import { NextRequest, NextResponse } from 'next/server'; import { getServerSession } from 'next-auth/next'; import { authOptions } from '../../options'; /** * API endpoint to refresh Keycloak session cookies * This ensures Keycloak session is active before loading iframe applications */ export async function GET(request: NextRequest) { try { const session = await getServerSession(authOptions); if (!session?.accessToken || !session?.refreshToken) { return NextResponse.json( { error: 'No active session' }, { status: 401 } ); } // Refresh the Keycloak token to renew session cookies // This will also refresh Keycloak session cookies in the browser const keycloakIssuer = process.env.KEYCLOAK_ISSUER; const clientId = process.env.KEYCLOAK_CLIENT_ID; const clientSecret = process.env.KEYCLOAK_CLIENT_SECRET; if (!keycloakIssuer || !clientId || !clientSecret) { return NextResponse.json( { error: 'Keycloak configuration missing' }, { status: 500 } ); } // Use the refresh token to get new tokens // This will also refresh Keycloak session cookies const response = await fetch(`${keycloakIssuer}/protocol/openid-connect/token`, { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, body: new URLSearchParams({ client_id: clientId, client_secret: clientSecret, grant_type: 'refresh_token', refresh_token: session.refreshToken as string, }), }); if (!response.ok) { const error = await response.json().catch(() => ({})); console.error('Failed to refresh Keycloak session:', error); return NextResponse.json( { error: 'Failed to refresh Keycloak session', details: error }, { status: response.status } ); } const tokens = await response.json(); // Return success - the Keycloak session cookies are now refreshed // The new tokens will be stored in NextAuth on next request return NextResponse.json({ success: true, message: 'Keycloak session refreshed', }); } catch (error) { console.error('Error refreshing Keycloak session:', error); return NextResponse.json( { error: 'Internal server error' }, { status: 500 } ); } }