diff --git a/playground/.env.example b/playground/.env.example index 7423af59..ee96ce2c 100644 --- a/playground/.env.example +++ b/playground/.env.example @@ -32,6 +32,7 @@ NUXT_OAUTH_BATTLEDOTNET_CLIENT_SECRET= NUXT_OAUTH_KEYCLOAK_CLIENT_ID= NUXT_OAUTH_KEYCLOAK_CLIENT_SECRET= NUXT_OAUTH_KEYCLOAK_SERVER_URL= +NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL= NUXT_OAUTH_KEYCLOAK_REALM= # LinkedIn NUXT_OAUTH_LINKEDIN_CLIENT_ID= diff --git a/src/module.ts b/src/module.ts index f180b10c..1ef1a463 100644 --- a/src/module.ts +++ b/src/module.ts @@ -232,6 +232,7 @@ export default defineNuxtModule({ clientId: '', clientSecret: '', serverUrl: '', + serverUrlInternal: '', realm: '', redirectURL: '', }) diff --git a/src/runtime/server/lib/oauth/keycloak.ts b/src/runtime/server/lib/oauth/keycloak.ts index d0a0c93c..bcb48bea 100644 --- a/src/runtime/server/lib/oauth/keycloak.ts +++ b/src/runtime/server/lib/oauth/keycloak.ts @@ -23,6 +23,13 @@ export interface OAuthKeycloakConfig { * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL */ serverUrl?: string + /** + * Optional Keycloak OAuth Server URL to use internally, e.g. if Nuxt connects to a Docker hostname while the browser + * redirect goes to localhost + * @example http://keycloak:8080 + * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL + */ + serverUrlInternal?: string /** * Keycloak OAuth Realm * @default process.env.NUXT_OAUTH_KEYCLOAK_REALM @@ -78,9 +85,10 @@ export function defineOAuthKeycloakEventHandler({ } const realmURL = `${config.serverUrl}/realms/${config.realm}` + const realmURLInternal = `${config.serverUrlInternal || config.serverUrl}/realms/${config.realm}` const authorizationURL = `${realmURL}/protocol/openid-connect/auth` - const tokenURL = `${realmURL}/protocol/openid-connect/token` + const tokenURL = `${realmURLInternal}/protocol/openid-connect/token` const redirectURL = config.redirectURL || getOAuthRedirectURL(event) if (!query.code) {