return profile picture

src/app.controller.ts

@@ -1,6 +1,6 @@
 import { Controller, Get, UseGuards } from '@nestjs/common';
 import { AppService } from './app.service';
-import { KeycloakAuthGuard } from './auth/keycloak.guard';
+import { KeycloakAuthGuard } from './module/auth/keycloak.guard';
 
 
 @Controller()

src/app.module.ts

@@ -1,10 +1,11 @@
 import { Module } from '@nestjs/common';
 import { AppController } from './app.controller';
 import { AppService } from './app.service';
-import { AuthModule } from './auth/auth.module';
+import { AuthModule } from './module/auth/auth.module';
+import { ProfileModule } from './module/profile/profile.module';
 
 @Module({
-  imports: [AuthModule],
+  imports: [AuthModule, ProfileModule],
   controllers: [AppController],
   providers: [AppService],
 })

src/module/auth/keycloak.strategy.ts

@@ -25,10 +25,16 @@ export class KeycloakStrategy extends PassportStrategy(Strategy, "keycloak") {
   }
 
   async validate(payload: any) {
+    console.log('Full JWT Payload:', payload);
     return {
       userId: payload.sub,
       email: payload.email,
+      name: payload.name,
+      // Google profile image is usually in 'picture'
+      email_verified: payload.email_verified,
+      picture: payload.picture || `https://profiles.google.com/s2/photos/profile/${payload.email}`,
       roles: payload.realm_access?.roles || [],
+      // Keep raw for debugging other custom claims
       raw: payload,
     };
   }

src/module/profile/profile.controller.ts

@@ -0,0 +1,24 @@
+import { KeycloakAuthGuard } from '../auth/keycloak.guard';
+import { ProfileService } from './profile.service';
+import { Controller, Get, UseGuards, Request } from '@nestjs/common';
+import { AuthGuard } from '@nestjs/passport';
+
+
+@Controller('profile')
+export class ProfileController {
+  constructor(private readonly profileService: ProfileService) {}
+
+  @UseGuards(AuthGuard('keycloak'))
+  @Get()
+  getProfile(@Request() req) {
+    // The 'user' object here is exactly what you returned from validate()
+
+    return {
+      email: req.user.email,
+      name: req.user.name,
+      picture: req.user.picture,
+      email_verified: req.user.email_verified,
+      roles: req.user.roles,
+    };
+  }
+}

src/module/profile/profile.module.ts

@@ -0,0 +1,16 @@
+import { Module } from '@nestjs/common';
+import { PassportModule } from '@nestjs/passport';
+import { ProfileController } from './profile.controller';
+import { ProfileService } from './profile.service';
+import { KeycloakStrategy } from '../auth/keycloak.strategy';
+
+@Module({
+  imports: [
+    // Registers the 'keycloak' strategy as a default if needed
+    PassportModule.register({ defaultStrategy: 'keycloak' }),
+  ],
+  controllers: [ProfileController],
+  providers: [ProfileService, KeycloakStrategy],
+  exports: [],
+})
+export class ProfileModule {}

src/module/profile/profile.service.ts

@@ -0,0 +1,8 @@
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class ProfileService {
+  getProfile(): string {
+    return 'Hello World!';
+  }
+}