From 6018b853a04b5e0e38561956fd0bd3c2b88f75f6 Mon Sep 17 00:00:00 2001
From: Kevin <k.besson@clm.foundation>
Date: Fri, 21 Feb 2025 14:25:52 +0100
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20gestion=20du=20refresh=20toke?=
 =?UTF-8?q?n=20lors=20de=20la=20connexion=20avec=20Keycloak=20et=20mise=20?=
 =?UTF-8?q?=C3=A0=20jour=20de=20la=20d=C3=A9connexion=20pour=20utiliser=20?=
 =?UTF-8?q?le=20refresh=20token.=20Modification=20de=20la=20navigation=20p?=
 =?UTF-8?q?rincipale=20pour=20int=C3=A9grer=20les=20fonctions=20de=20conne?=
 =?UTF-8?q?xion=20et=20de=20d=C3=A9connexion.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 front/app/api/auth/[...nextauth]/route.ts | 24 +++++++++++++++++++++++
 front/components/main-nav.tsx             | 10 ++++++----
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/front/app/api/auth/[...nextauth]/route.ts b/front/app/api/auth/[...nextauth]/route.ts
index e17af22..1c1187d 100644
--- a/front/app/api/auth/[...nextauth]/route.ts
+++ b/front/app/api/auth/[...nextauth]/route.ts
@@ -28,6 +28,7 @@ export const authOptions: NextAuthOptions = {
       // Au moment de la première connexion, sauvegarde de l'access token et du rôle dans le JWT
       if (account && profile) {
         token.accessToken = account.access_token;
+        token.refreshToken = account.refresh_token;
         token.first_name = profile.given_name;
         token.last_name = profile.family_name;
         token.username = profile.preferred_username;
@@ -48,6 +49,29 @@ export const authOptions: NextAuthOptions = {
   session: {
     strategy: "jwt",
   },
+  events: {
+    async signOut({ token }) {
+      try {
+        console.log("Déconnexion Keycloak");
+        console.log("Token", token);
+        const issuerUrl = process.env.KEYCLOAK_ISSUER!;
+        const logoutUrl = `${issuerUrl}/protocol/openid-connect/logout`;
+        await fetch(logoutUrl, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+          },
+          body: new URLSearchParams({
+            client_id: process.env.KEYCLOAK_CLIENT_ID!,
+            client_secret: process.env.KEYCLOAK_CLIENT_SECRET!,
+            refresh_token: token.refreshToken as string,
+          }),
+        });
+      } catch (error) {
+        console.error("Erreur lors de la déconnexion Keycloak:", error);
+      }
+    },
+  },
 };
 
 const handler = NextAuth(authOptions);
diff --git a/front/components/main-nav.tsx b/front/components/main-nav.tsx
index 4172030..5dbbca4 100644
--- a/front/components/main-nav.tsx
+++ b/front/components/main-nav.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import {
   Calendar,
   MessageSquare,
@@ -11,7 +11,7 @@ import {
 import Image from "next/image";
 import Link from "next/link";
 import { Sidebar } from "./sidebar";
-import { useSession } from "next-auth/react";
+import { useSession, signIn, signOut } from "next-auth/react";
 
 export function MainNav() {
   const [isSidebarOpen, setIsSidebarOpen] = useState(false);
@@ -83,12 +83,14 @@ export function MainNav() {
               </span>
             </div>
             <div className='cursor-pointer text-white/80 hover:text-white'>
-              <Link href='/api/auth/signout'>Logout</Link>
+              <span onClick={() => signOut()}>Logout</span>
             </div>
           </div>
         ) : (
           <div className='cursor-pointer text-white/80 hover:text-white'>
-            <Link href='/api/auth/signin'>Login</Link>
+            <span onClick={() => signIn("keycloak", { callbackUrl: "/" })}>
+              Login
+            </span>
           </div>
         )}
       </div>