Final fix for client secret reading - remove runtime config conflict and force non-null environment variable

2025-06-14 14:39:05 +02:00 · 2025-06-14 14:39:05 +02:00 · 2ceff9a67d
parent 2effbb74bb
commit 2ceff9a67d
2 changed files with 15 additions and 22 deletions
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@ -106,23 +106,6 @@ export default defineNuxtConfig({
    }
  },
  runtimeConfig: {
-    // OIDC configuration for nuxt-openid-connect module
-    openidConnect: {
-      op: {
-        issuer: process.env.KEYCLOAK_ISSUER,
-        clientId: process.env.KEYCLOAK_CLIENT_ID,
-        clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
-        callbackUrl: "",
-      },
-      config: {
-        cookieFlags: {
-          access_token: {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-          }
-        }
-      }
-    },
    nocodb: {
      url: "",
      token: "",
@ -146,7 +129,7 @@ export default defineNuxtConfig({
    op: {
      issuer: process.env.KEYCLOAK_ISSUER || "https://auth.portnimara.dev/realms/client-portal",
      clientId: process.env.KEYCLOAK_CLIENT_ID || "client-portal",
-      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "",
+      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, // Environment variable must be set
      callbackUrl: "", // Deprecated in v0.8.0+ but required by types - module uses /oidc/cb automatically
      scope: ["openid", "email", "profile"],
    },
--- a/server/api/debug/oidc-config.ts
+++ b/server/api/debug/oidc-config.ts
@ -3,10 +3,20 @@ export default defineEventHandler((event) => {
  
  // Return the OIDC configuration (without showing the actual secret)
  return {
-    issuer: config.openidConnect?.op?.issuer || 'NOT_SET',
-    clientId: config.openidConnect?.op?.clientId || 'NOT_SET',
-    clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET',
-    secretLength: config.openidConnect?.op?.clientSecret?.length || 0,
+    // Runtime config
+    runtime: {
+      issuer: config.openidConnect?.op?.issuer || 'NOT_SET',
+      clientId: config.openidConnect?.op?.clientId || 'NOT_SET',
+      clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET',
+      secretLength: config.openidConnect?.op?.clientSecret?.length || 0,
+    },
+    // Build-time config (what the module actually uses)
+    buildTime: {
+      issuer: process.env.KEYCLOAK_ISSUER || 'NOT_SET',
+      clientId: process.env.KEYCLOAK_CLIENT_ID || 'NOT_SET',
+      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET ? '***SET***' : 'NOT_SET',
+      secretLength: process.env.KEYCLOAK_CLIENT_SECRET?.length || 0,
+    },
    environment: process.env.NODE_ENV,
    envVars: {
      KEYCLOAK_ISSUER: process.env.KEYCLOAK_ISSUER ? '***SET***' : 'NOT_SET',