Skip to content

Commit 00504ea

Browse files
JaySoni1JaySoni1
committed
WEB-551 Fix Oauth (Keycloak)
1 parent cb52f59 commit 00504ea

File tree

3 files changed

+27
-17
lines changed

3 files changed

+27
-17
lines changed

src/app/core/authentication/oauth.config.ts

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -61,21 +61,29 @@ function getOIDCConfig(): AuthConfig {
6161
}
6262

6363
/**
64-
* Creates the configuration required for classic OAuth2 providers (e.g., Fineract).
64+
* Creates the configuration required for classic OAuth2 providers (e.g., Fineract, Keycloak).
6565
* @returns {AuthConfig} OAuth2 configuration block.
6666
*/
6767
function getOAuth2Config(): AuthConfig {
6868
const frontendUrl = window.location.origin;
69+
const { serverUrl, authorizeUrl, tokenUrl, redirectUri, scope, appId } = environment.oauth;
70+
71+
// Allow custom Keycloak realm via MIFOS_OAUTH_REALM (defaults to master)
72+
const keycloakRealm = (window as any)['env']?.['MIFOS_OAUTH_REALM'] || 'master';
73+
const resolvedAuthorizeUrl = authorizeUrl || `${serverUrl}/auth/realms/${keycloakRealm}/protocol/openid-connect/auth`;
74+
const resolvedTokenUrl = tokenUrl || `${serverUrl}/auth/realms/${keycloakRealm}/protocol/openid-connect/token`;
75+
const resolvedRedirectUri = redirectUri || `${frontendUrl}/#/callback`;
76+
const resolvedScope = scope || 'openid profile email';
6977

7078
return {
71-
issuer: environment.oauth.serverUrl,
72-
loginUrl: environment.oauth.authorizeUrl,
73-
tokenEndpoint: environment.oauth.tokenUrl,
74-
redirectUri: environment.oauth.redirectUri,
79+
issuer: serverUrl,
80+
loginUrl: resolvedAuthorizeUrl,
81+
tokenEndpoint: resolvedTokenUrl,
82+
redirectUri: resolvedRedirectUri,
7583
postLogoutRedirectUri: `${frontendUrl}/#/login`,
76-
clientId: environment.oauth.appId,
84+
clientId: appId,
7785
responseType: 'code',
78-
scope: environment.oauth.scope,
86+
scope: resolvedScope,
7987
useSilentRefresh: false,
8088
oidc: false,
8189
// Skip issuer validation for OAuth2 (non-OIDC) flows

src/environments/environment.prod.ts

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,14 +26,15 @@ export const environment = {
2626
apiActuator: loadedEnv.apiActuator || '/fineract-provider',
2727
serverUrl: '',
2828
oauth: {
29-
enabled: loadedEnv.oauthServerEnabled === true,
30-
serverUrl: loadedEnv.oauthServerUrl || '',
29+
// Support legacy MIFOS_OAUTH_* variable names for backward compatibility with Keycloak
30+
enabled: loadedEnv.oauthServerEnabled === true || loadedEnv['MIFOS_OAUTH_SERVER_ENABLED'] === 'true',
31+
serverUrl: loadedEnv.oauthServerUrl || loadedEnv['MIFOS_OAUTH_SERVER_URL'] || '',
3132
logoutUrl: loadedEnv.oauthServerLogoutUrl || '',
32-
appId: loadedEnv.oauthAppId || '',
33+
appId: loadedEnv.oauthAppId || loadedEnv['MIFOS_OAUTH_CLIENT_ID'] || '',
3334
authorizeUrl: loadedEnv.oauthAuthorizeUrl || '',
3435
tokenUrl: loadedEnv.oauthTokenUrl || '',
35-
redirectUri: loadedEnv.oauthRedirectUri || '',
36-
scope: loadedEnv.oauthScope || ''
36+
redirectUri: loadedEnv.oauthRedirectUri || `${window.location.origin}/#/callback`,
37+
scope: loadedEnv.oauthScope || 'openid profile email'
3738
},
3839
/** Feature flag for Remember Me functionality */
3940
enableRememberMe: false,

src/environments/environment.ts

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,14 +32,15 @@ export const environment = {
3232
/** Feature flag for Remember Me functionality */
3333
enableRememberMe: false,
3434
oauth: {
35-
enabled: loadedEnv.oauthServerEnabled === true,
36-
serverUrl: loadedEnv.oauthServerUrl || '',
35+
// Support legacy MIFOS_OAUTH_* variable names for backward compatibility with Keycloak
36+
enabled: loadedEnv.oauthServerEnabled === true || loadedEnv.MIFOS_OAUTH_SERVER_ENABLED === 'true',
37+
serverUrl: loadedEnv.oauthServerUrl || loadedEnv.MIFOS_OAUTH_SERVER_URL || '',
3738
logoutUrl: loadedEnv.oauthServerLogoutUrl || '',
38-
appId: loadedEnv.oauthAppId || '',
39+
appId: loadedEnv.oauthAppId || loadedEnv.MIFOS_OAUTH_CLIENT_ID || '',
3940
authorizeUrl: loadedEnv.oauthAuthorizeUrl || '',
4041
tokenUrl: loadedEnv.oauthTokenUrl || '',
41-
redirectUri: loadedEnv.oauthRedirectUri || '',
42-
scope: loadedEnv.oauthScope || ''
42+
redirectUri: loadedEnv.oauthRedirectUri || `${window.location.origin}/#/callback`,
43+
scope: loadedEnv.oauthScope || 'openid profile email'
4344
},
4445
warningDialog: {
4546
title: 'Warning',

0 commit comments

Comments
 (0)