diff --git a/nuxt.config.ts b/nuxt.config.ts index ef070e3..46cd7bb 100644 --- a/nuxt.config.ts +++ b/nuxt.config.ts @@ -115,6 +115,15 @@ export default defineNuxtConfig({ middleware: { globalMiddlewareEnabled: false, // Disable automatic middleware - prevents redirect loops! }, + session: { + expirationCheck: true, + automaticRefresh: true, + expirationThreshold: 60, // seconds before expiry to refresh + cookie: { + sameSite: 'lax', // Required for cross-domain redirects + secure: true // Required for HTTPS in production + } + }, providers: { keycloak: { audience: 'account', @@ -126,6 +135,10 @@ export default defineNuxtConfig({ logoutRedirectUri: 'https://client.portnimara.dev', validateAccessToken: false, // Disable for Keycloak compatibility exposeIdToken: true, + // Additional session settings for Keycloak + scope: ['openid', 'profile', 'email'], + responseType: 'code', + grantType: 'authorization_code' } } }, diff --git a/server/api/debug/oidc-session.ts b/server/api/debug/oidc-session.ts new file mode 100644 index 0000000..143304e --- /dev/null +++ b/server/api/debug/oidc-session.ts @@ -0,0 +1,32 @@ +export default defineEventHandler(async (event) => { + try { + // Get cookies to check session state + const cookies = parseCookies(event) || {} + + // Check for OIDC-related cookies + const oidcCookies = Object.keys(cookies).filter(name => + name.includes('nuxt') || name.includes('oidc') || name.includes('session') + ) + + return { + success: true, + timestamp: new Date().toISOString(), + cookies: { + count: oidcCookies.length, + names: oidcCookies, + hasSession: oidcCookies.some(name => name.includes('session')) + }, + headers: { + host: getHeader(event, 'host'), + userAgent: getHeader(event, 'user-agent'), + referer: getHeader(event, 'referer') + } + } + } catch (error) { + return { + success: false, + error: error instanceof Error ? error.message : 'Unknown error', + timestamp: new Date().toISOString() + } + } +})