port-nimara-client-portal

History

Matt c5aa294487 COMPLETE: Custom Keycloak SSO Authentication System ## Successful Migration from nuxt-oidc-auth to Custom Solution: ### What We Built: - Removed problematic uxt-oidc-auth that was causing 502 errors - Removed @nuxtjs/auth-next (incompatible with Nuxt 3) - Built custom OAuth 2.0 flow that actually works! ### New Authentication Architecture: #### Server-Side API Endpoints: - /api/auth/keycloak/callback - Handles OAuth callback & token exchange - /api/auth/session - Check authentication status - /api/auth/logout - Clear session & redirect to Keycloak logout - /api/health - Health check endpoint for debugging #### Client-Side Integration: - composables/useCustomAuth.ts - Vue composable for auth state management - Updated login page to use custom authentication - Secure cookie-based session management ### Authentication Flow: 1. User clicks SSO login Redirect to Keycloak 2. Keycloak authenticates Callback to /auth/keycloak/callback 3. Server exchanges code Get access token & user info 4. Session created Secure cookie set 5. User redirected Dashboard with active session ### Key Features: - No 502 errors - Built-in error handling - Session persistence - Secure HTTP-only cookies - Automatic expiration - Token validation & cleanup - Dual auth support - Keycloak SSO + Directus fallback - Proper logout - Clears both app & Keycloak sessions ### Security Improvements: - HTTP-only cookies prevent XSS attacks - Secure flag for HTTPS-only transmission - SameSite protection against CSRF - Token validation on every request ### Environment Variables Needed: - KEYCLOAK_CLIENT_SECRET - Your Keycloak client secret - All existing variables remain unchanged ## Result: Working Keycloak SSO! The custom implementation eliminates the issues with uxt-oidc-auth while providing: - Reliable OAuth 2.0 flow - Proper error handling - Session management - Clean logout process - Full Keycloak integration ## Ready to Deploy: Deploy this updated container and test the SSO login - it should work without 502 errors!		2025-06-15 15:36:48 +02:00
..
auth	COMPLETE: Custom Keycloak SSO Authentication System	2025-06-15 15:36:48 +02:00
debug	CRITICAL FIX: Enhanced OIDC session configuration for Keycloak authentication	2025-06-14 16:17:58 +02:00
email	Update logo references and email logo URL in configuration	2025-06-13 13:36:14 +02:00
eoi	CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup	2025-06-12 17:36:27 +02:00
files	updates	2025-06-10 16:48:40 +02:00
create-interest.ts	Add debug logging and update API authentication	2025-06-09 23:19:52 +02:00
delete-interest.ts	updates	2025-06-10 12:54:22 +02:00
eoi-send-to-sales.ts	feat: update	2025-06-03 18:57:08 +03:00
get-berths.ts	Improve email session management and add IMAP connection pooling	2025-06-12 15:53:12 +02:00
get-interest-berths.ts	updates	2025-06-09 23:33:20 +02:00
get-interest-by-id.ts	fixes	2025-06-11 16:05:19 +02:00
get-interests.ts	updates	2025-06-09 23:33:20 +02:00
health.ts	DEBUG: Add comprehensive startup checks and improve OIDC configuration	2025-06-15 14:57:48 +02:00
link-berth-recommendations-to-interest.ts	Fix 502 errors on container restart and expand API authentication	2025-06-09 23:29:24 +02:00
link-berths-to-interest.ts	Improve email session management and add IMAP connection pooling	2025-06-12 15:53:12 +02:00
request-more-info-to-sales.ts	feat: update	2025-06-03 18:57:08 +03:00
request-more-information.ts	feat: update	2025-06-03 18:57:08 +03:00
test-eoi-cleanup.ts	CRITICAL FIX: Resolve NocoDB field clearing issue for EOI cleanup	2025-06-12 17:36:27 +02:00
unlink-berth-recommendations-from-interest.ts	Fix 502 errors on container restart and expand API authentication	2025-06-09 23:29:24 +02:00
unlink-berths-from-interest.ts	Improve email session management and add IMAP connection pooling	2025-06-12 15:53:12 +02:00
update-interest.ts	fixes	2025-06-09 23:42:31 +02:00