MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Remove localhost:3000 from Keycloak redirect URIs and web origins
CI Pipeline / Backend Build & Test (push) Successful in 50s
Details
CI Pipeline / Frontend Lint, Test & Build (push) Successful in 32s
Details
CI Pipeline / Infrastructure Validation (push) Successful in 4s
Details

Browse Source 
- Removed localhost:3000/* from redirectUris in realm-export.json
- Removed localhost:3000 from webOrigins in realm-export.json
- Removed localhost:3000/* from post.logout.redirect.uris
- Removed localhost:3000 from keycloak-realm-import-configmap.yaml
- Updated running Keycloak instance via kcadm.sh

Only port 30080 is now configured for OAuth redirects.
This commit is contained in:
WorkClub Automation
2026-03-20 22:39:15 +01:00
parent 956c3ead0c
commit a5ebecc8b5
9 changed files with 37 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/auth/auth.ts
+1 -1
View File
@@ -24,7 +24,7 @@ declare module "next-auth" {
// In Docker, the Next.js server reaches Keycloak via internal hostname
// (keycloak:8080) but the browser uses localhost:8080. Explicit endpoint
// URLs bypass OIDC discovery, avoiding issuer mismatch validation errors.
const issuerPublic = process.env.KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'
const issuerPublic = process.env.KEYCLOAK_ISSUER || 'http://localhost:30808/realms/workclub'
const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
const oidcPublic = `${issuerPublic}/protocol/openid-connect`
const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`