From ad8bb2d3208713e72b8954c8f8ace3e1989e3730 Mon Sep 17 00:00:00 2001
From: WorkClub Automation <automation@workclub.local>
Date: Sat, 21 Mar 2026 21:52:03 +0100
Subject: [PATCH] Fix: Remove port 8081 hardcoding in OIDC internal URLs

The auth.ts was hardcoding port 8081 for internal Keycloak communication

but the Kubernetes Keycloak service uses port 8080, causing auth failures

Changed: oidcInternal no longer replaces 8080 with 8081
---
 frontend/src/auth/auth.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/auth/auth.ts b/frontend/src/auth/auth.ts
index 32f7033..8c056e3 100644
--- a/frontend/src/auth/auth.ts
+++ b/frontend/src/auth/auth.ts
@@ -27,7 +27,7 @@ declare module "next-auth" {
 const issuerPublic = process.env.KEYCLOAK_ISSUER || 'http://localhost:30808/realms/workclub'
 const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
 const oidcPublic = `${issuerPublic}/protocol/openid-connect`
-const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`
+const oidcInternal = `${issuerInternal}/protocol/openid-connect`
 
 export const { handlers, signIn, signOut, auth } = NextAuth({
   providers: [