From ef52935c35003ce420f89ace842efed6b414efe3 Mon Sep 17 00:00:00 2001
From: Alma <alma@MacBook-Air-de-Alma.local>
Date: Wed, 9 Apr 2025 23:19:59 +0200
Subject: [PATCH] update widget token  mail 3

---
 app/api/auth/[...nextauth]/route.ts | 56 ++++++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 88422676..3f021614 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -1,21 +1,61 @@
 import NextAuth, { NextAuthOptions } from "next-auth";
 import KeycloakProvider from "next-auth/providers/keycloak";
 
+declare module "next-auth" {
+  interface Session {
+    user: {
+      id: string;
+      name?: string | null;
+      email?: string | null;
+      image?: string | null;
+      username: string;
+      first_name: string;
+      last_name: string;
+      role: string[];
+    };
+    accessToken: string;
+  }
+
+  interface JWT {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpires: number;
+    role: string[];
+    username: string;
+    first_name: string;
+    last_name: string;
+  }
+}
+
 export const authOptions: NextAuthOptions = {
   providers: [
     KeycloakProvider({
       clientId: process.env.KEYCLOAK_CLIENT_ID!,
       clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
       issuer: process.env.KEYCLOAK_ISSUER!,
+      profile(profile) {
+        return {
+          id: profile.sub,
+          name: profile.name ?? profile.preferred_username,
+          email: profile.email,
+          first_name: profile.given_name ?? '',
+          last_name: profile.family_name ?? '',
+          username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '',
+          role: profile.groups ?? [],
+        }
+      },
     }),
   ],
   callbacks: {
     async jwt({ token, account, profile }) {
-      if (account) {
+      if (account && profile) {
         token.accessToken = account.access_token;
         token.refreshToken = account.refresh_token;
         token.accessTokenExpires = account.expires_at! * 1000;
-        token.role = profile?.groups || [];
+        token.role = (profile as any).groups ?? [];
+        token.username = (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '';
+        token.first_name = (profile as any).given_name ?? '';
+        token.last_name = (profile as any).family_name ?? '';
         return token;
       }
 
@@ -62,14 +102,14 @@ export const authOptions: NextAuthOptions = {
         throw new Error("RefreshAccessTokenError");
       }
 
-      session.accessToken = token.accessToken as string;
+      session.accessToken = token.accessToken;
       session.user = {
         ...session.user,
-        id: token.sub,
-        first_name: token.first_name,
-        last_name: token.last_name,
-        username: token.username,
-        role: token.role || [],
+        id: token.sub as string,
+        first_name: token.first_name ?? '',
+        last_name: token.last_name ?? '',
+        username: token.username ?? '',
+        role: token.role ?? [],
       };
       return session;
     },