matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
port-nimara-client-portal/server/api
History
Matt 0ae190b255 MAJOR: Replace keycloak-js with nuxt-oidc-auth for seamless SSO integration 
##  **SOLUTION: Migrate to Server-Side OIDC Authentication**

This completely replaces the problematic keycloak-js client-side implementation
with nuxt-oidc-auth, eliminating all CORS and iframe issues.

###  **Benefits:**
- **No more CORS errors** - Server-side OAuth flow
- **No iframe dependencies** - Eliminates cross-domain issues
- **Works with nginx proxy** - No proxy configuration conflicts
- **Better security** - Tokens handled server-side
- **Cleaner integration** - Native Nuxt patterns
- **Maintains Directus compatibility** - Dual auth support

###  **Installation & Configuration:**
- Added
uxt-oidc-auth module to nuxt.config.ts
- Configured Keycloak provider with proper OIDC settings
- Updated environment variables for security keys

###  **Code Changes:**

#### **Authentication Flow:**
- **middleware/authentication.ts** - Updated to check both Directus + OIDC auth
- **composables/useUnifiedAuth.ts** - Migrated to use useOidcAuth()
- **pages/login.vue** - Updated SSO button to use oidcLogin('keycloak')

#### **Configuration:**
- **nuxt.config.ts** - Added OIDC provider configuration
- **.env.example** - Updated with nuxt-oidc-auth environment variables
- Removed old Keycloak runtime config

#### **Cleanup:**
- Removed keycloak-js dependency from package.json
- Deleted obsolete files:
  - composables/useKeycloak.ts
  - pages/auth/callback.vue
  - server/utils/keycloak-oauth.ts
  - server/api/debug/ directory

###  **Authentication Routes (Auto-Generated):**
- /auth/keycloak/login - SSO login endpoint
- /auth/keycloak/logout - SSO logout endpoint
- /auth/keycloak/callback - OAuth callback (handled automatically)

###  **Security Setup Required:**
Environment variables needed for production:
- NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET
- NUXT_OIDC_TOKEN_KEY (base64 encoded 32-byte key)
- NUXT_OIDC_SESSION_SECRET (48-character random string)
- NUXT_OIDC_AUTH_SESSION_SECRET (48-character random string)

###  **Expected Results:**
 SSO login should work without CORS errors
 Compatible with nginx proxy setup
 Maintains existing Directus authentication
 Server-side session management
 Automatic token refresh

Ready for container rebuild and production testing!
 		2025-06-14 15:58:03 +02:00
..
email Update logo references and email logo URL in configuration 2025-06-13 13:36:14 +02:00
eoi CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup 2025-06-12 17:36:27 +02:00
files updates 2025-06-10 16:48:40 +02:00
create-interest.ts Add debug logging and update API authentication 2025-06-09 23:19:52 +02:00
delete-interest.ts updates 2025-06-10 12:54:22 +02:00
eoi-send-to-sales.ts feat: update 2025-06-03 18:57:08 +03:00
get-berths.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
get-interest-berths.ts updates 2025-06-09 23:33:20 +02:00
get-interest-by-id.ts fixes 2025-06-11 16:05:19 +02:00
get-interests.ts updates 2025-06-09 23:33:20 +02:00
link-berth-recommendations-to-interest.ts Fix 502 errors on container restart and expand API authentication 2025-06-09 23:29:24 +02:00
link-berths-to-interest.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
request-more-info-to-sales.ts feat: update 2025-06-03 18:57:08 +03:00
request-more-information.ts feat: update 2025-06-03 18:57:08 +03:00
test-eoi-cleanup.ts CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup 2025-06-12 17:36:27 +02:00
unlink-berth-recommendations-from-interest.ts Fix 502 errors on container restart and expand API authentication 2025-06-09 23:29:24 +02:00
unlink-berths-from-interest.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
update-interest.ts fixes 2025-06-09 23:42:31 +02:00