todolist-proto/frontend/src/keycloak.ts

import Keycloak from 'keycloak-js'

let keycloak: Keycloak | null = null

export const initKeycloak = async (): Promise<Keycloak> => {
  console.log('Initializing Keycloak...')
  
  const clientId = 'dalex-proto'
  
  keycloak = new Keycloak({
    url: 'https://terminus.bluelake.cloud',  // Remove trailing slash
    realm: 'dalex-immo-dev',
    clientId: clientId
  })

  console.log('Keycloak config:', {
    url: 'https://terminus.bluelake.cloud',
    realm: 'dalex-immo-dev',
    clientId: clientId
  })

  try {
    const authenticated = await keycloak.init({
      onLoad: 'login-required',
      checkLoginIframe: false,
      pkceMethod: 'S256', // Using PKCE for public clients
      redirectUri: 'http://localhost:3030/',  // Explicit redirect URI
      flow: 'standard'  // Explicitly use standard (Authorization Code) flow
    })

    console.log('Keycloak initialized. Authenticated:', authenticated)

    if (!authenticated) {
      console.warn('User not authenticated after Keycloak init')
      // Don't reload - keycloak.init with 'login-required' should redirect automatically
      // The error will be thrown and handled by main.ts
      throw new Error('Not authenticated')
    }

    console.log('User authenticated successfully')
    console.log('Token:', keycloak.token?.substring(0, 50) + '...')

    // Token refresh
    setInterval(() => {
      keycloak?.updateToken(70).catch((error) => {
        console.error('Failed to refresh token', error)
        keycloak?.login()
      })
    }, 60000)

    return keycloak
  } catch (error) {
    console.error('Failed to initialize Keycloak:', error)
    throw error
  }
}

export const getKeycloak = (): Keycloak | null => {
  return keycloak
}

export const getToken = (): string | undefined => {
  return keycloak?.token
}

export const logout = (): void => {
  keycloak?.logout({
    redirectUri: 'http://localhost:3030/'
  })
}