package oidc

import (
	"context"

	"git.tijl.dev/tijl/tijl.dev/internal/config"
	log "git.tijl.dev/tijl/tijl.dev/modules/logger"
	"github.com/coreos/go-oidc/v3/oidc"
	"golang.org/x/oauth2"
)

var Config *oauth2.Config
var Provider *oidc.Provider
var Verifier *oidc.IDTokenVerifier

func Load(ctx context.Context) {
	var err error
	Provider, err = oidc.NewProvider(ctx, config.Config.Oidc.Provider)
	if err != nil {
		log.Fatal().Err(err).Msg("failed to load oidc")
	}

	oidcConfig := &oidc.Config{
		ClientID: config.Config.ClientID,
	}

	Config = &oauth2.Config{
		ClientID:     config.Config.Oidc.ClientID,
		ClientSecret: config.Config.Oidc.ClientSecret,
		RedirectURL:  config.Config.UrlBase + config.Config.Oidc.CallbackUrl,

		Endpoint: Provider.Endpoint(),

		Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
	}

	Verifier = Provider.Verifier(oidcConfig)

	log.Debug().Msg("loaded oidc")
}