class CallbacksController < ApplicationController
  skip_before_action :require_login
  skip_after_action :verify_authorized, except: :index
  skip_after_action :verify_policy_scoped, only: :index
  skip_before_action :verify_authenticity_token

  def create
    uid = request.env['omniauth.auth'][:uid]
    token_data = request.env['omniauth.auth'][:credentials]

    current_user&.tap do |user|
      user.microsoft_user_id = uid
      user.microsoft_access_token = token_data.token
      user.microsoft_refresh_token = token_data.refresh_token
      user.microsoft_token_expires_at = token_data.expires_at # Expiration time is returned in seconds
      user.save
    end

    redirect_to profile_path
  end

end