"""LinkedIn OAuth mock responses based on API documentation.

Reference: https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow

Token Expiry (from docs):
- access_token: expires_in = 5184000 seconds (60 days)
- refresh_token: refresh_token_expires_in = 31536000 seconds (365 days)
"""

from typing import Any


def mock_oauth_token_response(
    access_token: str = "AQVg5rBqEsI3fBdX...",
    refresh_token: str = "AQT8vU7BqEsI3fBdX...",
    expires_in: int = 5184000,
    refresh_token_expires_in: int = 31536000,
    scope: str = "rw_organization_admin",
) -> dict[str, Any]:
    """Generate a mock OAuth token response.

    Args:
        access_token: The access token value
        refresh_token: The refresh token value
        expires_in: Token lifetime in seconds (default 60 days)
        refresh_token_expires_in: Refresh token lifetime (default 365 days)
        scope: The granted OAuth scope

    Returns:
        Dict matching LinkedIn's OAuth token response format
    """
    return {
        "access_token": access_token,
        "expires_in": expires_in,
        "refresh_token": refresh_token,
        "refresh_token_expires_in": refresh_token_expires_in,
        "scope": scope,
    }


def mock_oauth_error_response(
    error: str = "invalid_grant",
    error_description: str = "The authorization code has expired",
) -> dict[str, Any]:
    """Generate a mock OAuth error response.

    Common errors:
    - invalid_grant: Authorization code has expired or is invalid
    - invalid_client: Client ID or secret is invalid
    - invalid_request: Missing required parameter
    - unauthorized_client: Client not authorized for this grant type
    - access_denied: User denied authorization

    Args:
        error: The OAuth error code
        error_description: Human-readable error description

    Returns:
        Dict matching LinkedIn's OAuth error response format
    """
    return {
        "error": error,
        "error_description": error_description,
    }


def mock_token_refresh_response(
    access_token: str = "AQVnew_refreshed_token...",
    refresh_token: str = "AQTnew_refresh_token...",
    expires_in: int = 5184000,
    refresh_token_expires_in: int = 31536000,
    scope: str = "rw_organization_admin",
) -> dict[str, Any]:
    """Generate a mock token refresh response.

    The response format is the same as the initial token response.

    Args:
        access_token: The new access token
        refresh_token: The new refresh token
        expires_in: New token lifetime in seconds
        refresh_token_expires_in: New refresh token lifetime
        scope: The granted scope

    Returns:
        Dict matching LinkedIn's token refresh response format
    """
    return {
        "access_token": access_token,
        "expires_in": expires_in,
        "refresh_token": refresh_token,
        "refresh_token_expires_in": refresh_token_expires_in,
        "scope": scope,
    }


# Pre-built scenarios for common test cases
OAUTH_SCENARIOS = {
    "success": mock_oauth_token_response(),
    "invalid_grant": mock_oauth_error_response(
        error="invalid_grant",
        error_description="The authorization code has expired",
    ),
    "invalid_client": mock_oauth_error_response(
        error="invalid_client",
        error_description="Client authentication failed",
    ),
    "access_denied": mock_oauth_error_response(
        error="access_denied",
        error_description="The user denied the authorization request",
    ),
    "refresh_success": mock_token_refresh_response(),
    "refresh_expired": mock_oauth_error_response(
        error="invalid_grant",
        error_description="Refresh token has expired",
    ),
}