<?php

namespace App\User\Framework\Controller\Web;

use App\Base\ConfigResolver;
use Drenso\OidcBundle\OidcClientInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Attribute\Route;

class LoginOidcController extends AbstractController
{

    public function __construct(
        private ConfigResolver $configResolver,
    ) {}

    #[Route('/login/oidc', name: 'app_login_oidc')]
    public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
    {
        if (false === $this->configResolver->authIs('oidc')) {
            throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
        }

        // Redirect to authorization @ OIDC provider
        return $oidcClient->generateAuthorizationRedirect(scopes: ['openid', 'profile']);
    }

    #[Route('/login/oidc/auth', name: 'app_login_oidc_auth')]
    public function oidcAuthenticate(): RedirectResponse
    {
        if (false === $this->configResolver->authIs('oidc')) {
            throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
        }

        throw new \LogicException('This method can be blank - it will be intercepted by the "oidc" key on your firewall.');
    }

    #[Route('/logout/oidc', 'app_logout_oidc')]
    public function oidcLogout(OidcClientInterface $oidcClient, Request $request, Security $security): RedirectResponse
    {
        // ToDo: Configure multiple authentication methods and redirect to the form login here
    }
}