package domain

import "testing"

func TestHydraClient_HeadlessLoginFlags(t *testing.T) {
	t.Run("metadata-backed headless login client is supported", func(t *testing.T) {
		client := HydraClient{
			TokenEndpointAuthMethod: "none",
			Metadata: map[string]any{
				"headless_login_enabled":              true,
				"headless_token_endpoint_auth_method": "private_key_jwt",
				"headless_jwks_uri":                   "https://rp.example.com/.well-known/jwks.json",
			},
		}

		if !client.SupportsHeadlessLogin() {
			t.Fatalf("expected metadata-backed headless login client")
		}
		if !client.IsHeadlessLoginEnabled() {
			t.Fatalf("expected metadata-backed headless login enabled")
		}
	})

	t.Run("inline jwks without jwks uri does not support headless login", func(t *testing.T) {
		client := HydraClient{
			TokenEndpointAuthMethod: "private_key_jwt",
			JWKS: map[string]any{
				"keys": []map[string]any{{
					"kty": "RSA",
				}},
			},
			Metadata: map[string]any{
				"headless_login_enabled": true,
			},
		}

		if client.SupportsHeadlessLogin() {
			t.Fatalf("expected headless login prerequisites to be missing")
		}
		if client.IsHeadlessLoginEnabled() {
			t.Fatalf("expected headless login disabled without jwks uri")
		}
	})

	t.Run("jwks uri without private_key_jwt does not support headless login", func(t *testing.T) {
		client := HydraClient{
			TokenEndpointAuthMethod: "none",
			JWKSUri:                 "https://rp.example.com/.well-known/jwks.json",
			Metadata: map[string]any{
				"headless_login_enabled": true,
			},
		}

		if client.SupportsHeadlessLogin() {
			t.Fatalf("expected headless login prerequisites to be missing")
		}
		if client.IsHeadlessLoginEnabled() {
			t.Fatalf("expected headless login disabled when prerequisites are missing")
		}
	})

	t.Run("headless login client without boolean metadata flag is not enabled", func(t *testing.T) {
		client := HydraClient{
			TokenEndpointAuthMethod: "private_key_jwt",
			JWKSUri:                 "https://rp.example.com/.well-known/jwks.json",
			Metadata: map[string]any{
				"headless_login_enabled": "true",
			},
		}

		if !client.SupportsHeadlessLogin() {
			t.Fatalf("expected headless login client")
		}
		if client.IsHeadlessLoginEnabled() {
			t.Fatalf("expected headless login disabled for non-bool metadata")
		}
	})
}