package authz

import (
	"testing"

	"github.com/oauth2-proxy/mockoidc"
	"github.com/stretchr/testify/require"
	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
)

func TestIDToken(t *testing.T) {
	idp := web.NewOIDCServer(t)
	defer idp.Close()

	t.Run("when the token is valid", func(t *testing.T) {
		user := mockoidc.DefaultUser()
		_, rawIDToken := idp.CreateTokensFor(user)
		token, err := NewIDToken(rawIDToken)

		require.NoError(t, err)
		require.NotNil(t, token)
	})

	t.Run("when the token is invalid", func(t *testing.T) {
		token, err := NewIDToken("invalid")

		require.Error(t, err)
		require.Nil(t, token)
	})
}