# Script de mise à jour de la configuration du client Keycloak
Write-Host "Mise a jour de la configuration client Keycloak..." -ForegroundColor Cyan

# Obtenir un token admin
$tokenResponse = Invoke-RestMethod -Uri "http://localhost:8180/realms/master/protocol/openid-connect/token" -Method POST -Body @{
    client_id = "admin-cli"
    grant_type = "password"
    username = "admin"
    password = "admin"
} -ContentType "application/x-www-form-urlencoded"

$token = $tokenResponse.access_token
Write-Host "✅ Token admin obtenu" -ForegroundColor Green

# Configuration du client
$clientConfig = @{
    id = "b759720f-2a25-4118-9dc8-f167b79ad532"
    clientId = "lions-user-manager-client"
    name = "Lions User Manager Client"
    description = "Interface web pour la gestion des utilisateurs"
    rootUrl = "http://localhost:8082"
    adminUrl = "http://localhost:8082"
    baseUrl = "/"
    enabled = $true
    clientAuthenticatorType = "client-secret"
    secret = "NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO"
    redirectUris = @(
        "http://localhost:8082/*"
        "http://localhost:8082/auth/callback"
        "http://localhost:8082/pages/user-manager/*"
    )
    webOrigins = @("http://localhost:8082")
    bearerOnly = $false
    consentRequired = $false
    standardFlowEnabled = $true
    implicitFlowEnabled = $false
    directAccessGrantsEnabled = $true
    serviceAccountsEnabled = $false
    publicClient = $false
    frontchannelLogout = $true
    protocol = "openid-connect"
    attributes = @{
        "access.token.lifespan" = "1800"
        "client.session.idle.timeout" = "1800"
        "client.session.max.lifespan" = "36000"
        "pkce.code.challenge.method" = "S256"
        "backchannel.logout.session.required" = "true"
        "post.logout.redirect.uris" = "http://localhost:8082/*"
    }
    fullScopeAllowed = $true
    defaultClientScopes = @("web-origins", "acr", "profile", "roles", "basic", "email")
    optionalClientScopes = @("address", "phone", "offline_access", "microprofile-jwt")
}

$headers = @{
    Authorization = "Bearer $token"
    "Content-Type" = "application/json"
}

$body = $clientConfig | ConvertTo-Json -Depth 10

try {
    Invoke-RestMethod -Uri "http://localhost:8180/admin/realms/lions-user-manager/clients/b759720f-2a25-4118-9dc8-f167b79ad532" `
        -Method PUT `
        -Headers $headers `
        -Body $body

    Write-Host "✅ Configuration client mise a jour avec succes!" -ForegroundColor Green
    Write-Host ""
    Write-Host "Corrections appliquees:" -ForegroundColor Cyan
    Write-Host "  - rootUrl: http://localhost:8081 → http://localhost:8082" -ForegroundColor Yellow
    Write-Host "  - adminUrl: → http://localhost:8082" -ForegroundColor Yellow
    Write-Host "  - redirectUris: suppression du wildcard '*'" -ForegroundColor Yellow
    Write-Host "  - webOrigins: * → http://localhost:8082" -ForegroundColor Yellow
    Write-Host "  - Access token lifespan: 3600s → 1800s" -ForegroundColor Yellow
    Write-Host "  - Session timeouts configures" -ForegroundColor Yellow
    Write-Host ""
    Write-Host "Prochaine etape:" -ForegroundColor Cyan
    Write-Host "  1. Supprimez les cookies du navigateur pour localhost:8082" -ForegroundColor Gray
    Write-Host "  2. Redemarrez le client JSF si necessaire" -ForegroundColor Gray
    Write-Host "  3. Testez l'acces a http://localhost:8082" -ForegroundColor Gray

} catch {
    Write-Host "❌ Erreur lors de la mise a jour: $($_.Exception.Message)" -ForegroundColor Red
}