/**
 * Federated Authentication DTOs
 *
 * Data transfer objects for federated OIDC authentication endpoints.
 */

import { IsString, IsEmail, IsOptional, IsObject } from "class-validator";

/**
 * DTO for initiating federated authentication
 */
export class InitiateFederatedAuthDto {
  @IsString()
  remoteInstanceId!: string;

  @IsOptional()
  @IsString()
  redirectUrl?: string;
}

/**
 * DTO for linking federated identity
 */
export class LinkFederatedIdentityDto {
  @IsString()
  remoteInstanceId!: string;

  @IsString()
  remoteUserId!: string;

  @IsString()
  oidcSubject!: string;

  @IsEmail()
  email!: string;

  @IsOptional()
  @IsObject()
  metadata?: Record<string, unknown>;
}

/**
 * DTO for validating federated token
 */
export class ValidateFederatedTokenDto {
  @IsString()
  token!: string;

  @IsString()
  instanceId!: string;
}