tvone/app/api/auth/callback/route.ts

import { NextResponse } from "next/server";

export async function GET(req: Request) {
  const url = new URL(req.url);
  const code = url.searchParams.get("code");

  // exchange code for token (Keycloak token endpoint)
  const tokenRes = await fetch("https://keycloak.petermaquiran.xyz/realms/tvone/protocol/openid-connect/token", {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      client_id: "tvone-web",
      client_secret: "7jQUciQCCf2WRFRe170UANKzGKVWFIkY",
      grant_type: "authorization_code",
      code: code!,
      redirect_uri: "http://localhost:3000/api/auth/callback",
    }),
  });

  const text = await tokenRes.text();
  var data = JSON.parse(text);

  const res = NextResponse.redirect("http://localhost:3000/dashboard");

  res.cookies.set("access_token", data.access_token, {
    httpOnly: true,
    secure: true,
    sameSite: "lax",
    path: "/",
  });

  return res;
}