import { TurboModuleRegistry, type TurboModule } from 'react-native';
import type { ApiCredentials, Credentials } from '../types';

type Int32 = number;
export interface Spec extends TurboModule {
  /**
   * Get the bundle identifier
   */
  getBundleIdentifier(): Promise<string>;

  /**
   * Check if the Auth0 instance is valid with the given configuration
   */
  hasValidAuth0InstanceWithConfiguration(
    clientId: string,
    domain: string
  ): Promise<boolean>;

  /**
   * Initialize Auth0 with the given configuration
   */
  initializeAuth0WithConfiguration(
    clientId: string,
    domain: string,
    localAuthenticationOptions:
      | { [key: string]: string | Int32 | boolean }
      | undefined,
    useDPoP: boolean | undefined,
    maxRetries: Int32
  ): Promise<void>;

  /**
   * Save credentials
   */
  saveCredentials(credentials: {
    [key: string]: string | Int32;
  }): Promise<void>;

  /**
   * Get credentials with the given scope
   */
  getCredentials(
    scope: string | undefined,
    minTTL: Int32,
    parameters: Object,
    forceRefresh: boolean
  ): Promise<Credentials>;

  /**
   * Check if there are valid credentials
   */
  hasValidCredentials(minTTL: Int32): Promise<boolean>;

  /**
   * Clear credentials
   */
  clearCredentials(): Promise<void>;

  /**
   * Get API credentials for a specific audience
   */
  getApiCredentials(
    audience: string,
    scope: string | undefined,
    minTTL: Int32,
    parameters: Object
  ): Promise<ApiCredentials>;

  /**
   * Clear API credentials for a specific audience. Optionally filter by scope.
   * @param audience The audience to clear credentials for.
   * @param scope The scope to clear credentials for. If not provided, clears all credentials for the audience.
   */
  clearApiCredentials(
    audience: string,
    scope: string | undefined
  ): Promise<void>;

  /**
   * Start web authentication
   */
  webAuth(
    scheme: string,
    redirectUri: string,
    state: string | undefined,
    nonce: string | undefined,
    audience: string | undefined,
    scope: string | undefined,
    connection: string | undefined,
    maxAge: Int32 | undefined,
    organization: string | undefined,
    invitationUrl: string | undefined,
    leeway: Int32 | undefined,
    ephemeralSession: boolean | undefined,
    safariViewControllerPresentationStyle: Int32 | undefined,
    additionalParameters: { [key: string]: string } | undefined
  ): Promise<Credentials>;

  /**
   * Logout from web authentication
   */
  webAuthLogout(
    scheme: string,
    federated: boolean,
    redirectUri: string
  ): Promise<void>;

  /**
   * Resume web authentication
   */
  resumeWebAuth(url: string): Promise<void>;

  /**
   * Cancel web authentication
   */
  cancelWebAuth(): Promise<void>;

  /**
   * Get the DPoP headers for a request
   */
  getDPoPHeaders(
    url: string,
    method: string,
    accessToken: string,
    tokenType: string,
    nonce?: string
  ): Promise<{ [key: string]: string }>;

  /**
   * Clear the DPoP key
   * This method clears the DPoP key from the native module.
   */
  clearDPoPKey(): Promise<void>;

  /**
   * Get session transfer credentials for Native to Web SSO
   */
  getSSOCredentials(
    parameters: Object,
    headers: Object
  ): Promise<{
    sessionTransferToken: string;
    tokenType: string;
    expiresIn: Int32;
    idToken?: string;
    refreshToken?: string;
  }>;

  /**
   * Perform Custom Token Exchange (RFC 8693)
   * Exchanges an external token for Auth0 tokens.
   */
  customTokenExchange(
    subjectToken: string,
    subjectTokenType: string,
    audience: string | undefined,
    scope: string | undefined,
    organization: string | undefined
  ): Promise<Credentials>;
}

export default TurboModuleRegistry.getEnforcing<Spec>('A0Auth0');

export interface LocalAuthenticationOptions {
  /**
   * The title of the authentication prompt. **Applicable for both Android and iOS**.
   */
  title: string;
  /**
   * The subtitle of the authentication prompt. **Applicable for Android only.**
   */
  subtitle: string | undefined;
  /**
   * The description of the authentication prompt. **Applicable for Android only.**
   */
  description: string | undefined;
  /**
   * The cancel button title of the authentication prompt. **Applicable for both Android and iOS.**
   */
  cancelTitle: string | undefined;
  /**
   * The evaluation policy to use when prompting the user for authentication. Defaults to LocalAuthenticationStrategy.deviceOwnerWithBiometrics. **Applicable for iOS only.**
   */
  evaluationPolicy: Int32 | undefined;
  /**
   * The fallback button title of the authentication prompt. **Applicable for iOS only.**
   */
  fallbackTitle: string | undefined;
  /**
   * The authentication level to use when prompting the user for authentication. Defaults to LocalAuthenticationLevel.strong. **Applicable for Android only.**
   */
  authenticationLevel: Int32 | undefined;
  /**
   * Should the user be given the option to authenticate with their device PIN, pattern, or password instead of a biometric. **Applicable for Android only.**
   */
  deviceCredentialFallback: boolean | undefined;
  /**
   * Controls when biometric authentication prompts are shown. **Applicable for both Android and iOS.**
   */
  biometricPolicy: string | undefined;
  /**
   * Timeout in seconds for session and appLifecycle policies. Defaults to 3600 seconds (1 hour). **Applicable for both Android and iOS.**
   */
  biometricTimeout: Int32 | undefined;
}