diff --git a/composables/useKeycloak.ts b/composables/useKeycloak.ts index 38bd323..37c8cb1 100644 --- a/composables/useKeycloak.ts +++ b/composables/useKeycloak.ts @@ -60,14 +60,28 @@ export const useKeycloak = () => { onLoad: 'check-sso', // Use proper HTTPS redirect URI redirectUri: `${baseUrl}/auth/callback`, - silentCheckSsoRedirectUri: `${baseUrl}/silent-check-sso.html`, - checkLoginIframe: false, // Disable iframe checks for better compatibility - pkceMethod: 'S256', // Use PKCE for better security + // Disable all iframe-based features that cause CORS issues + checkLoginIframe: false, + silentCheckSsoRedirectUri: undefined, // Disable silent SSO check + enableLogging: false, // Reduce console noise + // Use standard flow compatible with proxy setups + flow: 'standard', + responseMode: 'query', // Use query params instead of fragments + // Disable third-party cookie checks + checkLoginIframeInterval: 0, + // PKCE for security + pkceMethod: 'S256', + // Timeout settings + messageReceiveTimeout: 10000, + // Disable adapter features that can cause issues in proxied environments + adapter: 'default' }) logDebug('Keycloak initialization result', { authenticated, - redirectUri: `${baseUrl}/auth/callback` + redirectUri: `${baseUrl}/auth/callback`, + checkLoginIframe: false, + silentSso: 'disabled' }) isAuthenticated.value = authenticated @@ -116,11 +130,15 @@ export const useKeycloak = () => { if (keycloak.value) { try { + const baseUrl = getBaseUrl() + logDebug('Starting login', { redirectUri: `${baseUrl}/dashboard` }) + await keycloak.value.login({ - redirectUri: window.location.origin + '/dashboard' + redirectUri: `${baseUrl}/dashboard` }) } catch (error) { console.error('Login failed:', error) + logDebug('Login error', error) throw error } }