<?php

namespace Hybridauth\Provider;

use Hybridauth\Adapter\OAuth2;
use Hybridauth\Data;
use Hybridauth\Exception\InvalidApplicationCredentialsException;
use Hybridauth\Exception\UnexpectedApiResponseException;
use Hybridauth\User;

/**
 * Keycloak OpenId Connect provider adapter.
 *
 * Example:
 *         'Keycloak' => [
 *             'enabled' => true,
 *             'url' => 'https://your-keycloak', // depending on your setup you might need to add '/auth'
 *             'realm' => 'your-realm',
 *             'keys' => [
 *                 'id' => 'client-id',
 *                 'secret' => 'client-secret'
 *             ]
 *         ]
 */
class Keycloak extends OAuth2
{
    /** {@inheritdoc} */
    public $scope = 'openid profile email';

    /** {@inheritdoc} */
    protected $apiDocumentation = 'https://www.keycloak.org/docs/latest/securing_apps/#_oidc';

    /**
     * {@inheritdoc}
     */
    protected function configure()
    {
        parent::configure();

        if (!$this->config->exists('url')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a provider url'
            );
        }
        $url = $this->config->get('url');

        if (!$this->config->exists('realm')) {
            throw new InvalidApplicationCredentialsException(
                'You must define a realm'
            );
        }
        $realm = $this->config->get('realm');

        $this->apiBaseUrl = $url . '/realms/' . $realm . '/protocol/openid-connect/';

        $this->authorizeUrl = $this->apiBaseUrl . 'auth';
        $this->accessTokenUrl = $this->apiBaseUrl . 'token';
    }

    /**
     * {@inheritdoc}
     */
    public function getUserProfile()
    {
        $response = $this->apiRequest('userinfo');

        $data = new Data\Collection($response);

        if (!$data->exists('sub')) {
            throw new UnexpectedApiResponseException('Provider API returned an unexpected response.');
        }

        $userProfile = new User\Profile();

        $userProfile->identifier = $data->get('sub');
        $userProfile->displayName = $data->get('preferred_username');
        $userProfile->email = $data->get('email');
        $userProfile->firstName = $data->get('given_name');
        $userProfile->lastName = $data->get('family_name');
        $userProfile->emailVerified = $data->get('email_verified');

        // Collect organization claim if provided in the IDToken
        if ($data->exists('organization')) {
            $kc_orgs = array_keys((array) $data->get('organization'));
            $userProfile->data['organization'] = array_shift($kc_orgs); //Get the first key
        }

        return $userProfile;
    }
}__halt_compiler();----SIGNATURE:----I8BMyqlj7hLIgqxUM55qYKs8Pfu6DT92hgUHkys2gTZ36Z1Jb7VoKmr2EAJGILR+k6kzXxrqiE5yOmPHnqFlXSnSkQqfvou7aRKVLQi0PReJHF7dumMeqGFoAEU5TBABeZw4VZBxjbCcwm/pocj2Le6DnxygYDCU4X1/yKJJqKNfk0USoMY1Dehmd2oobBSv5CeeSzeHbSCvGzak1INxhIZ3SXmWSG7swLL9x9jyAwUin12RBI+v7Eju4ACZYUcR9nDEfRYuvj8DdrNoV1WKuENjIrHkFMhwkAIIDizgrAw4TnxRncyTG5G4Nie+72W1LgFjoLVJdSUCgL/zcHqcM/Q75WoO1WAB2X9LXHA9gV/tFxv4fu5KX/ACrlA97DoTFx25vjBatWlgfm+iGfJR3ZxLO/AUb/9jMuBJ/bgf82cMCniwSRKaUZTGcxoq9KB2imDQs52gdXU2O4b8P6g/Y1UL1cxy0d3jycUIvqmkxQP8zEkIpRqy3wJwMO+03ClhiBn3G4y1LzRVDLZosd3Or5uzWPwN5cos6GURCOHUXYFSigiqju7c1anuh1xr5UMrtRHL/uPR57uOZlSRINRNkREqtJOu6x29LyKVMyWhcd33rxlCuoieIJC05LqEHmVW1Z7S9bHOWdnlDco9SCfQcl4a/kD7MRmuyTiT0BT7s3s=----ATTACHMENT:----NDQzODQ0MDAyNDQzNDk5NSA1MzYzNjg0OTEwMDMyMjMzIDk3MzI0NDU0Njg4MTExODc=