import NextAuth, { NextAuthOptions } from "next-auth";
import KeycloakProvider from "next-auth/providers/keycloak";

export const authOptions: NextAuthOptions = {
  providers: [
    KeycloakProvider({
      clientId: process.env.KEYCLOAK_CLIENT_ID!,
      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
      issuer: process.env.KEYCLOAK_ISSUER!,
      // Personnalisation de la fonction profile pour inclure le rôle de Keycloak
      profile(profileData) {
        return {
          id: profileData.sub,
          first_name: profileData.given_name,
          last_name: profileData.family_name,
          username: profileData.preferred_username,
          email: profileData.email,
          role: profileData.realm_roles,
        };
      },
    }),
  ],
  callbacks: {
    async jwt({ token, account, profile }) {
      console.log("Token", token);
      console.log("Account", account);
      console.log("Profile", profile);
      // Au moment de la première connexion, sauvegarde de l'access token et du rôle dans le JWT
      if (account && profile) {
        token.accessToken = account.access_token;
        token.first_name = profile.given_name;
        token.last_name = profile.family_name;
        token.username = profile.preferred_username;
        token.role = profile.realm_roles;
      }
      return token;
    },
    async session({ session, token }) {
      // On injecte l'access token et le rôle dans la session accessible côté client
      session.accessToken = token.accessToken as string;
      session.user.first_name = token.first_name as string;
      session.user.last_name = token.last_name as string;
      session.user.username = token.username as string;
      session.user.role = token.role as string[];
      return session;
    },
  },
  session: {
    strategy: "jwt",
  },
};

const handler = NextAuth(authOptions);

export { handler as GET, handler as POST };