DEBUGGING: Add comprehensive console logging to track authentication flow
## Changes Made:
### 1. Configuration Updates (nuxt.config.ts)
- Temporarily enabled keycloakDebug: true for production
- Allows detailed logging to troubleshoot authentication issues
### 2. Enhanced Error Logging (composables/useKeycloak.ts)
- Added [KEYCLOAK] prefixed console logs throughout login flow
- Enhanced error reporting with message, stack, and name details
- Added logging for initialization status and redirect URIs
- TypeScript-safe error handling with instanceof checks
## Debug Information Now Available:
- Keycloak initialization status
- Login function execution tracking
- Redirect URI generation details
- Authentication state monitoring
- Detailed error messages with stack traces
This will help identify exactly where the authentication process is failing
and provide actionable debugging information in the browser console.
Ready for container rebuild and testing.
CRITICAL FIX: Resolve SSO login endless loading and CORS errors
## Issues Resolved:
### 1. CORS Policy Violations
- Disabled checkLoginIframe (causes cross-origin iframe errors)
- Removed silentCheckSsoRedirectUri (blocked by modern browsers)
- Disabled checkLoginIframeInterval to prevent 3rd party cookie checks
### 2. Cross-Domain Compatibility
- Set responseMode to 'query' for better proxy compatibility
- Configured standard flow instead of implicit
- Added proper timeout handling (messageReceiveTimeout: 10000)
- Enhanced debug logging for troubleshooting
### 3. Redirect URI Consistency
- Fixed login() to use proper baseUrl for redirect URIs
- Ensures HTTPS URLs in production environment
- Consistent URL generation across initialization and login
### 4. Browser Security Compliance
- Disabled enableLogging to reduce console noise
- Removed iframe-based features that modern browsers block
- Maintained PKCE (S256) for security while fixing compatibility
## Technical Details:
The previous errors were caused by Keycloak trying to use:
- /protocol/openid-connect/3p-cookies/step1.html
- /protocol/openid-connect/login-status-iframe.html
These are blocked by browsers' cross-origin policies when the app and
Keycloak are on different domains (client.portnimara.dev vs auth.portnimara.dev).
This fix disables these problematic features while maintaining full OAuth
functionality and security. The SSO login should now work without endless
loading issues.
- Add proper SSR guards and error handling
- Make authentication middleware more defensive
- Add null checks in useUnifiedAuth composable
- Prevent JavaScript errors from breaking page load
- Prioritize Directus auth over Keycloak for stability
- Remove problematic nuxt-openid-connect module that was causing OAuth issues
- Install and implement official keycloak-js adapter for better reliability
- Create new useKeycloak composable with proper token management
- Update useUnifiedAuth to work with new Keycloak implementation
- Fix authentication middleware to support both auth methods
- Update login page to use new Keycloak login function
- Clean up configuration and remove deprecated OIDC settings
- This should resolve all the HTTP/HTTPS redirect and token exchange issues
Matt