import NextAuth from "next-auth"
import KeycloakProvider from "next-auth/providers/keycloak"

declare module "next-auth" {
  interface Session {
    user: {
      id: string
      name?: string | null
      email?: string | null
      image?: string | null
      clubs?: Record<string, string>
    }
    accessToken?: string
  }
  
  interface JWT {
    clubs?: Record<string, string>
    accessToken?: string
  }
}

export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [
    KeycloakProvider({
      clientId: process.env.KEYCLOAK_CLIENT_ID!,
      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
      issuer: process.env.KEYCLOAK_ISSUER!,
    })
  ],
  callbacks: {
    async jwt({ token, account }) {
      if (account) {
        // Add clubs claim from Keycloak access token
        token.clubs = (account as Record<string, unknown>).clubs as Record<string, string> || {}
        token.accessToken = account.access_token
      }
      return token
    },
    async session({ session, token }) {
      // Expose clubs to client
      if (session.user) {
        session.user.clubs = token.clubs as Record<string, string> | undefined
      }
      session.accessToken = token.accessToken as string | undefined
      return session
    }
  }
})