MasterMito/work-club-manager
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(auth): resolve Keycloak OIDC issuer mismatch and API proxy routing
Some checks failed
CI Pipeline / Backend Build & Test (pull_request) Successful in 49s
Details
CI Pipeline / Frontend Lint, Test & Build (pull_request) Failing after 26s
Details
CI Pipeline / Infrastructure Validation (pull_request) Successful in 4s
Details

Browse Source 
- Bypass NextAuth OIDC discovery with explicit token/userinfo endpoints using internal Docker DNS, avoiding 'issuer string did not match' errors.
- Fix next.config.ts API route interception that incorrectly forwarded NextAuth routes to backend by using 'fallback' rewrites.
- Add 'Use different credentials' button to login page and AuthGuard for clearing stale sessions.
This commit is contained in:
WorkClub Automation
2026-03-09 14:21:03 +01:00
parent a8730245b2
commit 1322def2ea
5 changed files with 65 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
frontend/src/app/login/page.tsx
View File

@@ -1,16 +1,17 @@
'use client';
import { useEffect } from 'react';
import { signIn, useSession } from 'next-auth/react';
import { useRouter } from 'next/navigation';
import { Card, CardHeader, CardTitle, CardContent } from '@/components/ui/card';
import { signIn, signOut, useSession } from 'next-auth/react';
import { useRouter, useSearchParams } from 'next/navigation';
import { Card, CardHeader, CardTitle, CardContent, CardFooter } from '@/components/ui/card';
import { Button } from '@/components/ui/button';
export default function LoginPage() {
const { status } = useSession();
const router = useRouter();
const searchParams = useSearchParams();
const hasError = searchParams.get('error') || searchParams.get('callbackUrl');
// Redirect to dashboard if already authenticated
useEffect(() => {
if (status === 'authenticated') {
router.push('/dashboard');
@@ -21,17 +22,34 @@ export default function LoginPage() {
signIn('keycloak', { callbackUrl: '/dashboard' });
};
const handleSwitchAccount = () => {
const keycloakLogoutUrl = `${process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'}/protocol/openid-connect/logout?redirect_uri=${encodeURIComponent(window.location.origin + '/login')}`;
signOut({ redirect: false }).then(() => {
window.location.href = keycloakLogoutUrl;
});
};
return (
<div className="flex items-center justify-center min-h-screen bg-gray-50">
<Card className="w-96">
<CardHeader>
<CardTitle className="text-2xl text-center">WorkClub Manager</CardTitle>
</CardHeader>
<CardContent>
<CardContent className="space-y-3">
<Button onClick={handleSignIn} className="w-full">
Sign in with Keycloak
</Button>
<Button variant="outline" onClick={handleSwitchAccount} className="w-full">
Use different credentials
</Button>
</CardContent>
{hasError && (
<CardFooter>
<p className="text-sm text-muted-foreground text-center w-full">
Having trouble? Try &quot;Use different credentials&quot; to clear your session.
</p>
</CardFooter>
)}
</Card>
</div>
);