port-nimara-client-portal/server/api/debug/test-token-exchange.ts

export default defineEventHandler(async (event) => {
  // Test the actual token exchange that's failing
  const config = useRuntimeConfig()
  
  const testCode = "test-code-123" // We won't use this for real exchange, just test setup
  
  const tokenRequest = {
    grant_type: 'authorization_code',
    client_id: process.env.KEYCLOAK_CLIENT_ID,
    client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
    code: testCode,
    redirect_uri: 'https://client.portnimara.dev/oidc/cbt',
  }
  
  return {
    message: "Token exchange test configuration",
    issuer: process.env.KEYCLOAK_ISSUER,
    tokenEndpoint: `${process.env.KEYCLOAK_ISSUER}/protocol/openid-connect/token`,
    clientId: process.env.KEYCLOAK_CLIENT_ID,
    clientSecretLength: process.env.KEYCLOAK_CLIENT_SECRET?.length || 0,
    redirectUri: 'https://client.portnimara.dev/oidc/cbt',
    requestPayload: {
      grant_type: tokenRequest.grant_type,
      client_id: tokenRequest.client_id,
      client_secret: tokenRequest.client_secret ? '***MASKED***' : 'NOT_SET',
      code: 'test-code-will-be-replaced',
      redirect_uri: tokenRequest.redirect_uri,
    },
    // Test the actual HTTP vs HTTPS issue
    environment: {
      NODE_ENV: process.env.NODE_ENV,
      headers: getHeaders(event),
      host: getHeader(event, 'host'),
      protocol: getHeader(event, 'x-forwarded-proto') || 'http',
    }
  }
})