cleaning hard 2

app/api/auth/[...nextauth]/route.ts

@@ -109,10 +109,6 @@ export const authOptions: NextAuthOptions = {
   },
   callbacks: {
     async jwt({ token, account, profile, user }: any) {
-      console.log("JWT CALLBACK TRIGGERED with token keys:", Object.keys(token));
-      console.log("JWT CALLBACK - Has account?", !!account);
-      console.log("JWT CALLBACK - Has user?", !!user);
-      
       // Initial sign in
       if (account && account.access_token) {
         console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
@@ -215,9 +211,6 @@ export const authOptions: NextAuthOptions = {
       return token;
     },
     async session({ session, token }: any) {
-      console.log("SESSION CALLBACK TRIGGERED with token keys:", Object.keys(token));
-      console.log("SESSION CALLBACK - Token role:", token.role);
-      
       // Pass necessary info to the session
       session.accessToken = token.accessToken;
       if (session.user) {
@@ -271,12 +264,9 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
   // This helps in case Keycloak isn't properly configured
   let appRoles: string[] = ['user']; // Always include 'user' role
   
-  // Create a lowercase lookup for each of the original roles for easier comparison
-  const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase());
-  
   // The mappings object maps Keycloak role names to application role names
   const mappings: Record<string, string[]> = {
-    // Map Keycloak roles to your application's role names (all lowercase for comparison)
+    // Map Keycloak roles to your application's role names
     'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
@@ -287,52 +277,53 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
     'mediator': ['mediation'],
     'entrepreneur': ['entrepreneurship'],
     
-    // Exact matches for capitalized roles from Keycloak token
+    // Support for capitalized role names from Keycloak
-    'expression': ['expression'],
+    'Expression': ['expression'],
-    'mediation': ['mediation'],
+    'Mediation': ['mediation'],
-    'coding': ['coding'],
+    'DataIntelligence': ['dataintelligence'],
-    'dataintelligence': ['dataintelligence'],
+    'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
+    
+    // Common prefixed variants
+    'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
+    'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
+    'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
     
     // Default access roles from Keycloak
     'default-roles-cercle': ['user'],
     'uma_authorization': ['user'],
     'offline_access': ['user'],
+    
+    // Direct mapping for flexibility
+    'expression': ['expression'],
+    'mediation': ['mediation'],
+    'coding': ['coding'],
+    'dataintelligence': ['dataintelligence'],
+    'entrepreneurship': ['entrepreneurship'],
   };
   
-  // Check for known roles in the lowercase list
+  // Try to match each role with our mappings
-  for (const role of lowercaseRoles) {
+  for (const role of keycloakRoles) {
-    // Process the role to remove common prefixes
+    // Try different variations of the role name
-    const normalizedRole = role
+    const normalizedRole = role.toLowerCase()
       .replace(/^role_/i, '')   // Remove ROLE_ prefix
       .replace(/^realm_/i, '')  // Remove REALM_ prefix
       .replace(/^app_/i, '');   // Remove APP_ prefix
       
     console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
     
-    // Check for direct match with normalized role
+    // Check for direct match
     if (mappings[normalizedRole]) {
       appRoles = [...appRoles, ...mappings[normalizedRole]];
       console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
     }
-    
+    // Check for partial matches
-    // Special direct mappings for common Keycloak role patterns
+    else {
-    if (normalizedRole === 'expression' || role.includes('expression')) {
+      for (const [mapKey, mapRoles] of Object.entries(mappings)) {
-      appRoles.push('expression');
+        if (normalizedRole.includes(mapKey)) {
+          appRoles = [...appRoles, ...mapRoles];
+          console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`);
         }
-    if (normalizedRole === 'mediation' || role.includes('mediation')) {
-      appRoles.push('mediation');
       }
-    if (normalizedRole === 'admin' || role.includes('admin')) {
-      appRoles.push('admin');
-    }
-    if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) {
-      appRoles.push('dataintelligence');
-    }
-    if (normalizedRole === 'coding' || role.includes('coding')) {
-      appRoles.push('coding');
-    }
-    if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) {
-      appRoles.push('entrepreneurship');
     }
   }