diff --git a/nuxt.config.ts b/nuxt.config.ts
index c9fda62..2fa90dc 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -149,7 +149,7 @@ export default defineNuxtConfig({
       scope: ["openid", "email", "profile"],
     },
     config: {
-      debug: process.env.NODE_ENV === 'development',
+      debug: true, // Enable debug mode to see what's happening
       response_type: "code",
       secret: process.env.OIDC_SESSION_SECRET || "default-session-secret-change-in-production",
       cookie: { 
diff --git a/server/api/debug/oidc-config.ts b/server/api/debug/oidc-config.ts
new file mode 100644
index 0000000..efc437e
--- /dev/null
+++ b/server/api/debug/oidc-config.ts
@@ -0,0 +1,20 @@
+export default defineEventHandler((event) => {
+  const config = useRuntimeConfig()
+  
+  // Return the OIDC configuration (without showing the actual secret)
+  return {
+    issuer: config.openidConnect?.op?.issuer || 'NOT_SET',
+    clientId: config.openidConnect?.op?.clientId || 'NOT_SET',
+    clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET',
+    secretLength: config.openidConnect?.op?.clientSecret?.length || 0,
+    environment: process.env.NODE_ENV,
+    envVars: {
+      KEYCLOAK_ISSUER: process.env.KEYCLOAK_ISSUER ? '***SET***' : 'NOT_SET',
+      KEYCLOAK_CLIENT_ID: process.env.KEYCLOAK_CLIENT_ID ? '***SET***' : 'NOT_SET', 
+      KEYCLOAK_CLIENT_SECRET: process.env.KEYCLOAK_CLIENT_SECRET ? '***SET***' : 'NOT_SET',
+      OIDC_SESSION_SECRET: process.env.OIDC_SESSION_SECRET ? '***SET***' : 'NOT_SET',
+      OIDC_ENCRYPT_KEY: process.env.OIDC_ENCRYPT_KEY ? '***SET***' : 'NOT_SET',
+      OIDC_ENCRYPT_IV: process.env.OIDC_ENCRYPT_IV ? '***SET***' : 'NOT_SET',
+    }
+  }
+})