jwt-verify 0.1.0

use base64::Engine;
use serde::Deserialize;

use crate::common::error::JwtError;

/// Basic token payload without verification for Cognito tokens
#[derive(Debug, Clone, Deserialize)]
pub struct TokenPayload {
    /// Issuer
    pub iss: String,
    /// Token use (id, access)
    #[serde(rename = "token_use")]
    pub token_use: Option<String>,
    /// Client ID
    #[serde(rename = "client_id")]
    pub client_id: Option<String>,
    /// Expiration time
    pub exp: Option<u64>,
}

/// Token parser for Cognito-specific functionality
pub struct CognitoTokenParser;

impl CognitoTokenParser {
    /// Parse token payload without validating the signature
    pub fn parse_token_payload(token: &str) -> Result<TokenPayload, JwtError> {
        // Check if token is empty
        if token.is_empty() {
            return Err(JwtError::MissingToken);
        }
        
        // Split the token
        let parts: Vec<&str> = token.split('.').collect();
        if parts.len() != 3 {
            return Err(JwtError::ParseError {
                part: Some("token".to_string()),
                error: "Invalid token format: expected 3 parts separated by dots".to_string(),
            });
        }
        
        // Decode the payload (second part)
        let payload = base64::engine::general_purpose::URL_SAFE_NO_PAD
            .decode(parts[1])
            .map_err(|e| JwtError::ParseError {
                part: Some("payload".to_string()),
                error: format!("Invalid base64 in payload: {}", e),
            })?;
        
        // Parse the payload
        let payload: TokenPayload = serde_json::from_slice(&payload)
            .map_err(|e| JwtError::ParseError {
                part: Some("payload".to_string()),
                error: format!("Invalid JSON in payload: {}", e),
            })?;
        
        Ok(payload)
    }
}