using SharepointToolbox.Core.Models;

namespace SharepointToolbox.Services;

/// <summary>
/// Manages Azure AD app registration and removal for a target tenant.
/// </summary>
public interface IAppRegistrationService
{
    /// <summary>
    /// Returns true if the currently-authenticated user has the Global Administrator
    /// directory role in the target tenant (checked via transitiveMemberOf for
    /// nested-group coverage). Throws on Graph/network failure so the UI can
    /// distinguish a confirmed non-admin from a call that could not complete.
    /// </summary>
    Task<bool> IsGlobalAdminAsync(string clientId, string tenantUrl, CancellationToken ct);

    /// <summary>
    /// Creates an Azure AD Application + ServicePrincipal + OAuth2PermissionGrants
    /// atomically in the tenant identified by <paramref name="tenantUrl"/>.
    /// On any intermediate failure the Application is deleted before returning
    /// a Failure result (best-effort rollback).
    /// </summary>
    Task<AppRegistrationResult> RegisterAsync(string clientId, string tenantUrl, string tenantDisplayName, CancellationToken ct);

    /// <summary>
    /// Deletes the registered application by its appId in the given tenant.
    /// Logs a warning on failure but does not throw.
    /// </summary>
    Task RemoveAsync(string clientId, string tenantUrl, string appId, CancellationToken ct);

    /// <summary>
    /// Clears the live SessionManager context, evicts all in-memory MSAL accounts,
    /// and unregisters the persistent token cache for the given clientId.
    /// </summary>
    Task ClearMsalSessionAsync(string clientId, string tenantUrl);
}