defmodule Assent.Strategy.Slack do
  @moduledoc """
  Slack OAuth 2.0 OpenID Connect strategy.

  The Slack user endpoint does not provide data on email verification, email is
  considered unverified.

  ## Configuration

  - `:team_id` - The team id to restrict authorization for, optional, defaults to nil

  See `Assent.Strategy.OAuth2` for more.

  ## Usage

      config = [
        client_id: "REPLACE_WITH_CLIENT_ID",
        client_secret: "REPLACE_WITH_CLIENT_SECRET"
      ]

  By default, the user can decide what team should be used for authorization.
  If you want to limit to a specific team, please pass a team id to the
  configuration:

      config = [
        client_id: "REPLACE_WITH_CLIENT_ID",
        client_secret: "REPLACE_WITH_CLIENT_SECRET",
        team_id: "XXXXXXX"
      ]

  This value will be not be used if you set a `authorization_params` key.
  Instead you should set `team: TEAM_ID` in the `authorization_params` keyword
  list.
  """
  use Assent.Strategy.OIDC.Base

  alias Assent.Config

  @impl true
  def default_config(config) do
    [
      site: "https://slack.com",
      authorization_params: authorization_params(config),
      client_authentication_method: "client_secret_post"
    ]
  end

  defp authorization_params(config) do
    default = [scope: "openid email profile"]
    case Config.fetch(config, :team_id) do
      {:ok, team_id} -> Config.put(default, :team, team_id)
      _error         -> default
    end
  end
end