From 7c4cc9e7f894880c4b40fb516054278e907f9655 Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Wed, 24 Dec 2025 01:59:52 +0000
Subject: [PATCH] Fix: Restaurer
 quarkus.oidc.authentication.redirect-path=/auth/callback en production
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Le redirect-path doit être explicitement défini en production pour surcharger
la valeur par défaut de application.properties.

Quarkus OIDC gère automatiquement le callback sur ce path - pas besoin de
créer une page callback.xhtml. Le framework intercepte la requête, échange
le code OAuth contre un token, crée la session et redirige automatiquement.

Cela corrige l'erreur 502 Bad Gateway lors du retour d'authentification Keycloak.
---
 src/main/resources/application-prod.properties | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 4f01c9e..452a6bf 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -96,7 +96,8 @@ quarkus.rest-client."unionflow-api".url=${unionflow.backend.url}
 quarkus.rest-client."unionflow-api".scope=jakarta.inject.Singleton
 quarkus.rest-client."unionflow-api".connect-timeout=5000
 quarkus.rest-client."unionflow-api".read-timeout=15000
-quarkus.rest-client."unionflow-api".providers=dev.lions.unionflow.client.service.RestClientExceptionMapper,dev.lions.unionflow.client.security.JwtClientRequestFilter
+quarkus.rest-client."unionflow-api".providers=dev.lions.unionflow.client.service.RestClientExceptionMapper
+# NOTE: JwtClientRequestFilter retiré - utilisation de AuthHeaderFactory via @RegisterClientHeaders
 
 # Configuration Keycloak OIDC - Production
 quarkus.oidc.enabled=true
@@ -104,8 +105,8 @@ quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.d
 quarkus.oidc.client-id=unionflow-client
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.application-type=web-app
-# Callback path - must match Keycloak Valid Redirect URIs configuration
-#quarkus.oidc.authentication.redirect-path=/auth/callback
+ Callback path - must match Keycloak Valid Redirect URIs configuration
+quarkus.oidc.authentication.redirect-path=/auth/callback
 # quarkus.oidc.authentication.redirect-path is NOT set - let Quarkus use its default
 quarkus.oidc.authentication.force-redirect-https-scheme=true
 quarkus.oidc.authentication.restore-path-after-redirect=true