import * as data from '../data/index.js';
import * as plugins from '../plugins.js';

/**
 * Request to get the public key for JWT validation.
 *
 * **Direction:** Client → idp.global
 * **Requester:** Backend services that need to verify JWTs
 * **Handler:** idp.global
 *
 * Use this to fetch the current public key for verifying JWT signatures.
 * The backend token authenticates the requesting service.
 */
export interface IReq_GetPublicKeyForValidation
  extends plugins.typedRequestInterfaces.implementsTR<
    plugins.typedRequestInterfaces.ITypedRequest,
    IReq_GetPublicKeyForValidation
  > {
  method: 'getPublicKeyForValidation';
  request: {
    backendToken: string;
  };
  response: {
    publicKeyPem: string;
  };
}

/**
 * Push public key to connected backend services for JWT validation.
 *
 * **Direction:** idp.global → Client
 * **Requester:** idp.global (pushes when the JWT signing key rotates)
 * **Handler:** Backend services - must register a TypedHandler for this method
 *
 * Backend services should register a handler using `IdpClient.onPublicKeyPush()`
 * to receive key rotation updates and update their local key cache.
 */
export interface IReq_PushPublicKeyForValidation
  extends plugins.typedRequestInterfaces.implementsTR<
    plugins.typedRequestInterfaces.ITypedRequest,
    IReq_PushPublicKeyForValidation
  > {
  method: 'pushPublicKeyForValidation';
  request: {
    publicKeyPem: string;
  };
  response: {};
}

/**
 * Push or get JWT ID blocklist for revoked tokens.
 *
 * **Bidirectional:**
 * - **GET direction:** Client → idp.global - Client requests current blocklist
 * - **PUSH direction:** idp.global → Client - Server pushes new blocklisted IDs
 *
 * **For GET (client fires):**
 * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
 * - Response contains the complete list of blocked JWT IDs
 * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
 *
 * **For PUSH (idp.global fires):**
 * - idp.global sends newly blocklisted JWT IDs to connected clients
 * - Clients must register a handler using `IdpClient.onBlocklistPush()`
 * - Store received IDs locally to reject revoked tokens
 */
export interface IReq_PushOrGetJwtIdBlocklist
  extends plugins.typedRequestInterfaces.implementsTR<
    plugins.typedRequestInterfaces.ITypedRequest,
    IReq_PushOrGetJwtIdBlocklist
  > {
  method: 'pushOrGetJwtIdBlocklist';
  request: {
    blockedJwtIds?: string[];
  };
  response: {
    blockedJwtIds?: string[];
  };
}