import { SSOConfig, SSOUserData } from '../types/auth.types';

const ssoConfig: SSOConfig = {
  jwtSecret: process.env.JWT_SECRET || '',
  jwtExpiry: process.env.JWT_EXPIRY || '24h',
  refreshTokenExpiry: process.env.REFRESH_TOKEN_EXPIRY || '7d',
  sessionSecret: process.env.SESSION_SECRET || '',
  // Use only FRONTEND_URL from environment - no fallbacks
  allowedOrigins: process.env.FRONTEND_URL?.split(',').map(s => s.trim()).filter(Boolean) || [],
  // Okta/Auth0 configuration for token exchange
  oktaDomain: process.env.OKTA_DOMAIN || 'https://dev-830839.oktapreview.com',
  oktaClientId: process.env.OKTA_CLIENT_ID || '',
  oktaClientSecret: process.env.OKTA_CLIENT_SECRET || '',
  oktaApiToken: process.env.OKTA_API_TOKEN || '', // SSWS token for Users API
  // Tanflow configuration for token exchange
  tanflowBaseUrl: process.env.TANFLOW_BASE_URL || 'https://ssodev.rebridge.co.in/realms/RE',
  tanflowClientId: process.env.TANFLOW_CLIENT_ID || 'REFLOW',
  tanflowClientSecret: process.env.TANFLOW_CLIENT_SECRET || 'cfIzMlwAMF1m4QWAP5StzZbV47HIrCox',
};

export { ssoConfig };
export type { SSOUserData };