From d2276827362c78d6b5d6266265977e2caf75ea65 Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Sun, 14 Dec 2025 12:09:01 +0000
Subject: [PATCH] Fix: Remove custom OAuth callback path and set index.xhtml as
 welcome file
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Corrections apportées:
1. Suppression de quarkus.oidc.authentication.redirect-path=/auth/callback
   - Quarkus OIDC utilise maintenant son chemin par défaut: /q/oidc/code-flow/callback
   - /auth/callback n'est pas une page métier et ne doit pas être utilisé

2. Changement du welcome-file de dashboard.xhtml vers index.xhtml
   - dashboard.xhtml n'existe pas dans le répertoire racine
   - index.xhtml est la page d'accueil publique avec contenu marketing

Ces changements corrigent:
- 403 Forbidden sur https://unionflow.lions.dev (mauvais welcome-file)
- 502/404 Bad Gateway sur /auth/callback (chemin de callback incorrect)

Le flux OAuth utilisera maintenant le chemin standard Quarkus OIDC.
Keycloak doit être mis à jour pour rediriger vers /q/oidc/code-flow/callback.
---
 src/main/resources/application-prod.properties | 3 ++-
 src/main/webapp/WEB-INF/web.xml                | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 52865d4..725523e 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -68,7 +68,8 @@ quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.d
 quarkus.oidc.client-id=unionflow-client
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.application-type=web-app
-quarkus.oidc.authentication.redirect-path=/auth/callback
+# Use default Quarkus OIDC callback path: /q/oidc/code-flow/callback
+# quarkus.oidc.authentication.redirect-path is NOT set - let Quarkus use its default
 quarkus.oidc.authentication.force-redirect-https-scheme=true
 quarkus.oidc.authentication.restore-path-after-redirect=true
 quarkus.oidc.authentication.scopes=openid,profile,email,roles
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index 24ecfd9..5e291ab 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -4,7 +4,7 @@
          xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd">
 
     <welcome-file-list>
-        <welcome-file>dashboard.xhtml</welcome-file>
+        <welcome-file>index.xhtml</welcome-file>
     </welcome-file-list>
 
     <!-- JSF Configuration Parameters (Jakarta namespace) -->