Extract session management logic from middleware into reusable SessionManager utility to improve reliability, reduce code duplication, and prevent thundering herd issues with jittered cache expiry.
- Implement authorization middleware and composables for role checking
- Add groups/roles support to authentication and session management
- Create admin dashboard pages and API endpoints
- Add audit logging utility for tracking user actions
- Enhance expense page with role-based access control
- Improve session caching with authorization state management
## **Fixed 502 Error After Login:**
### **Issue:**
- After successful Keycloak authentication, users got 502 Bad Gateway error
- Middleware was still trying to use removed useOidcAuth() composable
- This caused the app to crash when accessing dashboard
### **Solution:**
- Replaced useOidcAuth() with direct session API call
- Uses /api/auth/session endpoint to check authentication
- Maintains dual auth support (Directus + Keycloak)
- Added proper error handling to prevent crashes
### **Authentication Flow Now:**
1. **Check Directus auth** first (existing users)
2. **Check custom Keycloak session** via API call
3. **Allow access** if either authentication succeeds
4. **Redirect to login** if no authentication found
### **Files Changed:**
- middleware/authentication.ts - Updated to use custom auth system
## **Result:**
The complete authentication flow should now work:
1. Login via Keycloak SSO
2. Token exchange and session creation
3. Middleware validates session properly
4. Dashboard loads without 502 errors
## **Ready to Test:**
Deploy and test the complete SSO flow - should work end-to-end!
- Disable Keycloak integration in authentication middleware
- Update useUnifiedAuth to only use Directus authentication
- Rebuild login page with only Directus auth form
- Remove all Keycloak references that were causing JavaScript errors
- This restores the application to working state with Directus auth only
Application should now load and function normally. Keycloak can be re-enabled later once issues are resolved.
- Add proper SSR guards and error handling
- Make authentication middleware more defensive
- Add null checks in useUnifiedAuth composable
- Prevent JavaScript errors from breaking page load
- Prioritize Directus auth over Keycloak for stability
- Remove problematic nuxt-openid-connect module that was causing OAuth issues
- Install and implement official keycloak-js adapter for better reliability
- Create new useKeycloak composable with proper token management
- Update useUnifiedAuth to work with new Keycloak implementation
- Fix authentication middleware to support both auth methods
- Update login page to use new Keycloak login function
- Clean up configuration and remove deprecated OIDC settings
- This should resolve all the HTTP/HTTPS redirect and token exchange issues
Matt
Ron