matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
187 Commits 1 Branch 0 Tags 2.5 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
Matt a7df6834d7 FEAT: Migrate authentication system from Directus to Keycloak, implementing token refresh and enhancing session management 2025-06-15 17:37:14 +02:00
Matt 81316a4294 FIX: Replace useOidcAuth with useCustomAuth in useUnifiedAuth 
##  **Critical Fix for 500 Error:**

### **Issue:**
- useUnifiedAuth.ts was still calling useOidcAuth() which no longer exists
- This was causing the 500 error when dashboard tried to load
- Error: 'useOidcAuth is not defined'

### **Solution:**
-  Replaced useOidcAuth() with useCustomAuth() in unified auth
-  Updated logout logic to use custom Keycloak auth
-  Maintained dual auth support (Directus + Keycloak)

### **Files Changed:**
- composables/useUnifiedAuth.ts - Updated to use custom auth system

##  **Next Step:**
Need to resolve TypeScript import issue for useCustomAuth composable
 2025-06-15 15:54:33 +02:00
Matt 0ae190b255 MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration 
##  **SOLUTION: Migrate to Server-Side OIDC Authentication**

This completely replaces the problematic keycloak-js client-side implementation
with nuxt-oidc-auth, eliminating all CORS and iframe issues.

###  **Benefits:**
- **No more CORS errors** - Server-side OAuth flow
- **No iframe dependencies** - Eliminates cross-domain issues
- **Works with nginx proxy** - No proxy configuration conflicts
- **Better security** - Tokens handled server-side
- **Cleaner integration** - Native Nuxt patterns
- **Maintains Directus compatibility** - Dual auth support

###  **Installation & Configuration:**
- Added
uxt-oidc-auth module to nuxt.config.ts
- Configured Keycloak provider with proper OIDC settings
- Updated environment variables for security keys

###  **Code Changes:**

#### **Authentication Flow:**
- **middleware/authentication.ts** - Updated to check both Directus + OIDC auth
- **composables/useUnifiedAuth.ts** - Migrated to use useOidcAuth()
- **pages/login.vue** - Updated SSO button to use oidcLogin('keycloak')

#### **Configuration:**
- **nuxt.config.ts** - Added OIDC provider configuration
- **.env.example** - Updated with nuxt-oidc-auth environment variables
- Removed old Keycloak runtime config

#### **Cleanup:**
- Removed keycloak-js dependency from package.json
- Deleted obsolete files:
  - composables/useKeycloak.ts
  - pages/auth/callback.vue
  - server/utils/keycloak-oauth.ts
  - server/api/debug/ directory

###  **Authentication Routes (Auto-Generated):**
- /auth/keycloak/login - SSO login endpoint
- /auth/keycloak/logout - SSO logout endpoint
- /auth/keycloak/callback - OAuth callback (handled automatically)

###  **Security Setup Required:**
Environment variables needed for production:
- NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET
- NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key)
- NUXT_OIDC_SESSION_SECRET (48-character random string)
- NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string)

###  **Expected Results:**
 SSO login should work without CORS errors
 Compatible with nginx proxy setup
 Maintains existing Directus authentication
 Server-side session management
 Automatic token refresh

Ready for container rebuild and production testing!
 2025-06-14 15:58:03 +02:00
Matt 0c9cd89667 Implement Official Keycloak JS Adapter with Proxy-Aware Configuration 
MAJOR ENHANCEMENT: Complete Keycloak integration with proper HTTPS/proxy handling

## Core Improvements:

### 1. Enhanced Configuration (nuxt.config.ts)
- Added proxy trust configuration for nginx environments
- Configured baseUrl for production HTTPS enforcement
- Added debug mode configuration for development

### 2. Proxy-Aware Keycloak Composable (composables/useKeycloak.ts)
- Intelligent base URL detection (production vs development)
- Force HTTPS redirect URIs in production environments
- Enhanced debugging and logging capabilities
- Proper PKCE implementation for security
- Automatic token refresh mechanism

### 3. Dual Authentication System
- Updated middleware to support both Directus and Keycloak
- Enhanced useUnifiedAuth for seamless auth source switching
- Maintains backward compatibility with existing Directus users

### 4. OAuth Flow Implementation
- Created proper callback handler (pages/auth/callback.vue)
- Comprehensive error handling and user feedback
- Automatic redirect to dashboard on success

### 5. Enhanced Login Experience (pages/login.vue)
- Restored SSO login button with proper error handling
- Maintained existing Directus login form
- Clear separation between auth methods with visual divider

### 6. Comprehensive Testing Suite (pages/dashboard/keycloak-test.vue)
- Real-time configuration display
- Authentication status monitoring
- Interactive testing tools
- Detailed debug logging system

## Technical Solutions:

 **Proxy Detection**: Automatically detects nginx proxy and uses correct HTTPS URLs
 **HTTPS Enforcement**: Forces secure redirect URIs in production
 **Error Handling**: Comprehensive error catching with user-friendly messages
 **Debug Capabilities**: Enhanced logging for troubleshooting
 **Security**: Implements PKCE and secure token handling

## Infrastructure Compatibility:
- Works with nginx reverse proxy setups
- Compatible with Docker container networking
- Handles SSL termination at proxy level
- Supports both development and production environments

This implementation specifically addresses the HTTP/HTTPS redirect URI mismatch
that was causing 'unauthorized_client' errors in the proxy environment.
 2025-06-14 15:26:26 +02:00
Matt fa35fcd235 CRITICAL: Temporarily disable Keycloak to restore application functionality 
- Disable Keycloak integration in authentication middleware
- Update useUnifiedAuth to only use Directus authentication
- Rebuild login page with only Directus auth form
- Remove all Keycloak references that were causing JavaScript errors
- This restores the application to working state with Directus auth only

Application should now load and function normally. Keycloak can be re-enabled later once issues are resolved.
 2025-06-14 15:07:41 +02:00
Matt 8c7bf4cc00 Fix SSR and defensive coding for Keycloak integration 
- Add proper SSR guards and error handling
- Make authentication middleware more defensive
- Add null checks in useUnifiedAuth composable
- Prevent JavaScript errors from breaking page load
- Prioritize Directus auth over Keycloak for stability
 2025-06-14 15:01:45 +02:00
Matt a797c13867 MAJOR: Replace nuxt-openid-connect with official Keycloak JS adapter 
- Remove problematic nuxt-openid-connect module that was causing OAuth issues
- Install and implement official keycloak-js adapter for better reliability
- Create new useKeycloak composable with proper token management
- Update useUnifiedAuth to work with new Keycloak implementation
- Fix authentication middleware to support both auth methods
- Update login page to use new Keycloak login function
- Clean up configuration and remove deprecated OIDC settings
- This should resolve all the HTTP/HTTPS redirect and token exchange issues
 2025-06-14 14:50:29 +02:00
Matt 5f8720bb63 Implement Keycloak authentication integration and unify user management 2025-06-14 14:09:56 +02:00