package auth

import (
	"context"
	"encoding/json"
	"net/http"
	"net/http/httptest"
	"strings"
	"testing"
)

func TestNewVerifierPublicIssuerInternalFetchURL(t *testing.T) {
	t.Parallel()

	publicIssuer := "http://localhost/auth/application/o/ulti"

	mux := http.NewServeMux()
	mux.HandleFunc("/.well-known/openid-configuration", func(w http.ResponseWriter, r *http.Request) {
		_ = json.NewEncoder(w).Encode(map[string]string{
			"issuer":   publicIssuer,
			"jwks_uri": publicIssuer + "/jwks/",
		})
	})
	mux.HandleFunc("/jwks/", func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Content-Type", "application/json")
		_, _ = w.Write([]byte(`{"keys":[]}`))
	})

	srv := httptest.NewServer(mux)
	t.Cleanup(srv.Close)

	verifier, err := NewVerifier(
		context.Background(),
		strings.TrimSuffix(srv.URL, "/"),
		"ulti-backend",
		"localhost",
	)
	if err != nil {
		t.Fatalf("NewVerifier() error = %v", err)
	}
	if verifier == nil || verifier.verifier == nil {
		t.Fatal("expected verifier")
	}
}