app/api/auth/callback/route.ts

import { getCookieDomain } from "@/lib/getDomain";
import { env } from "@/lib/env";
import { NextResponse } from "next/server";
const BASE_URL = env.APP_URL;

export async function GET(req: Request) {
  const url = new URL(req.url);
  const code = url.searchParams.get("code");
  const isHttps = url.protocol === "https:";
  const domain = env.COOKIE_DOMAIN ?? getCookieDomain(url.hostname);

  if (!code) {
    return NextResponse.redirect(`${BASE_URL}/login?error=missing_code`);
  }

  const redirectUri = `${origin}/api/auth/callback`;

  const tokenRes = await fetch(
    `${env.KEYCLOAK_BASE_URL}/realms/${env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
    {
      method: "POST",
      headers: { "Content-Type": "application/x-www-form-urlencoded" },
      body: new URLSearchParams({
        client_id: env.KEYCLOAK_CLIENT_ID,
        client_secret: env.KEYCLOAK_CLIENT_SECRET,
        grant_type: "authorization_code",
        code,
        redirect_uri: redirectUri,
      }),
    }
  );

  const text = await tokenRes.text();
  let data: { access_token?: string; expires_in?: number };
  try {
    data = JSON.parse(text) as typeof data;
  } catch {
    return NextResponse.redirect(`${BASE_URL}/login?error=token_parse`);
  }

  if (!tokenRes.ok || !data.access_token) {
    console.error("token exchange failed", tokenRes.status, text);
    return NextResponse.redirect(`${BASE_URL}/login?error=token_exchange`);
  }

  const res = NextResponse.redirect(`${BASE_URL}/admin/create-news`);

  // Secure cookies are ignored on http:// (e.g. localhost) — browser drops them.
  res.cookies.set("access_token", data.access_token, {
    httpOnly: true,
    secure: isHttps,
    sameSite: "lax",
    path: "/",
    maxAge: data.expires_in,
    ...(domain ? { domain } : {}),
  });

  return res;
}
set the right domain 2026-04-19 13:30:47 +01:00			`import { getCookieDomain } from "@/lib/getDomain";`
move to environment variable 2026-04-20 11:39:32 +01:00			`import { env } from "@/lib/env";`
login to next backend 2026-04-18 23:45:46 +01:00			`import { NextResponse } from "next/server";`
move to environment variable 2026-04-20 11:39:32 +01:00			`const BASE_URL = env.APP_URL;`
login to next backend 2026-04-18 23:45:46 +01:00
			`export async function GET(req: Request) {`
			`const url = new URL(req.url);`
			`const code = url.searchParams.get("code");`
set settsion to http and https 2026-04-19 00:52:09 +01:00			`const isHttps = url.protocol === "https:";`
move to environment variable 2026-04-20 11:39:32 +01:00			`const domain = env.COOKIE_DOMAIN ?? getCookieDomain(url.hostname);`
login to next backend 2026-04-18 23:45:46 +01:00
set settsion to http and https 2026-04-19 00:52:09 +01:00			`if (!code) {`
move to environment variable 2026-04-20 11:39:32 +01:00			return NextResponse.redirect(`${BASE_URL}/login?error=missing_code`);
set settsion to http and https 2026-04-19 00:52:09 +01:00			`}`

			const redirectUri = `${origin}/api/auth/callback`;

			`const tokenRes = await fetch(`
move to environment variable 2026-04-20 11:39:32 +01:00			`${env.KEYCLOAK_BASE_URL}/realms/${env.KEYCLOAK_REALM}/protocol/openid-connect/token`,
set settsion to http and https 2026-04-19 00:52:09 +01:00			`{`
			`method: "POST",`
			`headers: { "Content-Type": "application/x-www-form-urlencoded" },`
			`body: new URLSearchParams({`
move to environment variable 2026-04-20 11:39:32 +01:00			`client_id: env.KEYCLOAK_CLIENT_ID,`
			`client_secret: env.KEYCLOAK_CLIENT_SECRET,`
set settsion to http and https 2026-04-19 00:52:09 +01:00			`grant_type: "authorization_code",`
			`code,`
			`redirect_uri: redirectUri,`
			`}),`
			`}`
			`);`
login to next backend 2026-04-18 23:45:46 +01:00
			`const text = await tokenRes.text();`
set settsion to http and https 2026-04-19 00:52:09 +01:00			`let data: { access_token?: string; expires_in?: number };`
			`try {`
			`data = JSON.parse(text) as typeof data;`
			`} catch {`
move to environment variable 2026-04-20 11:39:32 +01:00			return NextResponse.redirect(`${BASE_URL}/login?error=token_parse`);
set settsion to http and https 2026-04-19 00:52:09 +01:00			`}`

			`if (!tokenRes.ok \|\| !data.access_token) {`
			`console.error("token exchange failed", tokenRes.status, text);`
move to environment variable 2026-04-20 11:39:32 +01:00			return NextResponse.redirect(`${BASE_URL}/login?error=token_exchange`);
set settsion to http and https 2026-04-19 00:52:09 +01:00			`}`
login to next backend 2026-04-18 23:45:46 +01:00
move to environment variable 2026-04-20 11:39:32 +01:00			const res = NextResponse.redirect(`${BASE_URL}/admin/create-news`);
login to next backend 2026-04-18 23:45:46 +01:00
set settsion to http and https 2026-04-19 00:52:09 +01:00			`// Secure cookies are ignored on http:// (e.g. localhost) — browser drops them.`
login to next backend 2026-04-18 23:45:46 +01:00			`res.cookies.set("access_token", data.access_token, {`
			`httpOnly: true,`
set settsion to http and https 2026-04-19 00:52:09 +01:00			`secure: isHttps,`
login to next backend 2026-04-18 23:45:46 +01:00			`sameSite: "lax",`
			`path: "/",`
set settsion to http and https 2026-04-19 00:52:09 +01:00			`maxAge: data.expires_in,`
set the right domain 2026-04-19 13:30:47 +01:00			`...(domain ? { domain } : {}),`
login to next backend 2026-04-18 23:45:46 +01:00			`});`

			`return res;`
			`}`