feat: Configure Keycloak to use internal port 8081, explicitly define OIDC endpoints in NextAuth, and update API service Keycloak authority.

2026-03-18 14:47:57 +01:00
parent da70cf4b13
commit d295c9123e
2 changed files with 15 additions and 5 deletions
@@ -27,15 +27,23 @@ declare module "next-auth" {
 const issuerPublic = process.env.KEYCLOAK_ISSUER!
 const issuerInternal = process.env.KEYCLOAK_ISSUER_INTERNAL || issuerPublic
 const oidcPublic = `${issuerPublic}/protocol/openid-connect`
-const oidcInternal = `${issuerInternal}/protocol/openid-connect`
+const oidcInternal = `${issuerInternal.replace(':8080', ':8081')}/protocol/openid-connect`

 export const { handlers, signIn, signOut, auth } = NextAuth({
  providers: [
    KeycloakProvider({
      clientId: process.env.KEYCLOAK_CLIENT_ID!,
      issuer: issuerPublic,
+      authorization: {
+        url: `${oidcPublic}/auth`,
+        params: { scope: "openid email profile" },
+      },
+      token: `${oidcInternal}/token`,
+      userinfo: `${oidcInternal}/userinfo`,
+      jwks_endpoint: `${oidcInternal}/certs`,
    })
  ],
+  trustHost: true,
  cookies: {
    pkceCodeVerifier: {
      name: "authjs.pkce.code_verifier",