	Picture Claim = "picture"

	// The user’s display name.
	PreferredUsername Claim = "preferred_username"

	// The date and time that the user last updated their profile.
	UpdatedAt Claim = "updated_at"
)

// Claims identify information about the user that authorized your app.
//
// To include the non-default claims, include the claims query parameter in your /authorize request.
// Set the claims query parameter to a string-encoded JSON object. The JSON object may contain the id_token and userinfo fields.
// Set id_token field to an object that specifies the claims that you want to include in the ID token,
// and set the userinfo field to an object that specifies the claims that you want to retrieve using the UserInfo endpoint.
// Each claim is a name/value pair, where name is the claim (e.g., email) and value is null.
//
// You may specify the claims in the id_tokenfield or the userinfo field or both fields.
// There are no uniqueness constraints — you may specify the same claim in both fields.
// The following claims object tells the server to include the user’s email and email
// verification state in the ID token and make the user’s profile image available through the UserInfo endpoint.
//
//	 {
//	   "id_token": {
//	      "email": null,
//	      "email_verified": null
//	   },
//	   "userinfo": {
//	     "picture": null
//	   }
//	}
//
// The following example shows the claims query parameter set to the above claims object.
//
// claims={"id_token":{"email":null,"email_verified":null},"userinfo":{"picture":null}}
//
// NOTE If you specify the email or email_verified claims, you must include the user:read:email scope in your list of scopes.
type Claims struct {
	IDToken  map[Claim]any `json:"id_token"`
	UserInfo map[Claim]any `json:"user_info"`
}

var _ query.Encoder = (*Claims)(nil)

// EncodeValues implements query.Encoder.
func (c *Claims) EncodeValues(key string, v *url.Values) error {
	data, err := json.Marshal(c)
	if err != nil {
		return err
	}

	v.Set(key, string(data))
	return nil
}