DiunaBI/src/Backend/DiunaBI.UI.Shared/wwwroot/js/auth.js

let googleInitialized = false;

window.initGoogleSignIn = function(clientId) {
    if (googleInitialized) {
        console.log("Google Sign-In already initialized");
        return;
    }
    
    console.log("🔐 Initializing Google Sign-In (ID Token flow) with clientId:", clientId);
    
    // Używamy google.accounts.id - zwraca ID token (JWT credential)
    google.accounts.id.initialize({
        client_id: clientId,
        callback: handleCredentialResponse,
        auto_select: false,
        cancel_on_tap_outside: true
    });
    
    googleInitialized = true;
    console.log("✅ Google Sign-In initialized successfully");
};

window.requestGoogleSignIn = function() {
    console.log("🚀 Requesting Google Sign-In...");
    
    // Pokaż One Tap prompt
    google.accounts.id.prompt((notification) => {
        if (notification.isNotDisplayed()) {
            console.warn("⚠️ One Tap not displayed:", notification.getNotDisplayedReason());
        } else if (notification.isSkippedMoment()) {
            console.warn("⚠️ One Tap skipped:", notification.getSkippedReason());
        } else {
            console.log("✅ One Tap displayed");
        }
    });
};

function handleCredentialResponse(response) {
    console.log("=== 🎉 Google Credential Response ===");
    
    try {
        if (!response.credential) {
            throw new Error("No credential in response");
        }
        
        const tokenParts = response.credential.split('.');
        console.log("📝 ID Token parts:", tokenParts.length); // Should be 3 (JWT)
        console.log("📏 ID Token length:", response.credential.length);
        
        if (tokenParts.length !== 3) {
            throw new Error("Invalid JWT format - expected 3 parts (header.payload.signature)");
        }
        
        // Dekoduj payload JWT aby wyciągnąć user info
        const payload = decodeJwtPayload(response.credential);
        
        const fullName = payload.name || `${payload.given_name || ''} ${payload.family_name || ''}`.trim();
        const email = payload.email;
        const avatarUrl = payload.picture || '';
        
        console.log("👤 User info from JWT:", { fullName, email });
        console.log("📧 Email verified:", payload.email_verified);
        
        // Wywołaj Blazor - przekaż ID token JWT (nie access token!)
        DotNet.invokeMethodAsync('DiunaBI.UI.Shared', 'OnGoogleSignInSuccess', 
            response.credential,  // <--- To jest ID token JWT dla backendu
            fullName, 
            email, 
            avatarUrl)
            .then(() => {
                console.log("✅ Successfully sent ID token to Blazor");
            })
            .catch(err => {
                console.error("❌ Error calling Blazor:", err);
                DotNet.invokeMethodAsync('DiunaBI.UI.Shared', 'OnGoogleSignInError', err.toString());
            });
    } catch (error) {
        console.error("❌ Error processing Google credential:", error);
        DotNet.invokeMethodAsync('DiunaBI.UI.Shared', 'OnGoogleSignInError', error.toString());
    }
}

function decodeJwtPayload(token) {
    try {
        const base64Url = token.split('.')[1];
        const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
        const jsonPayload = decodeURIComponent(
            atob(base64)
                .split('')
                .map(c => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))
                .join('')
        );
        return JSON.parse(jsonPayload);
    } catch (error) {
        console.error("Error decoding JWT:", error);
        throw new Error("Invalid JWT format");
    }
}