;(function (exports) {
  'use strict';

  var OAUTH3 = window.OAUTH3 || require('./oauth3.js');

  OAUTH3.authz = OAUTH3.authz || {};
  OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
    // OAuth3.requests.grants(providerUri, {});         // return list of grants
    // OAuth3.checkGrants(providerUri, {});             //
    var clientUri = OAUTH3.core.normalizeUri(clientParams.client_id || clientParams.client_uri);
    var scope = clientParams.scope || '';
    var clientObj = clientParams;

    if (!scope) {
      scope = 'oauth3_authn';
    }

    return OAUTH3.requests.grants(providerUri, {
      method: 'GET'
    , client_id: clientUri
    , client_uri: clientUri
    , session: session
    }).then(function (grants) {
      var myGrants;
      var grantedScopes;
      var grantedScopesMap;
      var pendingScopes;
      var acceptedScopes;
      var acceptedScopesMap;
      var scopes = OAUTH3.core.parsescope(scope);
      var callbackUrl;

      console.log('previous grants:');
      console.log(grants);

      // it doesn't matter who the referrer is as long as the destination
      // is an authorized destination for the client in question
      // (though it may not hurt to pass the referrer's info on to the client)
      if (!OAUTH3.checkRedirect(grants.client, clientObj)) {
        callbackUrl = 'https://oauth3.org/docs/errors#E_REDIRECT_ATTACK'
          + '?redirect_uri=' + clientObj.redirect_uri
          + '&allowed_urls=' + grants.client.url
          + '&client_id=' + clientUri
          + '&referrer_uri=' + OAUTH3.core.normalizeUri(window.document.referrer)
          ;
        location.href = callbackUrl;
        return;
      }

      console.warn("What are grants? Baby don't hurt me. Don't hurt me. No more.");
      console.warn(grants);

      myGrants = grants.grants.filter(function (grant) {
        if (clientUri === (grant.azp || grant.oauth_client_id || grant.oauthClientId)) {
          return true;
        }
      });

      grantedScopesMap = {};
      acceptedScopesMap = {};
      pendingScopes = scopes.filter(function (requestedScope) {
        return myGrants.every(function (grant) {
          if (!grant.scope) {
            grant.scope = 'oauth3_authn';
          }
          var gscopes = grant.scope.split(/[+, ]/g);
          gscopes.forEach(function (s) { grantedScopesMap[s] = true; });
          if (-1 !== gscopes.indexOf(requestedScope)) {
            // already accepted in the past
            acceptedScopesMap[requestedScope] = true;
          }
          else {
            // true, is pending
            return true;
          }
        });
      });
      grantedScopes = Object.keys(grantedScopesMap);
      acceptedScopes = Object.keys(acceptedScopesMap);

      return {
        pending: pendingScopes    // not yet accepted
      , granted: grantedScopes    // all granted, ever
      , requested: scopes         // all requested, now
      , accepted: acceptedScopes  // granted (ever) and requested (now)
      , client: grants.client
      , grants: grants.grants
      };
    });
  };

  exports.OAUTH3_PROVIDER = OAUTH3;

  if ('undefined' !== typeof module) {
    module.exports = OAUTH3;
  }
}('undefined' !== typeof exports ? exports : window));