package authz

import (
	"encoding/base64"
	"encoding/json"
	"errors"
	"strings"
	"time"
)

type IDToken struct {
	// Audience      []string  `json:"aud"`
	Email         string    `json:"email"`
	EmailVerified bool      `json:"email_verified"`
	ExpiredAt     int64     `json:"exp"`
	IssuedAt      int64     `json:"iat"`
	Issuer        string    `json:"iss"`
	Name          string    `json:"name"`
	Nickname      string    `json:"nickname"`
	Picture       string    `json:"picture"`
	Subject       string    `json:"sub"`
	UpdatedAt     time.Time `json:"updated_at"`
}

func NewIDToken(raw string) (*IDToken, error) {
	sections := strings.SplitN(raw, ".", 3)
	if len(sections) != 3 {
		return nil, errors.New("Invalid token")
	}
	bytes, err := base64.RawURLEncoding.DecodeString(sections[1])
	if err != nil {
		return nil, err
	}

	token := &IDToken{}
	if err := json.Unmarshal(bytes, token); err != nil {
		return nil, err
	}
	return token, nil
}