package com.github.ljtfreitas.restify.http.client.request.authentication.oauth2;

import com.github.ljtfreitas.restify.http.client.message.Header;
import com.github.ljtfreitas.restify.http.contract.Parameters;
import com.github.ljtfreitas.restify.util.Preconditions;
import java.net.URI;

/* loaded from: input_file:com/github/ljtfreitas/restify/http/client/request/authentication/oauth2/ImplicitAuthorizationResponse.class */
public class ImplicitAuthorizationResponse {
    private final ImplicitGrantProperties properties;
    private final AuthorizationCodeResponse response;

    public ImplicitAuthorizationResponse(ImplicitGrantProperties implicitGrantProperties, AuthorizationCodeResponse authorizationCodeResponse) {
        this.properties = implicitGrantProperties;
        this.response = authorizationCodeResponse;
    }

    public AccessToken accessToken() {
        if (this.response.status().isOk()) {
            throw new OAuth2UserApprovalRequiredException("You need approve the client [" + this.properties.credentials().clientId() + "] to access protected resources with scopes [" + this.properties.scopes() + "]");
        }
        Parameters parse = Parameters.parse(URI.create(((Header) this.response.headers().get("Location").orElseThrow(() -> {
            return new IllegalStateException("Location header must be present on Authorization redirect!");
        })).value()).getFragment());
        Preconditions.isTrue(this.properties.state().orElse("").equals(parse.first("state").orElse("")), "Possible CSRF attack? [state] parameter returned by the authorization server is not the same of the authorization request.");
        return AccessToken.of(AccessTokenResponseBody.of(parse));
    }
}
