diff --git a/src/controllers/authController.js b/src/controllers/authController.js index 079786f..b380cb8 100644 --- a/src/controllers/authController.js +++ b/src/controllers/authController.js @@ -181,7 +181,16 @@ export async function authLogin(req, res) { } const authUrl = getAuthorizationUrl(req); - res.redirect(authUrl); + + // Save session before redirecting to Keycloak + req.session.save((err) => { + if (err) { + console.error('Session save error:', err); + return res.status(500).send('Session save failed'); + } + console.log('Session saved, redirecting to Keycloak:', authUrl.substring(0, 80) + '...'); + res.redirect(authUrl); + }); } catch (error) { console.error('Login error:', error); res.status(500).send('Authentication failed'); diff --git a/src/middleware/oidcMiddleware.js b/src/middleware/oidcMiddleware.js index 74694ab..cd0ceef 100644 --- a/src/middleware/oidcMiddleware.js +++ b/src/middleware/oidcMiddleware.js @@ -47,8 +47,13 @@ export function getAuthorizationUrl(req) { const client = getOIDCClient(); const nonce = Math.random().toString(36).substring(7); const state = Math.random().toString(36).substring(7); + + // Store in session AND ensure session is saved req.session.nonce = nonce; req.session.state = state; + + // Force session save before redirect + console.log('Storing in session - nonce:', nonce, 'state:', state); return client.authorizationUrl({ scope: 'openid profile email', diff --git a/src/server.js b/src/server.js index 99dc7c6..192b357 100644 --- a/src/server.js +++ b/src/server.js @@ -78,11 +78,11 @@ app.use( store: new FileStoreSession({ path: './sessions' }), secret: config.sessionSecret, resave: false, - saveUninitialized: false, + saveUninitialized: true, // Changed to true for OAuth flow cookie: { secure: config.nodeEnv === 'production', httpOnly: true, - sameSite: 'strict', + sameSite: 'lax', // Changed from 'strict' to 'lax' to allow cross-site callbacks maxAge: 24 * 60 * 60 * 1000, // 24 hours }, })