import secrets
from typing import Optional, Literal

from httpx_oauth.clients.openid import OpenID
from httpx_oauth.oauth2 import T


class BankID(OpenID):
    def __init__(self, client_id: str, client_secret: str):
        super().__init__(
            client_id,
            client_secret,
            "https://oidc.sandbox.bankid.cz/.well-known/openid-configuration",
            "BankID",
            base_scopes=["openid", "profile.email", "profile.name"],
        )

    async def get_user_info(self, token: str) -> dict:
        info = await self.get_profile(token)

        return {
            "first_name": info.get("given_name"),
            "last_name": info.get("family_name"),
        }

    async def get_authorization_url(
            self,
            redirect_uri: str,
            state: Optional[str] = None,
            scope: Optional[list[str]] = None,
            code_challenge: Optional[str] = None,
            code_challenge_method: Optional[Literal["plain", "S256"]] = None,
            extras_params: Optional[T] = None,
    ) -> str:
        if extras_params is None:
            extras_params = {}

        # BankID requires random nonce parameter for security
        # https://developer.bankid.cz/docs/security_sep
        extras_params["nonce"] = secrets.token_urlsafe()

        return await super().get_authorization_url(
            redirect_uri,
            state,
            scope,
            code_challenge,
            code_challenge_method,
            extras_params,
        )