// Custom Temporal Server with JWT Authorization
package main

import (
	"log"

	"go.temporal.io/server/common/authorization"
	"go.temporal.io/server/common/config"
	"go.temporal.io/server/temporal"
)

func main() {
	// Load Temporal configuration
	cfg, err := config.LoadConfig("development", "./config", "")
	if err != nil {
		log.Fatal("Failed to load config:", err)
	}

	// Create Temporal server with authorization
	s, err := temporal.NewServer(
		temporal.ForServices(temporal.DefaultServices),
		temporal.WithConfig(cfg),
		temporal.InterruptOn(temporal.InterruptCh()),
		
		// Configure JWT ClaimMapper
		temporal.WithClaimMapper(func(cfg *config.Config) authorization.ClaimMapper {
			return authorization.NewDefaultJWTClaimMapper(
				// Token key provider - fetches public keys from your OIDC provider
				authorization.NewDefaultTokenKeyProvider(cfg, log.Default()),
				cfg,
				log.Default(),
			)
		}),
		
		// Configure Authorizer
		temporal.WithAuthorizer(authorization.NewDefaultAuthorizer()),
	)
	
	if err != nil {
		log.Fatal("Failed to create server:", err)
	}

	// Start the server
	log.Println("Starting Temporal Server with JWT Authorization...")
	err = s.Start()
	if err != nil {
		log.Fatal("Server failed:", err)
	}

	log.Println("Server stopped.")
}