matt
/
port-nimara-client-portal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
port-nimara-client-portal/server/api
History
Matt c094fdd25b CRITICAL FIX: Enhanced OIDC session configuration for Keycloak authentication 
##  **Session Management Improvements:**

### **OIDC Configuration (nuxt.config.ts):**
-  Added proper session configuration with automatic refresh
-  Configured secure cookies for HTTPS production environment
-  Added OAuth scopes: ['openid', 'profile', 'email']
-  Set proper response type and grant type for Keycloak
-  Added session expiration checking and automatic refresh

### **Session Cookie Settings:**
- sameSite: 'lax' - Required for cross-domain OAuth redirects
- secure: true - Required for HTTPS in production
- expirationThreshold: 60 - Refresh tokens 60 seconds before expiry

### **Debug Tools:**
-  Added /api/debug/oidc-session endpoint to monitor session state
- Tracks cookie presence and session establishment
- Safe debugging without exposing sensitive tokens

##  **Problem Being Solved:**
User authentication succeeds with Keycloak but session expires immediately,
causing redirect back to login page instead of dashboard access.

##  **Root Cause Analysis:**
- Sessions were not being established properly after OAuth callback
- Cookie configuration was not optimized for HTTPS/production
- Missing proper OAuth scopes and session refresh configuration

##  **Expected Results:**
 Successful Keycloak authentication should now persist session
 Users should be redirected to dashboard after login
 Sessions should automatically refresh before expiry
 No more immediate redirects back to login page

##  **Next Steps:**
1. Rebuild container in Portainer with these session fixes
2. Test authentication flow end-to-end
3. Use debug endpoint to verify session establishment
4. Monitor container logs for OIDC session activity
 		2025-06-14 16:17:58 +02:00
..
debug CRITICAL FIX: Enhanced OIDC session configuration for Keycloak authentication 2025-06-14 16:17:58 +02:00
email Update logo references and email logo URL in configuration 2025-06-13 13:36:14 +02:00
eoi CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup 2025-06-12 17:36:27 +02:00
files updates 2025-06-10 16:48:40 +02:00
create-interest.ts Add debug logging and update API authentication 2025-06-09 23:19:52 +02:00
delete-interest.ts updates 2025-06-10 12:54:22 +02:00
eoi-send-to-sales.ts feat: update 2025-06-03 18:57:08 +03:00
get-berths.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
get-interest-berths.ts updates 2025-06-09 23:33:20 +02:00
get-interest-by-id.ts fixes 2025-06-11 16:05:19 +02:00
get-interests.ts updates 2025-06-09 23:33:20 +02:00
link-berth-recommendations-to-interest.ts Fix 502 errors on container restart and expand API authentication 2025-06-09 23:29:24 +02:00
link-berths-to-interest.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
request-more-info-to-sales.ts feat: update 2025-06-03 18:57:08 +03:00
request-more-information.ts feat: update 2025-06-03 18:57:08 +03:00
test-eoi-cleanup.ts CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup 2025-06-12 17:36:27 +02:00
unlink-berth-recommendations-from-interest.ts Fix 502 errors on container restart and expand API authentication 2025-06-09 23:29:24 +02:00
unlink-berths-from-interest.ts Improve email session management and add IMAP connection pooling 2025-06-12 15:53:12 +02:00
update-interest.ts fixes 2025-06-09 23:42:31 +02:00