From b904cd6b9588c4331e48fa970c0129ac4ff609ec Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Sat, 13 Dec 2025 11:54:36 +0000
Subject: [PATCH] Fix: Remove custom OIDC redirect paths, use Quarkus defaults

- Removed quarkus.oidc.authentication.redirect-path=/auth/callback
- Removed quarkus.oidc.authentication.redirect-uri explicit setting
- Changed cookie-same-site from strict to lax for OAuth compatibility
- Keycloak client updated with wildcard redirectUris: https://unionflow.lions.dev/*

This allows Quarkus OIDC to use its default callback paths instead of
the non-existent /auth/callback path that was causing 502 errors.

Fixes OAuth callback 502 Bad Gateway error.
---
 src/main/resources/application-prod.properties | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 47f96e1..fa64abb 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -68,14 +68,12 @@ quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.d
 quarkus.oidc.client-id=unionflow-client
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.application-type=web-app
-quarkus.oidc.authentication.redirect-path=/auth/callback
 quarkus.oidc.authentication.force-redirect-https-scheme=true
-quarkus.oidc.authentication.redirect-uri=https://unionflow.lions.dev/auth/callback
 quarkus.oidc.authentication.restore-path-after-redirect=true
 quarkus.oidc.authentication.scopes=openid,profile,email,roles
 quarkus.oidc.token.issuer=https://security.lions.dev/realms/unionflow
 quarkus.oidc.tls.verification=required
-quarkus.oidc.authentication.cookie-same-site=strict
+quarkus.oidc.authentication.cookie-same-site=lax
 quarkus.oidc.authentication.java-script-auto-redirect=false
 quarkus.oidc.discovery-enabled=true
 quarkus.oidc.verify-access-token=true