"""SSO JWT 토큰 검증 전용"""
import jwt
import os
from fastapi import HTTPException, status

SSO_JWT_SECRET = os.getenv("SECRET_KEY", "")
ALGORITHM = "HS256"


def verify_access_token(token: str) -> dict:
    try:
        payload = jwt.decode(token, SSO_JWT_SECRET, algorithms=[ALGORITHM])
    except jwt.ExpiredSignatureError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="토큰이 만료되었습니다")
    except jwt.InvalidTokenError:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="유효하지 않은 토큰입니다")
    return payload