first commit

src/controllers/authController.js

@@ -181,7 +181,16 @@ export async function authLogin(req, res) {
     }
 
     const authUrl = getAuthorizationUrl(req);
+    
+    // Save session before redirecting to Keycloak
+    req.session.save((err) => {
+      if (err) {
+        console.error('Session save error:', err);
+        return res.status(500).send('Session save failed');
+      }
+      console.log('Session saved, redirecting to Keycloak:', authUrl.substring(0, 80) + '...');
       res.redirect(authUrl);
+    });
   } catch (error) {
     console.error('Login error:', error);
     res.status(500).send('Authentication failed');

src/middleware/oidcMiddleware.js

@@ -47,9 +47,14 @@ export function getAuthorizationUrl(req) {
   const client = getOIDCClient();
   const nonce = Math.random().toString(36).substring(7);
   const state = Math.random().toString(36).substring(7);
+  
+  // Store in session AND ensure session is saved
   req.session.nonce = nonce;
   req.session.state = state;
   
+  // Force session save before redirect
+  console.log('Storing in session - nonce:', nonce, 'state:', state);
+
   return client.authorizationUrl({
     scope: 'openid profile email',
     response_mode: 'form_post',

src/server.js

@@ -78,11 +78,11 @@ app.use(
     store: new FileStoreSession({ path: './sessions' }),
     secret: config.sessionSecret,
     resave: false,
-    saveUninitialized: false,
+    saveUninitialized: true, // Changed to true for OAuth flow
     cookie: {
       secure: config.nodeEnv === 'production',
       httpOnly: true,
-      sameSite: 'strict',
+      sameSite: 'lax', // Changed from 'strict' to 'lax' to allow cross-site callbacks
       maxAge: 24 * 60 * 60 * 1000, // 24 hours
     },
   })