fix mfa login after keycloak

app/api/after-mfa/route.ts

@@ -0,0 +1,28 @@
+import { enhanceRouteHandler } from '@/packages/next/src/routes';
+import { createAuthCallbackService } from '@/packages/supabase/src/auth-callback.service';
+import { getSupabaseServerClient } from '@/packages/supabase/src/clients/server-client';
+
+export const POST = () =>
+  enhanceRouteHandler(
+    async () => {
+      try {
+        const supabaseClient = getSupabaseServerClient();
+        const {
+          data: { user },
+        } = await supabaseClient.auth.getUser();
+        const service = createAuthCallbackService(supabaseClient);
+
+        if (user && service.isKeycloakUser(user)) {
+          await service.setupMedusaUserForKeycloak(user);
+        }
+
+        return new Response(null, { status: 200 });
+      } catch (err) {
+        console.error('Error on verifying:', { err });
+        return new Response(null, { status: 500 });
+      }
+    },
+    {
+      auth: false,
+    },
+  );

app/auth/callback/route.ts

@@ -47,6 +47,11 @@ export async function GET(request: NextRequest) {
 
   const service = createAuthCallbackService(getSupabaseServerClient());
   const oauthResult = await service.exchangeCodeForSession(authCode);
+
+  if (oauthResult.requiresMultiFactorAuthentication) {
+    redirect(pathsConfig.auth.verifyMfa);
+  }
+
   if (!('isSuccess' in oauthResult)) {
     return redirectOnError(oauthResult.searchParams);
   }

app/auth/verify/page.tsx

@@ -44,12 +44,7 @@ async function VerifyPage(props: Props) {
     !!nextPath && nextPath.length > 0 ? nextPath : pathsConfig.app.home;
 
   return (
-    <MultiFactorChallengeContainer
-      userId={user.id}
-      paths={{
-        redirectPath,
-      }}
-    />
+    <MultiFactorChallengeContainer userId={user.id} paths={{ redirectPath }} />
   );
 }