From 7a54c103e5471892a7271de38ca65f286ad8bdd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl=20G=C3=B6decken?=
 <carl.goedecken@digitalservice.bund.de>
Date: Thu, 12 Dec 2024 17:08:04 +0100
Subject: [PATCH] Add serverUrlInternal option

---
 playground/.env.example                  |  1 +
 src/module.ts                            |  1 +
 src/runtime/server/lib/oauth/keycloak.ts | 10 +++++++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/playground/.env.example b/playground/.env.example
index 7423af5..ee96ce2 100644
--- a/playground/.env.example
+++ b/playground/.env.example
@@ -32,6 +32,7 @@ NUXT_OAUTH_BATTLEDOTNET_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_CLIENT_ID=
 NUXT_OAUTH_KEYCLOAK_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_SERVER_URL=
+NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL=
 NUXT_OAUTH_KEYCLOAK_REALM=
 # LinkedIn
 NUXT_OAUTH_LINKEDIN_CLIENT_ID=
diff --git a/src/module.ts b/src/module.ts
index f180b10..1ef1a46 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -232,6 +232,7 @@ export default defineNuxtModule<ModuleOptions>({
       clientId: '',
       clientSecret: '',
       serverUrl: '',
+      serverUrlInternal: '',
       realm: '',
       redirectURL: '',
     })
diff --git a/src/runtime/server/lib/oauth/keycloak.ts b/src/runtime/server/lib/oauth/keycloak.ts
index d0a0c93..bcb48be 100644
--- a/src/runtime/server/lib/oauth/keycloak.ts
+++ b/src/runtime/server/lib/oauth/keycloak.ts
@@ -23,6 +23,13 @@ export interface OAuthKeycloakConfig {
    * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL
    */
   serverUrl?: string
+  /**
+   * Optional Keycloak OAuth Server URL to use internally, e.g. if Nuxt connects to a Docker hostname while the browser
+   * redirect goes to localhost
+   * @example http://keycloak:8080
+   * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL
+   */
+  serverUrlInternal?: string
   /**
    * Keycloak OAuth Realm
    * @default process.env.NUXT_OAUTH_KEYCLOAK_REALM
@@ -78,9 +85,10 @@ export function defineOAuthKeycloakEventHandler({
     }
 
     const realmURL = `${config.serverUrl}/realms/${config.realm}`
+    const realmURLInternal = `${config.serverUrlInternal || config.serverUrl}/realms/${config.realm}`
 
     const authorizationURL = `${realmURL}/protocol/openid-connect/auth`
-    const tokenURL = `${realmURL}/protocol/openid-connect/token`
+    const tokenURL = `${realmURLInternal}/protocol/openid-connect/token`
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
     if (!query.code) {