use crate::state::AppState;

pub async fn get_admin_token(state: &AppState) -> Result<String, String> {
    let token_url = format!(
        "{}/protocol/openid-connect/token",
        state.oidc.issuer_url
    );

    let resp = state
        .http_client
        .post(&token_url)
        .form(&[
            ("grant_type", "client_credentials"),
            ("client_id", &state.oidc.client_id),
            ("client_secret", &state.oidc.client_secret),
        ])
        .send()
        .await
        .map_err(|e| format!("token request failed: {e}"))?;

    if !resp.status().is_success() {
        let status = resp.status();
        let body = resp.text().await.unwrap_or_default();
        return Err(format!("token request returned {status}: {body}"));
    }

    let body: serde_json::Value = resp
        .json()
        .await
        .map_err(|e| format!("token parse failed: {e}"))?;

    body["access_token"]
        .as_str()
        .map(String::from)
        .ok_or_else(|| "no access_token in response".to_string())
}