From eeb0c31149a6abcb3d495d178c0dda29b4ef4135 Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Sat, 13 Dec 2025 11:11:10 +0000
Subject: [PATCH] Fix: Add explicit OIDC redirect URI for Keycloak auth
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added force-redirect-https-scheme and explicit redirect-uri to fix
'Paramètre invalide : redirect_uri' error in Keycloak authentication.

Changes:
- quarkus.oidc.authentication.force-redirect-https-scheme=true
- quarkus.oidc.authentication.redirect-uri=https://unionflow.lions.dev/auth/callback

This ensures Quarkus OIDC uses the correct absolute URL for redirect
instead of constructing it from request headers (which may be incorrect
behind nginx ingress).
---
 src/main/resources/application-prod.properties | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index e3b14c4..47f96e1 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -69,6 +69,8 @@ quarkus.oidc.client-id=unionflow-client
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.application-type=web-app
 quarkus.oidc.authentication.redirect-path=/auth/callback
+quarkus.oidc.authentication.force-redirect-https-scheme=true
+quarkus.oidc.authentication.redirect-uri=https://unionflow.lions.dev/auth/callback
 quarkus.oidc.authentication.restore-path-after-redirect=true
 quarkus.oidc.authentication.scopes=openid,profile,email,roles
 quarkus.oidc.token.issuer=https://security.lions.dev/realms/unionflow