// Package auth provides MCIAS authentication integration, delegating to
// the mcdsl/auth package for token validation with caching.
package auth

import (
	"errors"
	"log/slog"

	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
)

// TokenInfo is an alias for the mcdsl auth.TokenInfo type.
type TokenInfo = mcdslauth.TokenInfo

// Authenticator is an alias for the mcdsl auth.Authenticator type.
type Authenticator = mcdslauth.Authenticator

// Config is an alias for the mcdsl auth.Config type.
type Config = mcdslauth.Config

// Errors re-exported from mcdsl/auth for compatibility.
var (
	ErrInvalidCredentials = mcdslauth.ErrInvalidCredentials
	ErrInvalidToken       = mcdslauth.ErrInvalidToken
	ErrForbidden          = mcdslauth.ErrForbidden
	ErrUnavailable        = mcdslauth.ErrUnavailable
)

// NewAuthenticator creates a new Authenticator backed by mcdsl/auth.
// This is a convenience wrapper matching the old constructor signature.
func NewAuthenticator(cfg mcdslauth.Config, logger *slog.Logger) (*Authenticator, error) {
	return mcdslauth.New(cfg, logger)
}

// Logout revokes a token on the MCIAS server.
func Logout(authenticator *Authenticator, token string) error {
	return authenticator.Logout(token)
}

// ContextWithTokenInfo stores TokenInfo in a context.
var ContextWithTokenInfo = mcdslauth.ContextWithTokenInfo

// TokenInfoFromContext extracts TokenInfo from a context.
var TokenInfoFromContext = mcdslauth.TokenInfoFromContext

// IsInvalidCredentials checks if an error is ErrInvalidCredentials.
func IsInvalidCredentials(err error) bool {
	return errors.Is(err, ErrInvalidCredentials)
}