using OTSSignsOrchestrator.Core.Models.DTOs;

namespace OTSSignsOrchestrator.Core.Services;

/// <summary>
/// Provisions SAML applications in Authentik and retrieves IdP metadata
/// needed to render the Xibo SAML settings-custom.php template.
/// </summary>
public interface IAuthentikService
{
    /// <summary>
    /// Creates an Authentik SAML provider and application for the given Xibo instance,
    /// then fetches the IdP metadata (entity ID, x509 cert, SSO/SLO URLs).
    /// If the application already exists (by slug), returns its existing metadata.
    /// </summary>
    Task<AuthentikSamlConfig> ProvisionSamlAsync(
        string instanceAbbrev,
        string instanceBaseUrl,
        CancellationToken ct = default);

    /// <summary>
    /// Tests the connection to Authentik by fetching the current user.
    /// Optionally accepts override URL/key for testing before saving.
    /// </summary>
    Task<(bool Success, string Message)> TestConnectionAsync(
        string? overrideUrl = null,
        string? overrideApiKey = null,
        CancellationToken ct = default);

    /// <summary>
    /// Returns all available flows from Authentik.
    /// </summary>
    Task<List<AuthentikFlowItem>> ListFlowsAsync(
        string? overrideUrl = null,
        string? overrideApiKey = null,
        CancellationToken ct = default);

    /// <summary>
    /// Returns all certificate keypairs from Authentik.
    /// </summary>
    Task<List<AuthentikKeypairItem>> ListKeypairsAsync(
        string? overrideUrl = null,
        string? overrideApiKey = null,
        CancellationToken ct = default);
}