If I understand the issue correctly (as described on github, cmty.app and on dev.to (link in next post)), the keycloak endpoint accepts a client_secret parameter. The problem is that the nuxt oath2 scheme doesn’t send the client_secret. The current solution is that the sirixdb server holds the client secret, and forwards the browser to keycloak together with the client_secret.
So nuxt connects to the sirixdb server, which redirects to keycloak, which authenticates and redirects back to nuxt.
The propsed solution is to define a custom keycloak schme to forward client_secret as well. So nuxt will redirect directly to keycloak, without the sirixdb server in the middle.
@johannes if I have this correct, I can work on an implementation.