From b4cfe735ede036482a511c32801a226171b2f5c6 Mon Sep 17 00:00:00 2001
From: Alma <alma@MacBook-Air-de-Alma.local>
Date: Sat, 12 Apr 2025 14:36:35 +0200
Subject: [PATCH] working leantime widget 39

---
 app/api/auth/[...nextauth]/route.ts | 51 +++++++++++++++++------------
 1 file changed, 30 insertions(+), 21 deletions(-)

diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts
index 556b766c..7b25923a 100644
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@@ -27,13 +27,22 @@ declare module "next-auth" {
   }
 }
 
+function getRequiredEnvVar(name: string): string {
+  const value = process.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+
 export const authOptions: NextAuthOptions = {
   providers: [
     KeycloakProvider({
-      clientId: process.env.KEYCLOAK_CLIENT_ID!,
-      clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!,
-      issuer: process.env.KEYCLOAK_ISSUER!,
+      clientId: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
+      clientSecret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
+      issuer: getRequiredEnvVar("KEYCLOAK_ISSUER"),
       profile(profile) {
+        console.log("Keycloak profile:", profile);
         return {
           id: profile.sub,
           name: profile.name ?? profile.preferred_username,
@@ -48,6 +57,10 @@ export const authOptions: NextAuthOptions = {
   ],
   callbacks: {
     async jwt({ token, account, profile }) {
+      console.log("JWT callback - token:", token);
+      console.log("JWT callback - account:", account);
+      console.log("JWT callback - profile:", profile);
+
       if (account && profile) {
         token.accessToken = account.access_token;
         token.refreshToken = account.refresh_token;
@@ -66,21 +79,10 @@ export const authOptions: NextAuthOptions = {
 
       try {
         // Token has expired, try to refresh it
-        function isNonEmptyString(value: string | undefined): value is string {
-          return typeof value === 'string' && value.length > 0;
-        }
-
-        const clientId = process.env.KEYCLOAK_CLIENT_ID;
-        const clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;
-
-        if (!isNonEmptyString(clientId) || !isNonEmptyString(clientSecret)) {
-          throw new Error("Missing required environment variables for token refresh");
-        }
-
-        // After the type guard check, we can safely assert these as strings
-        const validClientId = clientId as string;
-        const validClientSecret = clientSecret as string;
+        const clientId = getRequiredEnvVar("KEYCLOAK_CLIENT_ID");
+        const clientSecret = getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET");
 
+        console.log("Attempting to refresh token...");
         const response = await fetch(
           `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
           {
@@ -90,14 +92,15 @@ export const authOptions: NextAuthOptions = {
             },
             body: new URLSearchParams({
               grant_type: "refresh_token",
-              client_id: validClientId,
-              client_secret: validClientSecret,
+              client_id: clientId,
+              client_secret: clientSecret,
               refresh_token: token.refreshToken as string,
             }),
           }
         );
 
         const tokens = await response.json();
+        console.log("Token refresh response:", tokens);
 
         if (!response.ok) {
           console.error("Token refresh failed:", tokens);
@@ -122,7 +125,11 @@ export const authOptions: NextAuthOptions = {
     },
 
     async session({ session, token }) {
+      console.log("Session callback - session:", session);
+      console.log("Session callback - token:", token);
+
       if (token.error) {
+        console.error("Token error detected:", token.error);
         // Force sign out if there was a refresh error
         throw new Error("RefreshAccessTokenError");
       }
@@ -141,6 +148,7 @@ export const authOptions: NextAuthOptions = {
   },
   events: {
     async signOut({ token }) {
+      console.log("Sign out event - token:", token);
       if (token.refreshToken) {
         try {
           await fetch(
@@ -151,8 +159,8 @@ export const authOptions: NextAuthOptions = {
                 "Content-Type": "application/x-www-form-urlencoded",
               },
               body: new URLSearchParams({
-                client_id: process.env.KEYCLOAK_CLIENT_ID!,
-                client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
+                client_id: getRequiredEnvVar("KEYCLOAK_CLIENT_ID"),
+                client_secret: getRequiredEnvVar("KEYCLOAK_CLIENT_SECRET"),
                 refresh_token: token.refreshToken as string,
               }),
             }
@@ -163,6 +171,7 @@ export const authOptions: NextAuthOptions = {
       }
     },
   },
+  debug: true, // Enable debug logging
 };
 
 const handler = NextAuth(authOptions);