matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Final fix for client secret reading - remove runtime config conflict and force non-null environment variable

This commit is contained in:
Matt 2025-06-14 14:39:05 +02:00
parent 2effbb74bb
commit 2ceff9a67d
2 changed files with 15 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nuxt.config.ts
View File

@ -106,23 +106,6 @@ export default defineNuxtConfig({
} }
}, },
runtimeConfig: { runtimeConfig: {
// OIDC configuration for nuxt-openid-connect module
openidConnect: {
op: {
issuer: process.env.KEYCLOAK_ISSUER,
clientId: process.env.KEYCLOAK_CLIENT_ID,
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET,
callbackUrl: "",
},
config: {
cookieFlags: {
access_token: {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
}
}
}
},
nocodb: { nocodb: {
url: "", url: "",
token: "", token: "",
@ -146,7 +129,7 @@ export default defineNuxtConfig({
op: { op: {
issuer: process.env.KEYCLOAK_ISSUER || "https://auth.portnimara.dev/realms/client-portal", issuer: process.env.KEYCLOAK_ISSUER || "https://auth.portnimara.dev/realms/client-portal",
clientId: process.env.KEYCLOAK_CLIENT_ID || "client-portal", clientId: process.env.KEYCLOAK_CLIENT_ID || "client-portal",
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET || "", clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, // Environment variable must be set
callbackUrl: "", // Deprecated in v0.8.0+ but required by types - module uses /oidc/cb automatically callbackUrl: "", // Deprecated in v0.8.0+ but required by types - module uses /oidc/cb automatically
scope: ["openid", "email", "profile"], scope: ["openid", "email", "profile"],
}, },

18
server/api/debug/oidc-config.ts
View File

@ -3,10 +3,20 @@ export default defineEventHandler((event) => {
// Return the OIDC configuration (without showing the actual secret) // Return the OIDC configuration (without showing the actual secret)
return { return {
issuer: config.openidConnect?.op?.issuer || 'NOT_SET', // Runtime config
clientId: config.openidConnect?.op?.clientId || 'NOT_SET', runtime: {
clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET', issuer: config.openidConnect?.op?.issuer || 'NOT_SET',
secretLength: config.openidConnect?.op?.clientSecret?.length || 0, clientId: config.openidConnect?.op?.clientId || 'NOT_SET',
clientSecret: config.openidConnect?.op?.clientSecret ? '***SET***' : 'NOT_SET',
secretLength: config.openidConnect?.op?.clientSecret?.length || 0,
},
// Build-time config (what the module actually uses)
buildTime: {
issuer: process.env.KEYCLOAK_ISSUER || 'NOT_SET',
clientId: process.env.KEYCLOAK_CLIENT_ID || 'NOT_SET',
clientSecret: process.env.KEYCLOAK_CLIENT_SECRET ? '***SET***' : 'NOT_SET',
secretLength: process.env.KEYCLOAK_CLIENT_SECRET?.length || 0,
},
environment: process.env.NODE_ENV, environment: process.env.NODE_ENV,
envVars: { envVars: {
KEYCLOAK_ISSUER: process.env.KEYCLOAK_ISSUER ? '***SET***' : 'NOT_SET', KEYCLOAK_ISSUER: process.env.KEYCLOAK_ISSUER ? '***SET***' : 'NOT_SET',