MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(auth): resolve Keycloak OIDC issuer mismatch and API proxy routing
CI Pipeline / Backend Build & Test (pull_request) Successful in 49s
Details
CI Pipeline / Frontend Lint, Test & Build (pull_request) Failing after 26s
Details
CI Pipeline / Infrastructure Validation (pull_request) Successful in 4s
Details

Browse Source 
- Bypass NextAuth OIDC discovery with explicit token/userinfo endpoints using internal Docker DNS, avoiding 'issuer string did not match' errors.
- Fix next.config.ts API route interception that incorrectly forwarded NextAuth routes to backend by using 'fallback' rewrites.
- Add 'Use different credentials' button to login page and AuthGuard for clearing stale sessions.
This commit is contained in:
WorkClub Automation
2026-03-09 14:21:03 +01:00
parent a8730245b2
commit 1322def2ea
5 changed files with 65 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/auth/auth.ts
+15 -1
View File
@@ -19,12 +19,26 @@ declare module "next-auth" {
}
}
// In Docker, the Next.js server reaches Keycloak via internal hostname
// (keycloak:8080) but the browser uses localhost:8080. Explicit endpoint
// URLs bypass OIDC discovery, avoiding issuer mismatch validation errors.
const issuerPublic = process.env.KEYCLOAK_ISSUER!
const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
const oidcPublic = `${issuerPublic}/protocol/openid-connect`
const oidcInternal = `${issuerInternal}/protocol/openid-connect`
export const { handlers, signIn, signOut, auth } = NextAuth({
providers: [
KeycloakProvider({
clientId: process.env.KEYCLOAK_CLIENT_ID!,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
issuer: process.env.KEYCLOAK_ISSUER!,
issuer: issuerPublic,
authorization: {
url: `${oidcPublic}/auth`,
params: { scope: "openid email profile" },
},
token: `${oidcInternal}/token`,
userinfo: `${oidcInternal}/userinfo`,
})
],
callbacks: {