<?php

declare(strict_types=1);

namespace authkit2\Oidc\Authentication;

/**
 * Authenticate requests as a oauth client.
 */
class ClientAuthentication extends Authentication
{
	/**
	 * Oauth client id.
	 * @var string
	 */
	protected $client_id;

	/**
	 * Oauth client secret.
	 * @var string
	 */
	protected $client_secret;

	/**
	 * Create a new client authentication provider.
	 *
	 * @param string $client_id     oauth client id
	 * @param string $client_secret oauth client secret
	 */
	public function __construct(string $client_id, string $client_secret)
	{
		$this->client_id = $client_id;
		$this->client_secret = $client_secret;
	}

	/**
	 * Authenticate the passed in request with the provided client credentials.
	 *
	 * Client authentication uses HTTP basic authentication with the client id
	 * as the username and the client secret as the password.
	 *
	 * @param  \Psr\Http\Message\RequestInterface $request request to authenticate
	 * @return \Psr\Http\Message\RequestInterface authenticated request
	 */
	public function authenticate(\Psr\Http\Message\RequestInterface $request): \Psr\Http\Message\RequestInterface
	{
		return $request->withHeader('Authorization', 'Basic '.base64_encode($this->client_id.':'.$this->client_secret));
	}
}