package sso

import (
	"context"
	"testing"
	"time"

	"github.com/golang-jwt/jwt/v5"
)

func TestVerifyAccessTokenHMAC(t *testing.T) {
	secret := "test-secret-123"
	issuer := "http://localhost:8080"
	aud := []string{"client:1"}

	if err := Init(context.Background(), "", issuer, aud, secret); err != nil {
		t.Fatalf("Init error: %v", err)
	}

	claims := &AccessTokenClaims{
		Scope: "openid profile",
		RegisteredClaims: jwt.RegisteredClaims{
			Issuer:    issuer,
			Subject:   "user:1",
			Audience:  jwt.ClaimStrings(aud),
			IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Minute)),
			ExpiresAt: jwt.NewNumericDate(time.Now().Add(5 * time.Minute)),
		},
	}
	token, err := jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte(secret))
	if err != nil {
		t.Fatalf("sign token error: %v", err)
	}

	result, err := VerifyAccessToken(token)
	if err != nil {
		t.Fatalf("VerifyAccessToken error: %v", err)
	}
	if result.UserID != 1 {
		t.Fatalf("unexpected user id: %d", result.UserID)
	}
}