defmodule SsoBsn.Interactive do
  def allow_registrations(allow \\ true),
    do: Application.put_env(:sso_bsn, :enable_registration, allow)

  def migrate(),
    do:
      Ecto.Migrator.run(SsoBsn.Repo, Application.app_dir(:sso_bsn, "priv/repo/migrations"), :up,
        all: true
      )

  def add_oauth_client(name, redirects, opts \\ []) do
    id = SecureRandom.uuid()
    secret = SecureRandom.hex(64)

    Boruta.Ecto.Admin.create_client(
      %{
        # OAuth client_id
        id: id,
        # OAuth client_secret
        secret: secret,
        # Display name
        name: name,
        # OAuth client redirect_uris
        redirect_uris: redirects,
        # PKCE enabled
        pkce: false,
        # do not require client_secret for refreshing tokens
        public_refresh_token: true,
        # do not require client_secret for revoking tokens
        public_revoke: false,
        # see OAuth 2.0 confidentiality (requires client secret for some flows)
        confidential: false,
        # activable client authentication methods
        token_endpoint_auth_methods: [
          "client_secret_basic",
          "client_secret_post",
          "client_secret_jwt",
          "private_key_jwt"
        ]
      }
      |> Map.merge(opts |> Enum.into(%{}))
    )
    |> dbg()

    {id, secret}
  end
end