defmodule Boruta.Oauth.Introspect do
  @moduledoc """
  Access token introspection
  """

  alias Boruta.Oauth.Authorization
  alias Boruta.Oauth.Error
  alias Boruta.Oauth.IntrospectRequest
  alias Boruta.Oauth.Token

  @doc """
  Returns corresponding token for the given `Boruta.Oauth.IntrospectRequest`

  Note : Invalid tokens returns an error `{:error, %Error{error: :invalid_access_token, ...}}`. That must be rescued to return `%{"active" => false}` in application implementation.
  ## Examples
      iex> token(%IntrospectRequest{
        client_id: "client_id",
        client_secret: "client_secret",
        token: "token"
      })
      {:ok, %Token{...}}
  """
  @spec token(request :: IntrospectRequest.t()) ::
          {:ok, token :: Token.t()}
          | {:error, error :: Error.t()}
  def token(%IntrospectRequest{
        client_id: client_id,
        client_authentication: client_source,
        token: token
      }) do
    with {:ok, _client} <-
           Authorization.Client.authorize(
             id: client_id,
             source: client_source,
             grant_type: "introspect"
           ),
         {:ok, token} <- Authorization.AccessToken.authorize(value: token) do
      {:ok, token}
    else
      {:error, %Error{} = error} -> {:error, error}
    end
  end
end