namespace _zeitbild.auth
{
	
	/**
	 */
	let _subject : (
		null
		|
		lib_plankton.auth.type_auth<any, any, any>
	) = null;
	
	
	/**
	 */
	export function init(
	) : Promise<void>
	{
		switch (_zeitbild.conf.get().authentication.kind) {
			case "internal": {
				_subject = lib_plankton.auth.internal.implementation_auth(
					{
						"password_image_chest": {
							"setup": (input) => Promise.resolve<void>(undefined),
							"clear": () => Promise.reject<void>("not implemented"),
							"write": (key, item) => _zeitbild.repository.auth_internal.write(key, item),
							"delete": (key) => _zeitbild.repository.auth_internal.delete_(key),
							"read": (key) => _zeitbild.repository.auth_internal.read(key),
							"search": (term) => Promise.reject<any>("not implemented"),
						},
						"check_password": (image, input) => _zeitbild.service.auth_internal.check_raw(image, input),
					}
				);
				break;
			}
			case "oidc": {
				_subject = lib_plankton.auth.oidc.implementation_auth(
					{
						"url_authorization": _zeitbild.conf.get().authentication.data.url_authorization,
						"url_token": _zeitbild.conf.get().authentication.data.url_token,
						"url_userinfo": _zeitbild.conf.get().authentication.data.url_userinfo,
						"client_id": _zeitbild.conf.get().authentication.data.client_id,
						"client_secret": _zeitbild.conf.get().authentication.data.client_secret,
						"url_redirect": (_zeitbild.conf.get().authentication.data.backend_url_base + "/session/oidc"),
						"scopes": [
							"openid",
							"profile",
							"email",
						],
						"label": _zeitbild.conf.get().authentication.data.label,
						"login_url_mode": "log",
					}
				);
				break;
			}
			default: {
				// do nothing
				break;
			}
		}
		return Promise.resolve<void>(undefined);
	}
	
	
	/**
	 */
	export function prepare(
	) : Promise<{kind : string; data : any;}>
	{
		if (_subject === null) {
			return Promise.reject(new Error("not initialized yet"));
		}
		else {
			return (
				_subject.login_prepare()
				.then(
					(data : any) => ({
						"kind": _zeitbild.conf.get().authentication.kind,
						"data": data,
					})
				)
			);
		}
	}
	
	
	/**
	 */
	export function execute(
		input : any
	) : Promise<string>
	{
		if (_subject === null) {
			return Promise.reject(new Error("not initialized yet"));
		}
		else {
			return _subject.login_execute(input);
		}
	}
	
	
	export function control(
		input : any
	) : Promise<void>
	{
		if (_subject === null) {
			return Promise.reject(new Error("not initialized yet"));
		}
		else {
			return _subject.login_control(input);
		}
	}
	
}