NeahNew/app/api/auth/refresh-keycloak-session/route.ts

import { NextRequest, NextResponse } from 'next/server';
import { getServerSession } from 'next-auth/next';
import { authOptions } from '../../options';

/**
 * API endpoint to refresh Keycloak session cookies
 * This ensures Keycloak session is active before loading iframe applications
 */
export async function GET(request: NextRequest) {
  try {
    const session = await getServerSession(authOptions);
    
    if (!session?.accessToken || !session?.refreshToken) {
      return NextResponse.json(
        { error: 'No active session' },
        { status: 401 }
      );
    }

    // Refresh the Keycloak token to renew session cookies
    // This will also refresh Keycloak session cookies in the browser
    const keycloakIssuer = process.env.KEYCLOAK_ISSUER;
    const clientId = process.env.KEYCLOAK_CLIENT_ID;
    const clientSecret = process.env.KEYCLOAK_CLIENT_SECRET;

    if (!keycloakIssuer || !clientId || !clientSecret) {
      return NextResponse.json(
        { error: 'Keycloak configuration missing' },
        { status: 500 }
      );
    }

    // Use the refresh token to get new tokens
    // This will also refresh Keycloak session cookies
    const response = await fetch(`${keycloakIssuer}/protocol/openid-connect/token`, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      body: new URLSearchParams({
        client_id: clientId,
        client_secret: clientSecret,
        grant_type: 'refresh_token',
        refresh_token: session.refreshToken as string,
      }),
    });

    if (!response.ok) {
      const error = await response.json().catch(() => ({}));
      console.error('Failed to refresh Keycloak session:', error);
      return NextResponse.json(
        { error: 'Failed to refresh Keycloak session', details: error },
        { status: response.status }
      );
    }

    const tokens = await response.json();

    // Return success - the Keycloak session cookies are now refreshed
    // The new tokens will be stored in NextAuth on next request
    return NextResponse.json({
      success: true,
      message: 'Keycloak session refreshed',
    });
  } catch (error) {
    console.error('Error refreshing Keycloak session:', error);
    return NextResponse.json(
      { error: 'Internal server error' },
      { status: 500 }
    );
  }
}