package OIDC::Lite::Server::GrantHandler::AuthorizationCode;
use strict;
use warnings;
use parent 'OAuth::Lite2::Server::GrantHandler';

use Carp ();
use OAuth::Lite2::Server::Error;
use OAuth::Lite2::ParamMethod::AuthHeader;

sub handle_request {
    my ($self, $dh) = @_;

    my $req = $dh->request;

    my $parser = OAuth::Lite2::ParamMethod::AuthHeader->new;
    my $header_credentials = $parser->basic_credentials($req);
    my $client_id = ($header_credentials->{client_id}) ? $header_credentials->{client_id} : $req->param("client_id");

    my $code = $req->param("code")
        or OAuth::Lite2::Server::Error::InvalidRequest->throw(
            description => "'code' not found"
        );

    my $redirect_uri = $req->param("redirect_uri")
        or OAuth::Lite2::Server::Error::InvalidRequest->throw(
            description => "'redirect_uri' not found"
        );

    my $server_state = $req->param("server_state");

    my $auth_info = $dh->get_auth_info_by_code($code)
        or OAuth::Lite2::Server::Error::InvalidGrant->throw;

    Carp::croak "OAuth::Lite2::Server::DataHandler::get_auth_info_by_code doesn't return OAuth::Lite2::Model::AuthInfo"
        unless ($auth_info
            && $auth_info->isa("OIDC::Lite::Model::AuthInfo"));

    OAuth::Lite2::Server::Error::InvalidClient->throw
        unless ($auth_info->client_id eq $client_id);

    OAuth::Lite2::Server::Error::RedirectURIMismatch->throw
        unless ( $auth_info->redirect_uri
            && $auth_info->redirect_uri eq $redirect_uri);

    if ( $auth_info->server_state ) {
        OAuth::Lite2::Server::Error::InvalidServerState->throw
            unless ( $server_state and $server_state eq $auth_info->server_state );
    } else {
        OAuth::Lite2::Server::Error::InvalidServerState->throw if ( $server_state );
    }

    my $access_token = $dh->create_or_update_access_token(
        auth_info => $auth_info,
    );
    Carp::croak "OAuth::Lite2::Server::DataHandler::create_or_update_access_token doesn't return OAuth::Lite2::Model::AccessToken"
        unless ($access_token
            && $access_token->isa("OAuth::Lite2::Model::AccessToken"));

    my $res = {
        token_type => 'Bearer',
        access_token => $access_token->token,
    };

    $res->{expires_in} = $access_token->expires_in
        if $access_token->expires_in;
    $res->{refresh_token} = $auth_info->refresh_token
        if $auth_info->refresh_token;
    $res->{scope} = $auth_info->scope
        if $auth_info->scope;

    # ID Token
    $res->{id_token} = $auth_info->id_token
        if $auth_info->id_token;

    return $res;
}

=head1 NAME

OIDC::Lite::Server::GrantHandler::AuthorizationCode - handler for 'authorization-code' grant_type request

=head1 SYNOPSIS

    my $handler = OIDC::Lite::Server::GrantHandler::AuthorizationCode->new;
    my $res = $handler->handle_request( $data_handler );

=head1 DESCRIPTION

handler for 'authorization-code' grant_type request.

=head1 METHODS

=head2 handle_request( $req )

See L<OAuth::Lite2::Server::GrantHandler> document.

=head1 AUTHOR

Ryo Ito, E<lt>ritou.06@gmail.comE<gt>

=head1 COPYRIGHT AND LICENSE

Copyright (C) 2012 by Ryo Ito

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.8 or,
at your option, any later version of Perl 5 you may have available.

=cut

1;