From 0af0035860376f2dc38a0fc80fb330c16bfd9d69 Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Fri, 18 Apr 2025 14:54:05 +0200
Subject: [PATCH] session correction sidebar items 7

---
 app/api/auth/[...nextauth]/route.ts | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 18d8cfa8..dfc310d7 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -9,6 +9,9 @@ interface KeycloakProfile {
   preferred_username?: string;
   given_name?: string;
   family_name?: string;
+  realm_access?: {
+    roles: string[];
+  };
 }
 
 declare module "next-auth" {
@@ -132,12 +135,16 @@ export const authOptions: NextAuthOptions = {
         const keycloakProfile = profile as KeycloakProfile;
         console.log('JWT callback profile:', {
           rawRoles: keycloakProfile.roles,
-          profile: keycloakProfile,
-          token: account.access_token
+          realmAccess: keycloakProfile.realm_access,
+          profile: keycloakProfile
         });
 
+        // Get roles from realm_access
+        const roles = keycloakProfile.realm_access?.roles || [];
+        console.log('JWT raw roles:', roles);
+
         // Clean up roles by removing ROLE_ prefix and converting to lowercase
-        const cleanRoles = (keycloakProfile.roles ?? []).map(role => 
+        const cleanRoles = roles.map(role => 
           role.replace(/^ROLE_/, '').toLowerCase()
         );