import { randomBytes } from 'crypto';

export default defineEventHandler(async (event) => {
  const keycloak = createKeycloakClient();
  const state = randomBytes(32).toString('hex');
  
  // Store state in session for verification
  setCookie(event, 'oauth-state', state, {
    httpOnly: true,
    secure: true,
    maxAge: 600, // 10 minutes
  });

  const authUrl = keycloak.getAuthUrl(state);
  
  return sendRedirect(event, authUrl);
});