fix(FE) : fix store token
This commit is contained in:
Yusron alamsyah
@@ -129,6 +129,7 @@ export default defineEventHandler(async (event) => {
|
||||
|
||||
let idTokenPayload;
|
||||
let accessTokenPayload;
|
||||
let refreshTokenPayload;
|
||||
try {
|
||||
idTokenPayload = JSON.parse(
|
||||
Buffer.from(tokens.id_token.split('.')[1], 'base64').toString()
|
||||
@@ -136,23 +137,22 @@ export default defineEventHandler(async (event) => {
|
||||
accessTokenPayload = JSON.parse(
|
||||
Buffer.from(tokens.access_token.split('.')[1], 'base64').toString()
|
||||
);
|
||||
refreshTokenPayload = JSON.parse(
|
||||
Buffer.from(tokens.refresh_token.split('.')[1], 'base64').toString()
|
||||
);
|
||||
} catch (decodeError) {
|
||||
console.error('❌ Failed to decode ID token:', decodeError);
|
||||
const errorMsg = encodeURIComponent('Invalid ID token format');
|
||||
console.error('❌ Failed to decode token:', decodeError);
|
||||
const errorMsg = encodeURIComponent('Invalid token format');
|
||||
return sendRedirect(event, `/auth/login?error=${errorMsg}`);
|
||||
}
|
||||
|
||||
// Extract roles from Keycloak token
|
||||
// Keycloak stores roles in different places depending on configuration
|
||||
const realmRoles = accessTokenPayload.realm_access?.roles || [];
|
||||
const clientRoles = accessTokenPayload.resource_access?.[config.keycloakClientId]?.roles || [];
|
||||
const allRoles = [...new Set([...realmRoles, ...clientRoles])]; // Remove duplicates
|
||||
|
||||
console.log('👥 User Roles Extracted:');
|
||||
console.log(' - Realm Roles:', realmRoles);
|
||||
console.log(' - Client Roles:', clientRoles);
|
||||
console.log(' - All Roles:', allRoles);
|
||||
|
||||
console.log("refreshTokenPayload.exp:", refreshTokenPayload.exp);
|
||||
console.log("Current time (seconds):", Math.floor(Date.now() / 1000));
|
||||
console.log("Token expires in (seconds):", refreshTokenPayload.exp - Math.floor(Date.now() / 1000));
|
||||
// Store minimal session data in cookie to reduce size
|
||||
// The ID token contains user info, so we can decode it when needed
|
||||
const sessionData = {
|
||||
@@ -162,8 +162,6 @@ export default defineEventHandler(async (event) => {
|
||||
email: idTokenPayload.email,
|
||||
name: idTokenPayload.name || idTokenPayload.preferred_username,
|
||||
preferred_username: idTokenPayload.preferred_username,
|
||||
roles: allRoles, // All user roles combined
|
||||
realm_roles: realmRoles, // Realm-specific roles
|
||||
client_roles: clientRoles, // Client-specific roles
|
||||
},
|
||||
// Store tokens - these are necessary for API calls
|
||||
@@ -172,8 +170,8 @@ export default defineEventHandler(async (event) => {
|
||||
idToken: tokens.id_token,
|
||||
refreshToken: tokens.refresh_token,
|
||||
// Session metadata
|
||||
expiresAt: Date.now() + (SESSION_DURATION * 1000),
|
||||
createdAt: Date.now(),
|
||||
expiresAt: refreshTokenPayload.exp * 1000, // Convert to milliseconds
|
||||
createdAt: refreshTokenPayload.iat ? refreshTokenPayload.iat * 1000 : Date.now(),
|
||||
};
|
||||
|
||||
// Determine if we should use secure cookies
|
||||
|
||||
Reference in New Issue
Block a user