<%
Class AuthController_Class
    Private m_useLayout
    Private m_title

    Private Sub Class_Initialize()
        m_useLayout = True
        m_title = "Authentication"
    End Sub

    Public Property Get useLayout
        useLayout = m_useLayout
    End Property

    Public Property Let useLayout(v)
        m_useLayout = v
    End Property

    Public Property Get Title
        Title = m_title
    End Property

    Public Property Let Title(v)
        m_title = v
    End Property

    ' GET /auth/login
    ' Initiates the Keycloak authorization-code flow. Generates state/nonce,
    ' stores them in Session, then redirects the browser to Keycloak.
    Public Sub Login()
        Dim returnToPath
        returnToPath = Trim(CStr(Request.QueryString("returnTo")))
        If Len(returnToPath) > 0 Then
            Call KeycloakSetPostLoginRedirectPath(returnToPath)
        End If
        Call KeycloakLogin()
    End Sub

    ' GET /auth/callback
    ' Keycloak redirects here after the user authenticates. Exchanges the
    ' authorization code for tokens, fetches user info, and redirects home.
    ' On failure the error view is rendered inline.
    Public Sub Callback()
        Dim success, redirectPath
        success = KeycloakHandleCallback()
        If success Then
            redirectPath = KeycloakConsumePostLoginRedirectPath("/")
            Response.Redirect redirectPath
        Else
%>
<!--#include file="../views/Auth/CallbackError.asp" -->
<%
        End If
    End Sub

    ' GET /auth/logout
    ' Clears the local session and redirects to Keycloak's logout endpoint so
    ' the SSO session is also terminated.
    Public Sub Logout()
        Call KeycloakLogout("")
    End Sub

End Class

Dim AuthController_Class__Singleton
Function AuthController()
    If IsEmpty(AuthController_Class__Singleton) Then
        Set AuthController_Class__Singleton = New AuthController_Class
    End If
    Set AuthController = AuthController_Class__Singleton
End Function
%>