export default defineEventHandler((event) => {
  const config = useRuntimeConfig()
  
  // Return the OIDC configuration (without showing the actual secret)
  return {
    // Runtime config
    runtime: {
      issuer: config.openidConnect?.op?.issuer || 'NOT_SET',
      clientId: config.openidConnect?.op?.clientId || 'NOT_SET',
      clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET',
      secretLength: config.openidConnect?.op?.clientSecret?.length || 0,
    },
    // Build-time config (what the module actually uses)
    buildTime: {
      issuer: process.env.KEYCLOAK_ISSUER || 'NOT_SET',
      clientId: process.env.KEYCLOAK_CLIENT_ID || 'NOT_SET',
      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET ? '***SET***' : 'NOT_SET',
      secretLength: process.env.KEYCLOAK_CLIENT_SECRET?.length || 0,
    },
    environment: process.env.NODE_ENV,
    envVars: {
      KEYCLOAK_ISSUER: process.env.KEYCLOAK_ISSUER ? '***SET***' : 'NOT_SET',
      KEYCLOAK_CLIENT_ID: process.env.KEYCLOAK_CLIENT_ID ? '***SET***' : 'NOT_SET', 
      KEYCLOAK_CLIENT_SECRET: process.env.KEYCLOAK_CLIENT_SECRET ? '***SET***' : 'NOT_SET',
      OIDC_SESSION_SECRET: process.env.OIDC_SESSION_SECRET ? '***SET***' : 'NOT_SET',
      OIDC_ENCRYPT_KEY: process.env.OIDC_ENCRYPT_KEY ? '***SET***' : 'NOT_SET',
      OIDC_ENCRYPT_IV: process.env.OIDC_ENCRYPT_IV ? '***SET***' : 'NOT_SET',
    }
  }
})