import requests

from authlib.integrations.flask_client import OAuth
from flask import Flask, request, redirect, session, render_template, url_for

app = Flask(__name__)
app.config['SECRET_KEY'] = 'onelogindemopytoolkit'

issuer="https://id.vilanet.fr/realms/vilanet"
clientId="client-oidc"
clientSecret="BqWWnuj5JkgZZWEaXuR8bprEx53lqGxC"

oauth = OAuth(app=app)
oauth.register(
    name="keycloak",
    client_id=clientId,
    client_secret=clientSecret,
    server_metadata_url=f'{issuer}/.well-known/openid-configuration',
    client_kwargs={
        'scope': 'openid email profile',
        'code_challenge_method': 'S256',
    }
)


@app.route("/userinfo")
def userinfo():
    if not 'tokenResponse' in session:
        return "Unauthorized", 401
    tokenResponse = session['tokenResponse']
    access_token = tokenResponse['access_token']
    userInfoEndpoint = f'{issuer}/protocol/openid-connect/userinfo'
    userInfoResponse = requests.post(userInfoEndpoint,
                                     headers={'Authorization': f'Bearer {access_token}', 'Accept': 'application/json'})
    return userInfoResponse.text, 200


@app.route("/auth")
def auth():
    tokenResponse = oauth.keycloak.authorize_access_token()
    idToken = oauth.keycloak.parse_id_token(tokenResponse, None)
    if idToken:
        #session['tokenResponse'] = tokenResponse
        session['user'] = idToken
    return redirect('/')


@app.route("/", methods=['GET', 'POST'])
def index():
    attributes = False
    paint_logout = False
    if 'sso' in request.args:
        redirect_uri = url_for('auth', _external=True)
        return oauth.keycloak.authorize_redirect(redirect_uri)
    elif 'slo' in request.args:
        tokenResponse = session.get('tokenResponse')
        if tokenResponse is not None:
            # propagate logout to Keycloak
            refreshToken = tokenResponse['refresh_token']
            endSessionEndpoint = f'{issuer}/protocol/openid-connect/logout'
            requests.post(endSessionEndpoint, data={
                "client_id": clientId,
                "client_secret": clientSecret,
                "refresh_token": refreshToken,
            })
        session.pop('user', None)
        #session.pop('tokenResponse', None)
        return redirect('/')

    if 'user' in session:
        paint_logout = True
        strDict = {}
        for k in session['user']:
            strDict[k] = [ str(session['user'][k]) ]
        attributes = strDict.items()

    return render_template(
        'index.html',
        attributes=attributes,
        paint_logout=paint_logout
    )


if __name__ == "__main__":
    app.run(host='127.0.0.1', port=5001, debug=True)