import environment from './environment';

interface AuthentikConfig {
  issuer: string;
  clientId: string;
  clientSecret: string;
  redirectUri: string;
  tokenEndpoint: string;
  userInfoEndpoint: string;
  authorizeEndpoint: string;
  logoutEndpoint: string;
}

// Authentik's shared endpoints live at /application/o/, not at the per-app issuer path.
// Issuer example: https://auth.example.com/application/o/myapp/
// Token endpoint:  https://auth.example.com/application/o/token/
const issuerUrl = new URL(environment.authentik.issuer);
const pathParts = issuerUrl.pathname.split('/').filter(Boolean);
const basePath = '/' + pathParts.slice(0, -1).join('/') + '/';
const baseEndpoint = `${issuerUrl.origin}${basePath}`;

const authentikConfig: AuthentikConfig = {
  issuer: environment.authentik.issuer,
  clientId: environment.authentik.clientId,
  clientSecret: environment.authentik.clientSecret,
  redirectUri: environment.authentik.redirectUri,
  tokenEndpoint: `${baseEndpoint}token/`,
  userInfoEndpoint: `${baseEndpoint}userinfo/`,
  authorizeEndpoint: `${baseEndpoint}authorize/`,
  logoutEndpoint: `${baseEndpoint}end-session/`,
};

export default authentikConfig;