tvone/app/feature/auth/keycloak-config.ts

import Keycloak from "keycloak-js";

/**
 * KEYCLOAK CONFIGURATION
 * Logic: Environment variable validation and OIDC configuration.
 */

export const keycloakConfig = {
    clientId: process.env.KEYCLOAK_CLIENT_ID!,
    clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
    issuer: `${process.env.KEYCLOAK_ISSUER_URL}/realms/${process.env.KEYCLOAK_REALM}`,
    
    // Scopes needed for OIDC and profile access
    scope: 'openid profile email',
    
    // Endpoint for global logout
    endSessionEndpoint: `${process.env.KEYCLOAK_ISSUER_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/logout`,
};
  
// Simple check to ensure environment variables are present
if (!process.env.KEYCLOAK_CLIENT_ID || !process.env.KEYCLOAK_ISSUER_URL) {
    console.warn("Auth Warning: Keycloak environment variables are missing.");
}

export const keycloak = new Keycloak({
  url: "https://keycloak.petermaquiran.xyz",
  realm: "tvone", // ✅ IMPORTANT
  clientId: "tvone-web", // must match Keycloak client
});