// Login endpoint - redirects to Authentik OAuth2
export default defineEventHandler(async (event) => {
  const config = useRuntimeConfig();
  
  // Redirect to Authentik login
  const authUrl = new URL('/application/o/authorize/', config.public.authentikUrl);
  authUrl.searchParams.append('client_id', config.authentik.clientId);
  authUrl.searchParams.append('redirect_uri', `${config.public.appUrl}/api/auth/callback`);
  authUrl.searchParams.append('response_type', 'code');
  authUrl.searchParams.append('scope', 'openid profile email');
  
  return sendRedirect(event, authUrl.toString());
});