feat(idnot): loginWithIdNot utilise /api/v1/idnot/state et ajoute state à l’URL authorize

.env.example

@@ -1,100 +0,0 @@
-# Variables d'environnement pour l'application back-end
-NODE_OPTIONS=--max-old-space-size=2048
-NODE_ENV=production
-
-# Configuration IDNOT
-IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
-# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client
-IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
-IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
-IDNOT_API_BASE_URL=https://qual-api.notaires.fr
-
-# Configuration serveur
-APP_HOST=dev4.4nkweb.com
-# API_BASE_URL=https://demo.4nkweb.com/back
-API_BASE_URL=https://dev4.4nkweb.com/back
-# DEFAULT_STORAGE=https://demo.4nkweb.com/storage
-DEFAULT_STORAGE=https://dev4.4nkweb.com/storage
-
-# Variables d'environnement pour l'application front-end
-# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
-NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
-# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
-NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
-NEXT_PUBLIC_FRONT_APP_PORT=443
-NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
-NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
-NEXT_PUBLIC_BACK_API_PROTOCOL=https
-NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
-NEXT_PUBLIC_BACK_API_PORT=443
-NEXT_PUBLIC_BACK_API_ROOT_URL=/api
-NEXT_PUBLIC_BACK_API_VERSION=v1
-# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client'
-NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
-NEXT_PUBLIC_TARGET_ORIGIN=https://dev4.4nkweb.com/lecoffre
-NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
-NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
-NEXT_PUBLIC_DOCAPOSTE_API_URL=
-NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api
-NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
-NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
-
-# WS
-# RELAY_URLS=wss://demo.4nkweb.com/ws
-RELAY_URLS=wss://dev4.4nkweb.com/ws
-
-# SIGNER_WS_URL=ws://dev4.4nkweb.com/signer/
-SIGNER_WS_URL=ws://dev3.4nkweb.com
-SIGNER_BASE_URL=https://dev3.4nkweb.com
-
-# IHM URLS
-# VITE_BOOTSTRAPURL=http://sdk_relay:8090/
-VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/
-
-# Cartes de test Stripe
-SUCCES='4242 4242 4242 4242'
-DECLINED='4000 0025 0000 3155'
-CORS_ALLOWED_ORIGINS=http://local.4nkweb.com:3000,https://dev4.4nkweb.com
-ENABLE_SUBSCRIPTION_STUB=true
-
-core_url="http://bitcoin:38332"
-ws_url="0.0.0.0:8090"
-wallet_name="default"
-network="signet"
-blindbit_url="http://blindbit:8000"
-zmq_url="tcp://bitcoin:29000"
-storage="https://dev4.4nkweb.com/storage"
-data_dir="/home/bitcoin/.4nk"
-bitcoin_data_dir="/home/bitcoin/.bitcoin"
-
-# ================================= /!\ sensible ========================
-
-IDNOT_API_KEY=
-IDNOT_CLIENT_ID=
-IDNOT_CLIENT_SECRET=
-NEXT_PUBLIC_IDNOT_CLIENT_ID=
-
-# Configuration OVH
-OVH_APP_KEY=
-OVH_APP_SECRET=
-OVH_CONSUMER_KEY=
-OVH_SMS_SERVICE_NAME=
-
-# Configuration SMS Factor
-SMS_FACTOR_TOKEN=
-
-# Configuration Mailchimp
-MAILCHIMP_API_KEY=
-MAILCHIMP_KEY=
-MAILCHIMP_LIST_ID=
-
-# Configuration Stripe
-STRIPE_SECRET_KEY=
-STRIPE_WEBHOOK_SECRET=
-STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=
-STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=
-STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=
-STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=
-
-SIGNER_API_KEY=your-api-key-change-this
-VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9

CHANGELOG.md

@@ -6,7 +6,7 @@
 
 ## v0.1.2
 
-- LoginCallback (`index.tsx`) ajusté: suppression de la redirection spéciale `local.4nkweb.com` au profit d'un flux standard basé sur variables d'environnement.
+- LoginCallback (`index.tsx`) ajusté: suppression de la redirection spéciale `dev3.4nkweb.com` au profit d'un flux standard basé sur variables d'environnement.
 
 ## v0.1.3
 ## v0.1.4

backups/front_20250923_060340/VariablesFront.ts

@@ -0,0 +1,48 @@
+export class FrontendVariables {
+	private static instance: FrontendVariables;
+
+	public BACK_API_PROTOCOL!: string;
+
+	public BACK_API_HOST!: string;
+
+	public BACK_API_PORT!: string;
+
+	public BACK_API_ROOT_URL!: string;
+
+	public BACK_API_VERSION!: string;
+
+	public FRONT_APP_HOST!: string;
+
+	public IDNOT_BASE_URL!: string;
+
+	public IDNOT_AUTHORIZE_ENDPOINT!: string;
+
+	public IDNOT_CLIENT_ID!: string;
+
+	public IDNOT_REDIRECT_URI?: string;
+
+	public DOCAPOST_API_URL!: string;
+
+	public KEY_DATA!: string;
+
+	public FC_AUTHORIZE_ENDPOINT!: string;
+
+	public FC_CLIENT_ID!: string;
+
+	public HOTJAR_SITE_ID!: number;
+
+	public HOTJAR_VERSION!: number;
+
+	public _4NK_URL!: string;
+
+	public API_URL!: string;
+
+	private constructor() {}
+
+	public static getInstance(): FrontendVariables {
+		if (!this.instance) {
+			this.instance = new this();
+		}
+		return this.instance;
+	}
+}

backups/front_20250923_060340/authorized-client.tsx

@@ -0,0 +1,24 @@
+import LoginCallBack from "@Front/Components/Layouts/LoginCallback";
+import { useEffect } from "react";
+
+export default function Route() {
+    useEffect(() => {
+        if (typeof window !== "undefined") {
+            const origin = window.location.origin;
+            const search = window.location.search || "";
+            // Forcer HTTPS et domaine dev4 après retour ID.not
+            if (!origin.startsWith("https://dev4.4nkweb.com")) {
+                const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`;
+                window.location.replace(target);
+                return;
+            }
+            if (origin.startsWith("http://dev3.4nkweb.com")) {
+                const search = window.location.search || "";
+                const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`;
+                window.location.replace(target);
+            }
+        }
+    }, []);
+
+    return <LoginCallBack />;
+}

backups/front_20250923_060340/index.tsx

@@ -0,0 +1,239 @@
+import React, { useCallback, useEffect, useState } from "react";
+import classes from "./classes.module.scss";
+import Typography, { ETypo, ETypoColor } from "@Front/Components/DesignSystem/Typography";
+//import Image from "next/image";
+import Form from "@Front/Components/DesignSystem/Form";
+import TextField from "@Front/Components/DesignSystem/Form/TextField";
+import Button from "@Front/Components/DesignSystem/Button";
+//import franceConnectLogo from "../france-connect.svg";
+// import { useRouter } from "next/router";
+// import Customers from "@Front/Api/Auth/Id360/Customers/Customers";
+import { ValidationError } from "class-validator";
+import Image from "next/image";
+import LogoSmallBlue from "@Assets/logo_small_blue.svg";
+
+import idNoteLogo from "@Assets/Icons/id-note-logo.svg";
+import { useRouter } from "next/router";
+import { FrontendVariables } from "@Front/Config/VariablesFront";
+import Confirm from "@Front/Components/DesignSystem/OldModal/Confirm";
+
+type IProps = {
+	onSubmit: (e: React.FormEvent<HTMLFormElement> | null, values: { [key: string]: string }) => void;
+	validationErrors: ValidationError[];
+};
+
+export default function StepEmail(props: IProps) {
+	const { onSubmit, validationErrors } = props;
+	const [isErrorModalOpen, setIsErrorModalOpen] = useState(0);
+
+	// Forcer HTTPS dès le début pour éviter le contexte de sécurité mixte
+	useEffect(() => {
+		if (typeof window !== "undefined" && window.location.protocol === "http:") {
+			const target = `https://dev4.4nkweb.com/lecoffre${window.location.pathname}${window.location.search}`;
+			window.location.replace(target);
+		}
+	}, []);
+
+	/* const router = useRouter();
+	const redirectCustomerOnConnection = useCallback(() => {
+		async function getCustomer() {
+			try {
+				const loginRes = await Customers.getInstance().login();
+				router.push(loginRes.enrollment.franceConnectUrl);
+			} catch (e) {
+				console.error(e);
+			}
+		}
+		getCustomer();
+	}, [router]); */
+
+	const router = useRouter();
+	const error = router.query["error"];
+	const redirectUserOnConnection = useCallback(() => {
+		const variables = FrontendVariables.getInstance();
+		let redirectUri = variables.IDNOT_REDIRECT_URI || "";
+		if (!redirectUri) {
+			console.warn("[IDNOT] NEXT_PUBLIC_IDNOT_REDIRECT_URI vide; fallback sur FRONT_APP_HOST/authorized-client");
+			redirectUri = `${variables.FRONT_APP_HOST}/authorized-client`;
+		}
+		const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`;
+		router.push(
+			`${authorizeBase}?client_id=${variables.IDNOT_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=openid,profile&response_type=code`,
+		);
+	}, [router]);
+
+	const openErrorModal = useCallback((index: number) => {
+		setIsErrorModalOpen(index);
+	}, []);
+
+	const closeErrorModal = useCallback(() => {
+		setIsErrorModalOpen(0);
+	}, []);
+
+	const closeNoEmailModal = useCallback(() => {
+		setIsErrorModalOpen(0);
+		router.push("https://connexion.idnot.fr/");
+	}, [router]);
+
+	// const closeContactAdminModal = () => {
+	// 	setIsErrorModalOpen(0);
+	// 	window.open("https://www.lecoffre.io/contact", "_blank");
+	// };
+
+	useEffect(() => {
+		openErrorModal(parseInt(error as string));
+	}, [error, openErrorModal]);
+
+	return (
+		<div className={classes["root"]}>
+			<div className={classes["header"]}>
+				<Image src={LogoSmallBlue} alt="Logo small blue" height="56" width="56" />
+				<Typography typo={ETypo.TITLE_H1} color={ETypoColor.TEXT_ACCENT}>
+					Bienvenue !
+				</Typography>
+				<Typography typo={ETypo.TITLE_H5}>Connectez-vous pour accéder à votre espace sécurisé.</Typography>
+			</div>
+			<div className={classes["content"]}>
+				<div className={classes["section"]}>
+					<Typography typo={ETypo.TITLE_H6} color={ETypoColor.TEXT_ACCENT} className={classes["section-title"]}>
+						Pour les notaires et les collaborateurs :
+					</Typography>
+					<Button onClick={redirectUserOnConnection} rightIcon={<Image alt="id-not-logo" src={idNoteLogo} />}>
+						S'identifier avec ID.not
+					</Button>
+				</div>
+				<div className={classes["section"]}>
+					<Typography typo={ETypo.TITLE_H6} color={ETypoColor.TEXT_ACCENT} className={classes["section-title"]}>
+						Pour les clients :
+					</Typography>
+					<Form className={classes["form"]} onSubmit={onSubmit}>
+						{
+							<TextField
+								placeholder="Renseigner votre email"
+								label="E-mail"
+								name="email"
+								validationError={validationErrors.find((err) => err.property === "email")}
+							/>
+						}
+						<Button type="submit">Se connecter</Button>
+					</Form>
+				</div>
+			</div>
+			<Confirm
+				isOpen={isErrorModalOpen === 1}
+				onClose={closeErrorModal}
+				showCancelButton={false}
+				onAccept={closeErrorModal}
+				closeBtn
+            header={"Problème de connexion"}
+            confirmText={"Fermer"}>
+				<div className={classes["modal-content"]}>
+                    <Typography typo={ETypo.TEXT_MD_LIGHT} className={classes["text"]}>
+                        Une erreur est survenue lors de la connexion. Veuillez réessayer ou contacter le support si le problème persiste.
+                    </Typography>
+					<a className={classes["modal-button"]} href="mailto:support@lecoffre.io" target="_blank">
+						<Typography typo={ETypo.TEXT_MD_REGULAR} color={ETypoColor.COLOR_SECONDARY_500} className={classes["button-text"]}>
+							Contactez le support
+						</Typography>
+					</a>
+				</div>
+			</Confirm>
+			<Confirm
+				isOpen={isErrorModalOpen === 2}
+				onClose={closeErrorModal}
+				showCancelButton={false}
+				onAccept={closeErrorModal}
+				closeBtn
+				header={"Session expirée"}
+				confirmText={"OK"}>
+				<div className={classes["modal-content"]}>
+					<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+						Veuillez vous reconnecter.
+					</Typography>
+				</div>
+			</Confirm>
+			<Confirm
+				isOpen={isErrorModalOpen === 3}
+				onClose={closeErrorModal}
+				onAccept={closeNoEmailModal}
+				closeBtn
+				header={"E-mail Professionnel Manquant"}
+				confirmText={"Accéder à mon compte ID.not"}
+				cancelText={"Fermer"}>
+				<div className={classes["modal-content"]}>
+					<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+						Votre e-mail professionnel n'est pas renseigné sur votre compte ID.Not. Merci de l'ajouter pour accéder à ce
+						service. Pour toute question, contactez-nous à support@lecoffre.io.
+					</Typography>
+					<a className={classes["modal-button"]} href="mailto:support@lecoffre.io" target="_blank">
+						<Typography typo={ETypo.TEXT_MD_REGULAR} color={ETypoColor.COLOR_SECONDARY_500} className={classes["button-text"]}>
+							Contactez le support
+						</Typography>
+					</a>
+				</div>
+			</Confirm>
+			<Confirm
+				isOpen={isErrorModalOpen === 4}
+				onClose={closeErrorModal}
+				showCancelButton={false}
+				onAccept={closeErrorModal}
+				closeBtn
+				header={"Connexion à ID.Not impossible"}
+				confirmText={"Fermer"}>
+				<div className={classes["modal-content"]}>
+					<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+						Notre partenaire ID.Not rencontre actuellement un problème technique. Nous vous tiendrons informé de l'évolution.
+						Pour toute question, contactez-nous à support@lecoffre.io.
+					</Typography>
+					<a className={classes["modal-button"]} href="mailto:support@lecoffre.io" target="_blank">
+						<Typography typo={ETypo.TEXT_MD_REGULAR} color={ETypoColor.COLOR_SECONDARY_500} className={classes["button-text"]}>
+							Contactez le support
+						</Typography>
+					</a>
+				</div>
+			</Confirm>
+			{/* <Confirm
+				isOpen={isErrorModalOpen === 4}
+				onClose={closeErrorModal}
+				onAccept={closeContactAdminModal}
+				closeBtn
+				header={"Vous n’êtes pas bêta-testeur"}
+				confirmText={"Contacter l'administrateur"}
+				cancelText={"OK"}>
+				<div className={classes["modal-content"]}>
+					<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+						L'accès à la version bêta de lecoffre.io est limité à un groupe restreint d'utilisateurs autorisés.
+					</Typography>
+					<ul>
+						<li>
+							<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+								Si vous êtes intéressé par la participation à notre programme de bêta-test, veuillez nous compléter le
+								formulaire :{" "}
+								<a
+									href="https://www.lecoffre.io/contact"
+									target="_blank"
+									style={{ color: "blue", textDecoration: "underline" }}>
+									https://www.lecoffre.io/contact
+								</a>
+							</Typography>
+						</li>
+						<div style={{ marginBottom: "10px" }}></div>
+						<li>
+							<Typography typo={ETypo.TEXT_MD_REGULAR} className={classes["text"]}>
+								Si vous avez déjà un compte bêta-testeur, veuillez vous connecter sur{" "}
+								<a
+									href="https://compte.idnot.fr/home"
+									target="_blank"
+									style={{ color: "blue", textDecoration: "underline" }}>
+									https://compte.idnot.fr/home
+								</a>{" "}
+								et vérifier que l'adresse mail renseignée sur votre espace est identique à celle que vous nous avez
+								communiquée.
+							</Typography>
+						</li>
+					</ul>
+				</div>
+			</Confirm> */}
+		</div>
+	);
+}

backups/front_20250923_060340/next.config.js

@@ -0,0 +1,83 @@
+/** @type {import('next').NextConfig} */
+
+const nextConfig = {
+	reactStrictMode: false,
+	output: 'standalone',
+	basePath: '/lecoffre',
+	typescript: {
+		ignoreBuildErrors: true,
+	},
+	publicRuntimeConfig: {
+		// Will be available on both server and client
+		NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL,
+		NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST,
+		NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT,
+		NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL,
+		NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION,
+		NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST,
+		NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT,
+		NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT,
+		NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
+		NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
+		NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
+		NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
+		NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
+		NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
+		NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+		NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID,
+		NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS,
+	},
+
+	serverRuntimeConfig: {
+		NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL,
+		NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST,
+		NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT,
+		NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL,
+		NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION,
+		NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST,
+		NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT,
+		NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT,
+		NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
+		NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
+		NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
+		NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
+		NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
+		NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
+		NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+		NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID,
+		NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS,
+	},
+
+	env: {
+		NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL,
+		NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST,
+		NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT,
+		NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL,
+		NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION,
+		NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST,
+		NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT,
+		NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT,
+		NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID,
+		NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL,
+		NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI,
+		NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL,
+		NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL,
+		NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL,
+		NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL,
+		NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID,
+		NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS,
+	},
+
+	// webpack: config => {
+	// 	config.node = {
+	// 	  fs: 'empty',
+	// 	  child_process: 'empty',
+	// 	  net: 'empty',
+	// 	  dns: 'empty',
+	// 	  tls: 'empty',
+	// 	};
+	// 	return config;
+	// },
+};
+
+module.exports = nextConfig;

docs/ARCHITECTURE.md

@@ -5,8 +5,7 @@
 - Intègre `ihm_client` via iframe.
 
 ## Dépendances
-- Backend `lecoffre-back-mini` (`NEXT_PUBLIC_BACK_*`).
-- Redirections IdNot (local.4nkweb.com:3000).
+- Redirections IdNot (dev3.4nkweb.com).
 
 ## Réseau et ports
 - Servi via Nginx: `https://dev4.4nkweb.com/lecoffre/`.

src/front/Api/Auth/IdNot/index.ts

@@ -27,16 +27,45 @@ export default class Auth extends BaseApiService {
 
 	public async loginWithIdNot() {
 		const variables = FrontendVariables.getInstance();
-		let redirectUri = variables.IDNOT_REDIRECT_URI || "";
-		if (!redirectUri) {
-			console.warn("[IDNOT] NEXT_PUBLIC_IDNOT_REDIRECT_URI vide; fallback sur FRONT_APP_HOST/authorized-client");
-			redirectUri = `${variables.FRONT_APP_HOST}/authorized-client`;
-		}
-		const url = new URL(
-			`${variables.IDNOT_BASE_URL + variables.IDNOT_AUTHORIZE_ENDPOINT}?client_id=${variables.IDNOT_CLIENT_ID}&redirect_uri=${redirectUri}&scope=openid,profile&response_type=code`,
-		);
+
+		// Determine next URL for the final redirect after backend callback processing
+		const nextUrl = (typeof window !== 'undefined')
+			? `${window.location.origin}/authorized-client`
+			: `${variables.FRONT_APP_HOST}/authorized-client`;
+
+		// Resolve backend base for calling the state endpoint (prefer explicit BACK_BASE)
+		const backBase = variables.BACK_BASE || `${variables.BACK_API_PROTOCOL}://${variables.BACK_API_HOST}${variables.BACK_API_PORT ? `:${variables.BACK_API_PORT}` : ''}`;
+		const stateEndpoint = new URL(`/api/v1/idnot/state`, backBase);
+
 		try {
-			return await this.getRequest(url);
+			// 1) Ask backend for a signed state that embeds next_url
+			const resp = await fetch(stateEndpoint.toString(), {
+				method: 'POST',
+				headers: { 'Content-Type': 'application/json' },
+				body: JSON.stringify({ next_url: nextUrl })
+			});
+			if (!resp.ok) {
+				console.error('[IDNOT] Failed to create state', resp.status);
+				throw new Error(`Failed to create state: ${resp.status}`);
+			}
+			const { state } = await resp.json();
+			if (!state) {
+				throw new Error('Empty state from backend');
+			}
+
+			// 2) Build the IdNot authorization URL with fixed redirect_uri and the signed state
+			const fixedRedirect = variables.IDNOT_REDIRECT_URI_FIXED || 'http://local.4nkweb.com:3000/authorized-client';
+			const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`;
+			const authorizeUrl = `${authorizeBase}?client_id=${encodeURIComponent(variables.IDNOT_CLIENT_ID)}&redirect_uri=${encodeURIComponent(fixedRedirect)}&scope=openid,profile&response_type=code&state=${encodeURIComponent(state)}`;
+
+			console.log('[IDNOT] authorizeUrl', authorizeUrl);
+			console.log('[IDNOT] state', state);
+
+			// Prefer navigating here if running in browser; also return the URL for callers that want to handle navigation
+			if (typeof window !== 'undefined') {
+				window.location.assign(authorizeUrl);
+			}
+			return authorizeUrl;
 		} catch (err) {
 			this.onError(err);
 			return Promise.reject(err);

src/front/Components/Layouts/LoginCallback/index.tsx

@@ -66,9 +66,9 @@ export default function LoginCallBack() {
       UserStore.instance.disconnect();
 
       // TODO: review
-      // HACK: If start with http://local.4nkweb.com:3000/authorized-client
+      // HACK: If start with http://dev3.4nkweb.com/authorized-client
       //       Replace with http://localhost:3000/authorized-client
-      // if (window.location.href.startsWith('http://local.4nkweb.com')) {
+      // if (window.location.href.startsWith('http://dev3.4nkweb.com')) {
       //  return;
       // }