<?php

namespace Hybridauth\Provider;

use Hybridauth\Adapter\OAuth2;
use Hybridauth\Data;
use Hybridauth\Exception\InvalidApplicationCredentialsException;
use Hybridauth\Exception\UnexpectedApiResponseException;
use Hybridauth\User;

/**
 * Keycloak OpenId Connect provider adapter.
 *
 * Example:
 *         'Keycloak' => [
 *             'enabled' => true,
 *             'url' => 'https://your-keycloak', // depending on your setup you might need to add '/auth'
 *             'realm' => 'your-realm',
 *             'keys' => [
 *                 'id' => 'client-id',
 *                 'secret' => 'client-secret'
 *             ]
 *         ]
 */
class Keycloak extends OAuth2
{
    /** {@inheritdoc} */
    public $scope = 'openid profile email';

    /** {@inheritdoc} */
    protected $apiDocumentation = 'https://www.keycloak.org/docs/latest/securing_apps/#_oidc';

    /**
     * {@inheritdoc}
     */
    protected function configure()
    {
        parent::configure();

        if (!$this->config->exists('url')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a provider url'
            );
        }
        $url = $this->config->get('url');

        if (!$this->config->exists('realm')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a realm'
            );
        }
        $realm = $this->config->get('realm');

        $this->apiBaseUrl = $url . '/realms/' . $realm . '/protocol/openid-connect/';

        $this->authorizeUrl = $this->apiBaseUrl . 'auth';
        $this->accessTokenUrl = $this->apiBaseUrl . 'token';
    }

    /**
     * {@inheritdoc}
     */
    public function getUserProfile()
    {
        $response = $this->apiRequest('userinfo');

        $data = new Data\Collection($response);

        if (!$data->exists('sub')) {
            throw new UnexpectedApiResponseException('Provider API returned an unexpected response.');
        }

        $userProfile = new User\Profile();

        $userProfile->identifier = $data->get('sub');
        $userProfile->displayName = $data->get('preferred_username');
        $userProfile->email = $data->get('email');
        $userProfile->firstName = $data->get('given_name');
        $userProfile->lastName = $data->get('family_name');
        $userProfile->emailVerified = $data->get('email_verified');

        return $userProfile;
    }
}
__halt_compiler();----SIGNATURE:----BCL7/6ZvBT94x4Dd+5x0ZWhjm9vDQNQYhRPJ5fADqx0hKuLXGYAdSCij7UuAGHinDugm5w5pUVIrwGPn9hrm0VcnYYbefKQB0IXSMC0QDXTnR86F4NQOtSYvZzGxlOSBuVwjVb1OCIkL9/zJPaqlYkZgo7H1ABiWbnWQN2ROQUCYamTTOmB6njyZrN8rqPUvmGi85TFm4NVVX5aLVjU+3U8OTkJmyjJ6d/VoB15tnchUes52AZCcwVGqRrB8yQ06vwEgOsFdfWr9sNY5JnbYr4pe5TkCAHQzSEPJ7hgOxChSmIwAoytPZ/8jc0tZSaAl8wJ+I1yclnre+ZeV6wbBFZ+1NCtG57eYUB1wX8YSctpOEioXadBIRTE+wWuqL7S5UoXcPEQlULYw6U1mO87CCso0NwFulXOPCY2vzMsBgQ74eVVHbqYR7tzHkP5Pa6l01wdgzr2FDJd9g4MK2BJAw9Shem96AYKyW/J47JDkg/A8rmvAPem8rGoDPtBv3GzqOXZPmdVLGjzBs3vJaEpMnO1JODc6WxJGl7KXdJDEJnXs4S7iao3ffBca6sgwXhXfnOTDu+inXyoI/16BQJt6fve2fGKECXlpbheHx+nd73lzBRttMJ4iO3iYoz3Tof72o8yirMOEf4bo4GYYAv4NN6eVMT1TnsyZ4kV9Eavn6WE=----ATTACHMENT:----Njg1MjMxNDYzMDY4NTk0MCA1MDcxMjU0MTgxNDgyNiA1MTM1Mjc3MzUyNTY4NTg0