port-nimara-client-portal/composables/useUnifiedAuth.ts

export interface UnifiedUser {
  id: string;
  email: string;
  name: string;
  username: string;
  tier?: string;
  authSource: 'keycloak';
  raw: any;
}

export const useUnifiedAuth = () => {
  // Get Keycloak auth
  const customAuth = useCustomAuth();
  
  // Create unified user object from Keycloak only
  const user = computed<UnifiedUser | null>(() => {
    if (customAuth.authenticated?.value && customAuth.user?.value) {
      const keycloakUser = customAuth.user.value as any;
      
      return {
        id: keycloakUser.id,
        email: keycloakUser.email || '',
        username: keycloakUser.username || keycloakUser.email || '',
        name: keycloakUser.name || keycloakUser.username || keycloakUser.email || 'User',
        tier: 'basic', // Could be enhanced with Keycloak attributes/roles
        authSource: 'keycloak',
        raw: keycloakUser
      };
    }
    
    return null;
  });
  
  // Unified logout function (Keycloak only)
  const logout = async () => {
    console.log('[UNIFIED_AUTH] Logging out user');
    await customAuth.logout();
  };
  
  // Check if user is authenticated
  const isAuthenticated = computed(() => !!user.value);
  
  // Get auth source (always Keycloak now)
  const authSource = computed(() => user.value?.authSource || 'keycloak');
  
  // Check if user has specific tier
  const hasTier = (tier: string) => {
    return user.value?.tier === tier;
  };
  
  // Check if user is admin (could be enhanced with Keycloak roles)
  const isAdmin = computed(() => hasTier('admin'));
  
  return {
    user: readonly(user),
    logout,
    isAuthenticated: readonly(isAuthenticated),
    authSource: readonly(authSource),
    hasTier,
    isAdmin: readonly(isAdmin),
  };
};
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`export interface UnifiedUser {`
			`id: string;`
			`email: string;`
			`name: string;`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`username: string;`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`tier?: string;`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`authSource: 'keycloak';`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`raw: any;`
			`}`

			`export const useUnifiedAuth = () => {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Get Keycloak auth`
FIX: Replace useOidcAuth with useCustomAuth in useUnifiedAuth ## Critical Fix for 500 Error: ### Issue: - useUnifiedAuth.ts was still calling useOidcAuth() which no longer exists - This was causing the 500 error when dashboard tried to load - Error: 'useOidcAuth is not defined' ### Solution: - Replaced useOidcAuth() with useCustomAuth() in unified auth - Updated logout logic to use custom Keycloak auth - Maintained dual auth support (Directus + Keycloak) ### Files Changed: - composables/useUnifiedAuth.ts - Updated to use custom auth system ## Next Step: Need to resolve TypeScript import issue for useCustomAuth composable 2025-06-15 15:54:33 +02:00			`const customAuth = useCustomAuth();`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Create unified user object from Keycloak only`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`const user = computed<UnifiedUser \| null>(() => {`
FIX: Replace useOidcAuth with useCustomAuth in useUnifiedAuth ## Critical Fix for 500 Error: ### Issue: - useUnifiedAuth.ts was still calling useOidcAuth() which no longer exists - This was causing the 500 error when dashboard tried to load - Error: 'useOidcAuth is not defined' ### Solution: - Replaced useOidcAuth() with useCustomAuth() in unified auth - Updated logout logic to use custom Keycloak auth - Maintained dual auth support (Directus + Keycloak) ### Files Changed: - composables/useUnifiedAuth.ts - Updated to use custom auth system ## Next Step: Need to resolve TypeScript import issue for useCustomAuth composable 2025-06-15 15:54:33 +02:00			`if (customAuth.authenticated?.value && customAuth.user?.value) {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`const keycloakUser = customAuth.user.value as any;`
Implement Official Keycloak JS Adapter with Proxy-Aware Configuration MAJOR ENHANCEMENT: Complete Keycloak integration with proper HTTPS/proxy handling ## Core Improvements: ### 1. Enhanced Configuration (nuxt.config.ts) - Added proxy trust configuration for nginx environments - Configured baseUrl for production HTTPS enforcement - Added debug mode configuration for development ### 2. Proxy-Aware Keycloak Composable (composables/useKeycloak.ts) - Intelligent base URL detection (production vs development) - Force HTTPS redirect URIs in production environments - Enhanced debugging and logging capabilities - Proper PKCE implementation for security - Automatic token refresh mechanism ### 3. Dual Authentication System - Updated middleware to support both Directus and Keycloak - Enhanced useUnifiedAuth for seamless auth source switching - Maintains backward compatibility with existing Directus users ### 4. OAuth Flow Implementation - Created proper callback handler (pages/auth/callback.vue) - Comprehensive error handling and user feedback - Automatic redirect to dashboard on success ### 5. Enhanced Login Experience (pages/login.vue) - Restored SSO login button with proper error handling - Maintained existing Directus login form - Clear separation between auth methods with visual divider ### 6. Comprehensive Testing Suite (pages/dashboard/keycloak-test.vue) - Real-time configuration display - Authentication status monitoring - Interactive testing tools - Detailed debug logging system ## Technical Solutions: Proxy Detection: Automatically detects nginx proxy and uses correct HTTPS URLs HTTPS Enforcement: Forces secure redirect URIs in production Error Handling: Comprehensive error catching with user-friendly messages Debug Capabilities: Enhanced logging for troubleshooting Security: Implements PKCE and secure token handling ## Infrastructure Compatibility: - Works with nginx reverse proxy setups - Compatible with Docker container networking - Handles SSL termination at proxy level - Supports both development and production environments This implementation specifically addresses the HTTP/HTTPS redirect URI mismatch that was causing 'unauthorized_client' errors in the proxy environment. 2025-06-14 15:26:26 +02:00
			`return {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`id: keycloakUser.id,`
FIX: Replace useOidcAuth with useCustomAuth in useUnifiedAuth ## Critical Fix for 500 Error: ### Issue: - useUnifiedAuth.ts was still calling useOidcAuth() which no longer exists - This was causing the 500 error when dashboard tried to load - Error: 'useOidcAuth is not defined' ### Solution: - Replaced useOidcAuth() with useCustomAuth() in unified auth - Updated logout logic to use custom Keycloak auth - Maintained dual auth support (Directus + Keycloak) ### Files Changed: - composables/useUnifiedAuth.ts - Updated to use custom auth system ## Next Step: Need to resolve TypeScript import issue for useCustomAuth composable 2025-06-15 15:54:33 +02:00			`email: keycloakUser.email \|\| '',`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`username: keycloakUser.username \|\| keycloakUser.email \|\| '',`
			`name: keycloakUser.name \|\| keycloakUser.username \|\| keycloakUser.email \|\| 'User',`
			`tier: 'basic', // Could be enhanced with Keycloak attributes/roles`
Implement Official Keycloak JS Adapter with Proxy-Aware Configuration MAJOR ENHANCEMENT: Complete Keycloak integration with proper HTTPS/proxy handling ## Core Improvements: ### 1. Enhanced Configuration (nuxt.config.ts) - Added proxy trust configuration for nginx environments - Configured baseUrl for production HTTPS enforcement - Added debug mode configuration for development ### 2. Proxy-Aware Keycloak Composable (composables/useKeycloak.ts) - Intelligent base URL detection (production vs development) - Force HTTPS redirect URIs in production environments - Enhanced debugging and logging capabilities - Proper PKCE implementation for security - Automatic token refresh mechanism ### 3. Dual Authentication System - Updated middleware to support both Directus and Keycloak - Enhanced useUnifiedAuth for seamless auth source switching - Maintains backward compatibility with existing Directus users ### 4. OAuth Flow Implementation - Created proper callback handler (pages/auth/callback.vue) - Comprehensive error handling and user feedback - Automatic redirect to dashboard on success ### 5. Enhanced Login Experience (pages/login.vue) - Restored SSO login button with proper error handling - Maintained existing Directus login form - Clear separation between auth methods with visual divider ### 6. Comprehensive Testing Suite (pages/dashboard/keycloak-test.vue) - Real-time configuration display - Authentication status monitoring - Interactive testing tools - Detailed debug logging system ## Technical Solutions: Proxy Detection: Automatically detects nginx proxy and uses correct HTTPS URLs HTTPS Enforcement: Forces secure redirect URIs in production Error Handling: Comprehensive error catching with user-friendly messages Debug Capabilities: Enhanced logging for troubleshooting Security: Implements PKCE and secure token handling ## Infrastructure Compatibility: - Works with nginx reverse proxy setups - Compatible with Docker container networking - Handles SSL termination at proxy level - Supports both development and production environments This implementation specifically addresses the HTTP/HTTPS redirect URI mismatch that was causing 'unauthorized_client' errors in the proxy environment. 2025-06-14 15:26:26 +02:00			`authSource: 'keycloak',`
FIX: Replace useOidcAuth with useCustomAuth in useUnifiedAuth ## Critical Fix for 500 Error: ### Issue: - useUnifiedAuth.ts was still calling useOidcAuth() which no longer exists - This was causing the 500 error when dashboard tried to load - Error: 'useOidcAuth is not defined' ### Solution: - Replaced useOidcAuth() with useCustomAuth() in unified auth - Updated logout logic to use custom Keycloak auth - Maintained dual auth support (Directus + Keycloak) ### Files Changed: - composables/useUnifiedAuth.ts - Updated to use custom auth system ## Next Step: Need to resolve TypeScript import issue for useCustomAuth composable 2025-06-15 15:54:33 +02:00			`raw: keycloakUser`
Implement Official Keycloak JS Adapter with Proxy-Aware Configuration MAJOR ENHANCEMENT: Complete Keycloak integration with proper HTTPS/proxy handling ## Core Improvements: ### 1. Enhanced Configuration (nuxt.config.ts) - Added proxy trust configuration for nginx environments - Configured baseUrl for production HTTPS enforcement - Added debug mode configuration for development ### 2. Proxy-Aware Keycloak Composable (composables/useKeycloak.ts) - Intelligent base URL detection (production vs development) - Force HTTPS redirect URIs in production environments - Enhanced debugging and logging capabilities - Proper PKCE implementation for security - Automatic token refresh mechanism ### 3. Dual Authentication System - Updated middleware to support both Directus and Keycloak - Enhanced useUnifiedAuth for seamless auth source switching - Maintains backward compatibility with existing Directus users ### 4. OAuth Flow Implementation - Created proper callback handler (pages/auth/callback.vue) - Comprehensive error handling and user feedback - Automatic redirect to dashboard on success ### 5. Enhanced Login Experience (pages/login.vue) - Restored SSO login button with proper error handling - Maintained existing Directus login form - Clear separation between auth methods with visual divider ### 6. Comprehensive Testing Suite (pages/dashboard/keycloak-test.vue) - Real-time configuration display - Authentication status monitoring - Interactive testing tools - Detailed debug logging system ## Technical Solutions: Proxy Detection: Automatically detects nginx proxy and uses correct HTTPS URLs HTTPS Enforcement: Forces secure redirect URIs in production Error Handling: Comprehensive error catching with user-friendly messages Debug Capabilities: Enhanced logging for troubleshooting Security: Implements PKCE and secure token handling ## Infrastructure Compatibility: - Works with nginx reverse proxy setups - Compatible with Docker container networking - Handles SSL termination at proxy level - Supports both development and production environments This implementation specifically addresses the HTTP/HTTPS redirect URI mismatch that was causing 'unauthorized_client' errors in the proxy environment. 2025-06-14 15:26:26 +02:00			`};`
			`}`

Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`return null;`
			`});`

FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Unified logout function (Keycloak only)`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`const logout = async () => {`
FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`console.log('[UNIFIED_AUTH] Logging out user');`
			`await customAuth.logout();`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`};`

			`// Check if user is authenticated`
			`const isAuthenticated = computed(() => !!user.value);`

FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Get auth source (always Keycloak now)`
			`const authSource = computed(() => user.value?.authSource \|\| 'keycloak');`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00
			`// Check if user has specific tier`
			`const hasTier = (tier: string) => {`
			`return user.value?.tier === tier;`
			`};`

FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00			`// Check if user is admin (could be enhanced with Keycloak roles)`
Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00			`const isAdmin = computed(() => hasTier('admin'));`

			`return {`
			`user: readonly(user),`
			`logout,`
			`isAuthenticated: readonly(isAuthenticated),`
			`authSource: readonly(authSource),`
			`hasTier,`
			`isAdmin: readonly(isAdmin),`
			`};`
			`};`