From 28284d7edce3e02bb29439548ca0358ace16a272 Mon Sep 17 00:00:00 2001
From: WorkClub Automation <automation@workclub.local>
Date: Fri, 20 Mar 2026 12:11:22 +0100
Subject: [PATCH] fix: Add fallback values for Keycloak environment variables
 to fix Docker build

The build was failing because KEYCLOAK_ISSUER and KEYCLOAK_CLIENT_ID
were undefined during the static generation phase. Added default values
that match the development configuration.

- Added fallback for KEYCLOAK_ISSUER
- Added fallback for KEYCLOAK_CLIENT_ID
---
 frontend/src/auth/auth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend/src/auth/auth.ts b/frontend/src/auth/auth.ts
index 8f2460c..5af27f2 100644
--- a/frontend/src/auth/auth.ts
+++ b/frontend/src/auth/auth.ts
@@ -24,7 +24,7 @@ declare module "next-auth" {
 // In Docker, the Next.js server reaches Keycloak via internal hostname
 // (keycloak:8080) but the browser uses localhost:8080. Explicit endpoint
 // URLs bypass OIDC discovery, avoiding issuer mismatch validation errors.
-const issuerPublic = process.env.KEYCLOAK_ISSUER!
+const issuerPublic = process.env.KEYCLOAK_ISSUER || 'http://localhost:8080/realms/workclub'
 const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
 const oidcPublic = `${issuerPublic}/protocol/openid-connect`
 const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`
@@ -32,7 +32,7 @@ const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openi
 export const { handlers, signIn, signOut, auth } = NextAuth({
   providers: [
     KeycloakProvider({
-      clientId: process.env.KEYCLOAK_CLIENT_ID!,
+      clientId: process.env.KEYCLOAK_CLIENT_ID || 'workclub-app',
       issuer: issuerPublic,
       authorization: {
         url: `${oidcPublic}/auth`,