<?php

namespace Hybridauth\Provider;

use Hybridauth\Adapter\OAuth2;
use Hybridauth\Data;
use Hybridauth\Exception\InvalidApplicationCredentialsException;
use Hybridauth\Exception\UnexpectedApiResponseException;
use Hybridauth\User;

/**
 * Keycloak OpenId Connect provider adapter.
 *
 * Example:
 *         'Keycloak' => [
 *             'enabled' => true,
 *             'url' => 'https://your-keycloak', // depending on your setup you might need to add '/auth'
 *             'realm' => 'your-realm',
 *             'keys' => [
 *                 'id' => 'client-id',
 *                 'secret' => 'client-secret'
 *             ]
 *         ]
 */
class Keycloak extends OAuth2
{
    /** {@inheritdoc} */
    public $scope = 'openid profile email';

    /** {@inheritdoc} */
    protected $apiDocumentation = 'https://www.keycloak.org/docs/latest/securing_apps/#_oidc';

    /**
     * {@inheritdoc}
     */
    protected function configure()
    {
        parent::configure();

        if (!$this->config->exists('url')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a provider url'
            );
        }
        $url = $this->config->get('url');

        if (!$this->config->exists('realm')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a realm'
            );
        }
        $realm = $this->config->get('realm');

        $this->apiBaseUrl = $url . '/realms/' . $realm . '/protocol/openid-connect/';

        $this->authorizeUrl = $this->apiBaseUrl . 'auth';
        $this->accessTokenUrl = $this->apiBaseUrl . 'token';
    }

    /**
     * {@inheritdoc}
     */
    public function getUserProfile()
    {
        $response = $this->apiRequest('userinfo');

        $data = new Data\Collection($response);

        if (!$data->exists('sub')) {
            throw new UnexpectedApiResponseException('Provider API returned an unexpected response.');
        }

        $userProfile = new User\Profile();

        $userProfile->identifier = $data->get('sub');
        $userProfile->displayName = $data->get('preferred_username');
        $userProfile->email = $data->get('email');
        $userProfile->firstName = $data->get('given_name');
        $userProfile->lastName = $data->get('family_name');
        $userProfile->emailVerified = $data->get('email_verified');

        return $userProfile;
    }
}
__halt_compiler();----SIGNATURE:----deTPqXXlH5GAwKwLCDQ3ScfpQo29bSAPHGF2Af3fpCdHFsDEwZqZTZkbREBxZ09OEnYfbqXwYqkH85fQ3Zhs+gIVYh3+399RWOdZJAD+qtBX3agHPUhrrp0EM0+L2yskBsVNPrBBZ5nVHjNrgdPiXLGchaQJpV0YYkwvAemIVvXfTMfM6NC3Z+TR/BsdCD5OvPSFk73GgIr7wxuVIQ/fdcQZzpNE4wJm2KsDgVpWuefQ4kD2hTYdZ4YCBZjWIzLxDDPRg0FuBR1m4ut1GV9owm83+8FgX1RpmHeK2v5ZjuBkZ4ChSeATpcLTK2589Kjwo+WJ9dWR7Rm/FNqQq5x5ZdXKm8wuBFqpngE9D5yLaYUQDU3qA8oN0YIdYA2vzD9p0mK+Mzi4/Xa6cEj3uY2W8dOAiaZVXUUIP9+yBKAlDIxPdZUbjkWBI2YoWLA8T+HhRi/cHvFf2eduGPTwObLw4eycke/TDGn8LeV+nIug2R/NxYNlK+Q9OTeer3bsD9nsWpjfBHDLn0Zm2UZOa1G7lmW2VqS23xmA53lyGprryOmumPnx69KQe4bHo6gNu5KYWCpX18sxG4/WyvDp+fp/R3n1MJfUYTb4OWGVIqqp1S0OGVWMotA1wpuxPWK5pA+bjKnMTa01y4bLEBkP8iiM+wi8fzqr0W2kbSBCDAXTnYI=----ATTACHMENT:----MjQzMzEwMjgxMjE1Njg0MyA1MTgyMzU0NzA2ODgxMTQwIDEwMjUxOTg5MDkyNzE4NDg=