import { z } from "zod";

import { authorizationDetailsSchema } from "./authorization-details.validator.js";

/**
 * Access Token Payload, as issued by Auth Mock.
 */
export const accessTokenPayloadSchema = (
  credentialTypesSupported: string[][],
) =>
  z
    .object({
      aud: z.union([z.array(z.string().url()), z.string().url()]),
      claims: z
        .object({
          authorization_details: authorizationDetailsSchema(
            credentialTypesSupported,
          ),
          c_nonce: z.string(),
          c_nonce_expires_in: z.number(),
          client_id: z.string().url(),
        })
        .passthrough(),
      exp: z.number(),
      iat: z.number(),
      iss: z.string().url(),
      nonce: z.string(),
      sub: z.string(),
    })
    .passthrough();

export type AccessTokenPayload = z.infer<
  ReturnType<typeof accessTokenPayloadSchema>
>;

/**
 * Access Token Header
 */
export const accessTokenHeaderSchema = z.object({
  alg: z.literal("ES256"),
  kid: z.string(),
  typ: z.literal("JWT"),
});

export type AccessTokenHeader = z.infer<typeof accessTokenHeaderSchema>;