defmodule Boruta.Oauth.TokenRequest do
  @moduledoc """
  Implicit request

  @typedoc """
  Type representing an implicit request as stated in [OAuth 2.0 RFC]( and [OpenId Connect core 1.0](

  Note : `resource_owner` is an addition that must be provided by the application layer.
  @type t :: %__MODULE__{
          response_types: list(String.t()),
          client_id: String.t(),
          redirect_uri: String.t(),
          state: String.t(),
          scope: String.t(),
          resource_owner: struct(),
          grant_type: String.t(),
          nonce: String.t()
  @enforce_keys [:client_id, :redirect_uri, :resource_owner]
  defstruct client_id: nil,
            redirect_uri: nil,
            state: "",
            scope: "",
            resource_owner: nil,
            grant_type: "implicit",
            nonce: nil,
            response_types: []

  alias Boruta.Oauth.Scope

  @spec require_nonce?(request :: __MODULE__.t()) :: boolean()
  def require_nonce?(%__MODULE__{response_types: response_types, scope: scope}) do
    Scope.contains_openid?(scope) &&
      Enum.member?(response_types, "id_token")