// auth.js - Gestion de la connexion SSO
const authConfig = {
    authority: "https://idp.a5l.fr/realms/A5L",
    client_id: "soundboard_a5l", // À enregistrer sur votre IdP
    redirect_uri: window.location.origin + "/callback.html",
    response_type: "code",
    scope: "openid profile email"
};

function login() {
  // Construction de l'URL exacte attendue par Keycloak
  const authUrl = `${authConfig.authority}/protocol/openid-connect/auth?` + 
      `client_id=${authConfig.client_id}&` +
      `redirect_uri=${encodeURIComponent(authConfig.redirect_uri)}&` +
      `response_type=${authConfig.response_type}&` +
      `scope=${authConfig.scope}&` +
      `state=${generateState()}`; // Sécurité recommandée
  
  window.location.href = authUrl;
}

// Fonction utilitaire pour le paramètre 'state' (protection CSRF)
function generateState() {
  const charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
  let result = '';
  for (let i = 0; i < 16; i++) {
      result += charset.charAt(Math.floor(Math.random() * charset.length));
  }
  return result;
}

function logout() {
    localStorage.removeItem('auth_token');
    window.location.reload();
}

function checkAuth() {
    const token = localStorage.getItem('auth_token');
    if (!token) {
        document.body.classList.add('not-logged-in');
        return false;
    }
    return true;
}