package auth

import (
	"context"
	"gitlab.bob.co.za/bob-public-utils/bobgroup-go-utils/errors"
	"google.golang.org/api/idtoken"
)

func ValidateGoogleIDToken(tokenString, clientID string) (string, error) {
	payload, err := idtoken.Validate(context.Background(), tokenString, clientID)
	if err != nil {
		return "", err
	}

	email, ok := payload.Claims["email"].(string)
	if !ok {
		return "", errors.Error("email is not a string")
	}

	return email, nil
}