From c3ba88177a4adb71f6b2ccdb2245330efd2cc713 Mon Sep 17 00:00:00 2001
From: alma <alma@governance-labs.org>
Date: Fri, 18 Apr 2025 15:05:21 +0200
Subject: [PATCH] session correction sidebar items 8

---
 app/api/auth/[...nextauth]/route.ts | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index cbb2f693..15b13778 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -96,22 +96,23 @@ export const authOptions: NextAuthOptions = {
         }
       },
       profile(profile) {
-        console.log('Keycloak profile:', {
+        console.log('Keycloak profile callback:', {
+          rawProfile: profile,
           rawRoles: profile.roles,
           realmAccess: profile.realm_access,
-          profile
+          groups: profile.groups
         });
 
         // Get roles from realm_access
         const roles = profile.realm_access?.roles || [];
-        console.log('Raw roles from Keycloak:', roles);
+        console.log('Profile callback raw roles:', roles);
 
         // Clean up roles by removing ROLE_ prefix and converting to lowercase
         const cleanRoles = roles.map((role: string) => 
           role.replace(/^ROLE_/, '').toLowerCase()
         );
 
-        console.log('Cleaned roles:', cleanRoles);
+        console.log('Profile callback cleaned roles:', cleanRoles);
 
         return {
           id: profile.sub,
@@ -131,6 +132,12 @@ export const authOptions: NextAuthOptions = {
   },
   callbacks: {
     async jwt({ token, account, profile }) {
+      console.log('JWT callback start:', {
+        hasAccount: !!account,
+        hasProfile: !!profile,
+        token
+      });
+
       if (account && profile) {
         const keycloakProfile = profile as KeycloakProfile;
         console.log('JWT callback profile:', {
@@ -141,14 +148,14 @@ export const authOptions: NextAuthOptions = {
 
         // Get roles from realm_access
         const roles = keycloakProfile.realm_access?.roles || [];
-        console.log('JWT raw roles:', roles);
+        console.log('JWT callback raw roles:', roles);
 
         // Clean up roles by removing ROLE_ prefix and converting to lowercase
         const cleanRoles = roles.map((role: string) => 
           role.replace(/^ROLE_/, '').toLowerCase()
         );
 
-        console.log('JWT cleaned roles:', cleanRoles);
+        console.log('JWT callback cleaned roles:', cleanRoles);
 
         token.accessToken = account.access_token ?? '';
         token.refreshToken = account.refresh_token ?? '';