URGENT: Revert PR #158 -- prod auth broken, Keycloak ROPC not configured #160

New issue

Closed

opened 2026-06-07 17:11:04 +00:00 by ldraney · 0 comments

ldraney commented 2026-06-07 17:11:04 +00:00

Owner

Copy link

Type

bug

Lineage

standalone

Repo

ldraney/landscaping-assistant

User Story

As a user, I need to be able to log in to the app, which is currently broken because PR #158 deployed ROPC auth but Keycloak terraform was never applied.

Context

PR #158 replaced OmniAuth (Authorization Code flow) with Keycloak Direct Access Grants (ROPC). However, the Keycloak terraform was never applied, so Keycloak does not accept grant_type=password. Production auth is completely broken.

What Broke

Production login is completely broken. Users cannot authenticate because the app sends grant_type=password to Keycloak, but Keycloak is not configured to accept Direct Access Grants.

Repro Steps

1. Navigate to the production app
2. Attempt to log in
3. Auth fails because Keycloak rejects the ROPC grant type

Expected Behavior

Users should be able to log in via OmniAuth Authorization Code flow (redirect to Keycloak, get redirected back).

Environment

Production (Kubernetes)

File Targets

• Gemfile (restore omniauth gems)
• Gemfile.lock (restore omniauth deps)
• config/initializers/omniauth.rb (restore)
• config/routes.rb (restore /auth/keycloak/* routes)
• app/controllers/sessions_controller.rb (restore OmniAuth callback)
• app/views/sessions/new.html.erb (restore login page)
• spec/ (restore OmniAuth test helpers)

Acceptance Criteria

• OmniAuth initializer restored
• OmniAuth gems restored in Gemfile/Gemfile.lock
• /auth/keycloak/callback routes restored
• Login page shows Keycloak redirect button
• Tests pass

Test Expectations

• Existing test suite passes after revert

Constraints

• Straight git revert, no new code
• Emergency fix -- prod is down

Checklist

• Revert commit af9dc69
• Push to branch
• Open PR

Related

• Reverts PR #158

### Type bug ### Lineage standalone ### Repo ldraney/landscaping-assistant ### User Story As a user, I need to be able to log in to the app, which is currently broken because PR #158 deployed ROPC auth but Keycloak terraform was never applied. ### Context PR #158 replaced OmniAuth (Authorization Code flow) with Keycloak Direct Access Grants (ROPC). However, the Keycloak terraform was never applied, so Keycloak does not accept `grant_type=password`. Production auth is completely broken. ### What Broke Production login is completely broken. Users cannot authenticate because the app sends `grant_type=password` to Keycloak, but Keycloak is not configured to accept Direct Access Grants. ### Repro Steps 1. Navigate to the production app 2. Attempt to log in 3. Auth fails because Keycloak rejects the ROPC grant type ### Expected Behavior Users should be able to log in via OmniAuth Authorization Code flow (redirect to Keycloak, get redirected back). ### Environment Production (Kubernetes) ### File Targets - Gemfile (restore omniauth gems) - Gemfile.lock (restore omniauth deps) - config/initializers/omniauth.rb (restore) - config/routes.rb (restore /auth/keycloak/* routes) - app/controllers/sessions_controller.rb (restore OmniAuth callback) - app/views/sessions/new.html.erb (restore login page) - spec/ (restore OmniAuth test helpers) ### Acceptance Criteria - [ ] OmniAuth initializer restored - [ ] OmniAuth gems restored in Gemfile/Gemfile.lock - [ ] /auth/keycloak/callback routes restored - [ ] Login page shows Keycloak redirect button - [ ] Tests pass ### Test Expectations - Existing test suite passes after revert ### Constraints - Straight git revert, no new code - Emergency fix -- prod is down ### Checklist - [ ] Revert commit af9dc69 - [ ] Push to branch - [ ] Open PR ### Related - Reverts PR #158

ldraney referenced this issue from a pull request that will close it, 2026-06-07 17:11:55 +00:00

Revert PR #158: restore OmniAuth to fix broken prod auth #161

ldraney referenced this issue from a pull request that will close it, 2026-06-07 17:15:15 +00:00

Revert PR #158: restore OmniAuth to fix broken prod auth #161

ldraney closed this issue 2026-06-07 17:21:36 +00:00

ldraney referenced this issue 2026-06-09 10:22:22 +00:00

docs: DORA metrics with pipeline timing breakdown #186

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs/update-app-architecture

revert-213

move-other-crew-bottom-remove-schedule

feature/today-view-improvements

154-enable-assume-ssl

revert-145-person-icon

docs/user-stories-auth

docs/update-infra-pipeline-post-incident

fix-cache-step-blocking-deploy

fix-kaniko-registry-pull

deactivate-from-today

feature/quick-address-entry

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ldraney/landscaping-assistant#160

No description provided.