session correction sidebar items 8

2025-04-18 15:05:21 +02:00 · 2025-04-18 15:05:21 +02:00 · c3ba88177a
commit c3ba88177a
parent 4e19f9b3bd
1 changed files with 13 additions and 6 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -96,22 +96,23 @@ export const authOptions: NextAuthOptions = {
        }
      },
      profile(profile) {
-        console.log('Keycloak profile:', {
+        console.log('Keycloak profile callback:', {
+          rawProfile: profile,
          rawRoles: profile.roles,
          realmAccess: profile.realm_access,
-          profile
+          groups: profile.groups
        });

        // Get roles from realm_access
        const roles = profile.realm_access?.roles || [];
-        console.log('Raw roles from Keycloak:', roles);
+        console.log('Profile callback raw roles:', roles);

        // Clean up roles by removing ROLE_ prefix and converting to lowercase
        const cleanRoles = roles.map((role: string) => 
          role.replace(/^ROLE_/, '').toLowerCase()
        );

-        console.log('Cleaned roles:', cleanRoles);
+        console.log('Profile callback cleaned roles:', cleanRoles);

        return {
          id: profile.sub,
@ -131,6 +132,12 @@ export const authOptions: NextAuthOptions = {
  },
  callbacks: {
    async jwt({ token, account, profile }) {
+      console.log('JWT callback start:', {
+        hasAccount: !!account,
+        hasProfile: !!profile,
+        token
+      });
+
      if (account && profile) {
        const keycloakProfile = profile as KeycloakProfile;
        console.log('JWT callback profile:', {
@ -141,14 +148,14 @@ export const authOptions: NextAuthOptions = {

        // Get roles from realm_access
        const roles = keycloakProfile.realm_access?.roles || [];
-        console.log('JWT raw roles:', roles);
+        console.log('JWT callback raw roles:', roles);

        // Clean up roles by removing ROLE_ prefix and converting to lowercase
        const cleanRoles = roles.map((role: string) => 
          role.replace(/^ROLE_/, '').toLowerCase()
        );

-        console.log('JWT cleaned roles:', cleanRoles);
+        console.log('JWT callback cleaned roles:', cleanRoles);

        token.accessToken = account.access_token ?? '';
        token.refreshToken = account.refresh_token ?? '';