<?php

declare(strict_types=1);

namespace App\Console\Commands\Apple;

use App\Console\Command;
use App\Helpers\Jwt;
use GuzzleHttp\ClientInterface as GuzzleClient;

class GenerateAccessToken extends Command
{
    protected $signature = 'apple:sing-in:token {code}';

    public function handle(GuzzleClient $guzzle): int
    {
        //
        // DO NOT STORE APPLE SIGN IN CREDENTIALS IN THE CODE, THIS IS AN EXAMPLE
        //
        
        $kid = ''; // SignIn Key ID
        $privateKey = ' // SignIn Key
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----';

        $iss = ''; // Developer ID
        $aud = 'https://appleid.apple.com';
        $sub = ''; // mobile app id
        $iat = time();
        $exp = $iat + 86400*30; // access token expiration timeout

        $redirectUrl = 'https://example/apple/callback';

        $code = $this->argument('code');

        $clientSecret = (string) Jwt::issue($privateKey, $kid, $iss, $aud, $sub, $iat, $exp);

        $response = $guzzle->request('POST', 'https://appleid.apple.com/auth/token', [
            'form_params' => [
                'client_id' => $sub,
                'code' => $code,
                'client_secret' => $clientSecret,
                'grant_type' => 'authorization_code',
                'redirect_uri' => $redirectUrl,
            ],
        ]);

        $this->line($response->getBody()->getContents());

        return 0;
    }
}