From ac61ae50fdcb0241fcdf0ab181acf332f50c77b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carl=20G=C3=B6decken?= <MasterCarl@users.noreply.github.com>
Date: Fri, 13 Dec 2024 12:03:54 +0100
Subject: [PATCH]  feat: keycloak internal server URL

* Fix examples

* Add serverUrlInternal option
---
 playground/.env.example                  |  1 +
 src/module.ts                            |  1 +
 src/runtime/server/lib/oauth/keycloak.ts | 14 +++++++++++---
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/playground/.env.example b/playground/.env.example
index 7423af59..ee96ce2c 100644
--- a/playground/.env.example
+++ b/playground/.env.example
@@ -32,6 +32,7 @@ NUXT_OAUTH_BATTLEDOTNET_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_CLIENT_ID=
 NUXT_OAUTH_KEYCLOAK_CLIENT_SECRET=
 NUXT_OAUTH_KEYCLOAK_SERVER_URL=
+NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL=
 NUXT_OAUTH_KEYCLOAK_REALM=
 # LinkedIn
 NUXT_OAUTH_LINKEDIN_CLIENT_ID=
diff --git a/src/module.ts b/src/module.ts
index f180b10c..1ef1a463 100644
--- a/src/module.ts
+++ b/src/module.ts
@@ -232,6 +232,7 @@ export default defineNuxtModule<ModuleOptions>({
       clientId: '',
       clientSecret: '',
       serverUrl: '',
+      serverUrlInternal: '',
       realm: '',
       redirectURL: '',
     })
diff --git a/src/runtime/server/lib/oauth/keycloak.ts b/src/runtime/server/lib/oauth/keycloak.ts
index 4be99d1a..bcb48bea 100644
--- a/src/runtime/server/lib/oauth/keycloak.ts
+++ b/src/runtime/server/lib/oauth/keycloak.ts
@@ -19,10 +19,17 @@ export interface OAuthKeycloakConfig {
   clientSecret?: string
   /**
    * Keycloak OAuth Server URL
-   * @example http://192.168.1.10:8080/auth
+   * @example http://192.168.1.10:8080
    * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL
    */
   serverUrl?: string
+  /**
+   * Optional Keycloak OAuth Server URL to use internally, e.g. if Nuxt connects to a Docker hostname while the browser
+   * redirect goes to localhost
+   * @example http://keycloak:8080
+   * @default process.env.NUXT_OAUTH_KEYCLOAK_SERVER_URL_INTERNAL
+   */
+  serverUrlInternal?: string
   /**
    * Keycloak OAuth Realm
    * @default process.env.NUXT_OAUTH_KEYCLOAK_REALM
@@ -40,7 +47,7 @@ export interface OAuthKeycloakConfig {
    */
   authorizationParams?: Record<string, string>
   /**
-   * Redirect URL to to allow overriding for situations like prod failing to determine public hostname
+   * Redirect URL to allow overriding for situations like prod failing to determine public hostname
    * @default process.env.NUXT_OAUTH_KEYCLOAK_REDIRECT_URL or current URL
    */
   redirectURL?: string
@@ -78,9 +85,10 @@ export function defineOAuthKeycloakEventHandler({
     }
 
     const realmURL = `${config.serverUrl}/realms/${config.realm}`
+    const realmURLInternal = `${config.serverUrlInternal || config.serverUrl}/realms/${config.realm}`
 
     const authorizationURL = `${realmURL}/protocol/openid-connect/auth`
-    const tokenURL = `${realmURL}/protocol/openid-connect/token`
+    const tokenURL = `${realmURLInternal}/protocol/openid-connect/token`
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
     if (!query.code) {