using OTSSignsOrchestrator.Core.Models.DTOs;

namespace OTSSignsOrchestrator.Core.Services;

/// <summary>
/// Provisions SAML applications in Authentik and retrieves IdP metadata
/// needed to render the Xibo SAML settings-custom.php template.
/// </summary>
public interface IAuthentikService
{
    /// <summary>
    /// Creates an Authentik SAML provider and application for the given Xibo instance,
    /// then fetches the IdP metadata (entity ID, x509 cert, SSO/SLO URLs).
    /// If the application already exists (by slug), returns its existing metadata.
    /// </summary>
    /// <param name="instanceAbbrev">Short customer abbreviation (used in naming).</param>
    /// <param name="instanceBaseUrl">Full base URL of the Xibo instance (e.g. https://app.ots-signs.com/demo).</param>
    /// <param name="ct">Cancellation token.</param>
    /// <returns>IdP metadata needed for the SAML PHP configuration.</returns>
    Task<AuthentikSamlConfig> ProvisionSamlAsync(
        string instanceAbbrev,
        string instanceBaseUrl,
        CancellationToken ct = default);
}