handler

type Config struct {
	// Issuer for the issuer field display
	Issuer string

	// PublishSecret contains the location of Secret for signing and it's multiple version
	SigningConfig SigningConfig

	// ProfileService connect to user's for public profile
	// instead of client hit the public profile API directly
	// since it can use internal network, it should be faster compared to client hit directly
	ProfileService string

	TokenExpiryMinutes int
}

type MicrosoftClaims struct {
	AIO       string `json:"aio,omitempty"`
	Email     string `json:"email,omitempty"`
	LoginHint string `json:"login_hint,omitempty"`
	Nonce     string `json:"nonce,omitempty"`
	OID       string `json:"oid,omitempty"`
	Username  string `json:"preferred_username,omitempty"`
	SID       string `json:"sid,omitempty"`
	TenantID  string `json:"tid,omitempty"`
	Version   string `json:"ver,omitempty"`
	XMS       string `json:"xms_pl,omitempty"`
	jwt.StandardClaims
}

type SigningConfig struct {
	// Secret contains the address for our signing key from secret provider
	Secret string

	// Key ID
	ID string

	// PollTime to sync the signing keys
	PollTime time.Duration
}

type SigningResponse struct {
	// ID Token is JWT Token for OpenID Connect data
	IDToken string `json:"id_token,omitempty"`

	// AccessToken is a JWT token to proof that the client is authenticated by this service
	// It is separate from ID token to avo
	AccessToken string `json:"access_token,omitempty"`

	// Profile of the user.
	Profile any `json:"profile,omitempty"`
}