from aws_lambda_powertools.event_handler.api_gateway import Router

from config import ISSUER, JWT_ALGORITHM, OAUTH2_SCOPES_SUPPORTED

router = Router()


@router.get('/.well-known/openid-configuration')
def openid_configuration():
    return {
        'issuer': ISSUER,
        'authorization_endpoint': f'{ISSUER}/authorize',
        'token_endpoint': f'{ISSUER}/token',
        'revocation_endpoint': f'{ISSUER}/revoke',
        'userinfo_endpoint': f'{ISSUER}/userinfo',
        'jwks_uri': f'{ISSUER}/jwks.json',
        'scopes_supported': OAUTH2_SCOPES_SUPPORTED.split(),
        'response_types_supported': ['code'],
        'grant_types_supported': ['authorization_code', 'refresh_token'],
        'subject_types_supported': ['public'],
        'id_token_signing_alg_values_supported': [JWT_ALGORITHM],
        'token_endpoint_auth_methods_supported': [
            'client_secret_basic',
            'client_secret_post',
            'none',
        ],
    }