equipes keycloak flow

app/api/users/[userId]/roles/route.ts

@@ -13,12 +13,16 @@ export async function GET(
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
 
-    // Safely access the userId parameter
+    // Handle params correctly for Next.js App Router
-    const userId = String(params?.userId || '');
+    // Convert to string primitive to avoid "used `params.userId`" error
+    const userIdParam = params.userId;
+    const userId = String(userIdParam);
+    
     if (!userId) {
       return NextResponse.json({ error: "User ID is required" }, { status: 400 });
     }
 
+    try {
       const kcAdminClient = await getKeycloakAdminClient();
 
       // Get all available roles
@@ -33,6 +37,13 @@ export async function GET(
         availableRoles,
         userRoles,
       });
+    } catch (keycloakError) {
+      console.error("Error connecting to Keycloak:", keycloakError);
+      return NextResponse.json(
+        { error: "Failed to connect to Keycloak service", details: String(keycloakError) },
+        { status: 503 }
+      );
+    }
   } catch (error) {
     console.error("Error fetching roles:", error);
     return NextResponse.json(
@@ -52,12 +63,16 @@ export async function PUT(
       return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
     }
 
-    // Safely access the userId parameter
+    // Handle params correctly for Next.js App Router
-    const userId = String(params?.userId || '');
+    // Convert to string primitive to avoid "used `params.userId`" error
+    const userIdParam = params.userId;
+    const userId = String(userIdParam);
+    
     if (!userId) {
       return NextResponse.json({ error: "User ID is required" }, { status: 400 });
     }
     
+    try {
       const { roles } = await request.json();
       const kcAdminClient = await getKeycloakAdminClient();
 
@@ -97,6 +112,13 @@ export async function PUT(
       }
 
       return NextResponse.json({ success: true });
+    } catch (keycloakError) {
+      console.error("Error connecting to Keycloak:", keycloakError);
+      return NextResponse.json(
+        { error: "Failed to connect to Keycloak service", details: String(keycloakError) },
+        { status: 503 }
+      );
+    }
   } catch (error) {
     console.error("Error updating roles:", error);
     return NextResponse.json(

lib/keycloak.ts

@@ -21,11 +21,21 @@ export async function getKeycloakAdminClient(): Promise<KcAdminClient> {
     }
   }
 
-  const keycloakUrl = process.env.KEYCLOAK_BASE_URL || process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER || 'http://localhost:8080';
+  // Only use environment variables - no hardcoded defaults
-  const adminClientId = process.env.KEYCLOAK_ADMIN_CLIENT_ID || 'admin-cli';
+  const keycloakUrl = process.env.KEYCLOAK_BASE_URL || process.env.KEYCLOAK_ISSUER || process.env.NEXT_PUBLIC_KEYCLOAK_ISSUER;
-  const adminUsername = process.env.KEYCLOAK_ADMIN_USERNAME || 'admin';
+  const adminClientId = process.env.KEYCLOAK_ADMIN_CLIENT_ID;
-  const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD || 'admin';
+  const adminUsername = process.env.KEYCLOAK_ADMIN_USERNAME;
-  const realmName = process.env.KEYCLOAK_REALM || 'cercle';
+  const adminPassword = process.env.KEYCLOAK_ADMIN_PASSWORD;
+  const realmName = process.env.KEYCLOAK_REALM;
+
+  // Validate required environment variables
+  if (!keycloakUrl) {
+    throw new Error('Missing Keycloak URL. Please set KEYCLOAK_BASE_URL or KEYCLOAK_ISSUER or NEXT_PUBLIC_KEYCLOAK_ISSUER in your environment variables.');
+  }
+
+  if (!adminClientId || !adminUsername || !adminPassword || !realmName) {
+    throw new Error('Missing Keycloak admin credentials. Please set KEYCLOAK_ADMIN_CLIENT_ID, KEYCLOAK_ADMIN_USERNAME, KEYCLOAK_ADMIN_PASSWORD, and KEYCLOAK_REALM in your environment variables.');
+  }
 
   console.log(`Connecting to Keycloak at ${keycloakUrl}, realm: ${realmName}`);