package auth

import "context"

// Claims represents the validated identity and roles extracted from an
// MCIAS token.
type Claims struct {
	Subject     string
	AccountType string
	Roles       []string
}

// claimsKey is an unexported type used as the context key for Claims,
// preventing collisions with keys from other packages.
type claimsKey struct{}

// ContextWithClaims returns a new context carrying the given Claims.
func ContextWithClaims(ctx context.Context, c *Claims) context.Context {
	return context.WithValue(ctx, claimsKey{}, c)
}

// ClaimsFromContext extracts Claims from the context. It returns nil if
// no claims are present.
func ClaimsFromContext(ctx context.Context) *Claims {
	c, _ := ctx.Value(claimsKey{}).(*Claims)
	return c
}