diff --git a/Caddyfile b/Caddyfile
index 7aa872c..68308e7 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,17 +1,17 @@
 # Caddyfile
 
-flask.localhost {
+http://flask.localhost {
     reverse_proxy flask:5000
 }
 
-wekan.localhost {
+http://wekan.localhost {
     reverse_proxy wekan:8080
 }
 
-chat.localhost {
+http://chat.localhost {
     reverse_proxy mattermost:8065
 }
 
-keycloak.localhost {
+http://keycloak.localhost {
     reverse_proxy keycloak:8080
 }
\ No newline at end of file
diff --git a/add-localhosts.bat b/add-localhosts.bat
new file mode 100644
index 0000000..39e4459
--- /dev/null
+++ b/add-localhosts.bat
@@ -0,0 +1,19 @@
+@echo off
+set HOSTS_FILE=%SystemRoot%\System32\drivers\etc\hosts
+
+set DOMAINS=flask.localhost keycloak.localhost chat.localhost wekan.localhost
+
+echo [🔧] Mise à jour de %HOSTS_FILE%
+
+for %%D in (%DOMAINS%) do (
+    findstr /C:"%%D" %HOSTS_FILE% >nul
+    if errorlevel 1 (
+        echo 127.0.0.1 %%D >> %HOSTS_FILE%
+        echo [+] Ajouté : %%D
+    ) else (
+        echo [=] Déjà présent : %%D
+    )
+)
+
+echo [✅] Terminé.
+pause
diff --git a/add-localhosts.sh b/add-localhosts.sh
new file mode 100755
index 0000000..8dc5d37
--- /dev/null
+++ b/add-localhosts.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+HOSTS_FILE="/etc/hosts"
+DOMAINS=("flask.localhost" "keycloak.localhost" "chat.localhost" "wekan.localhost")
+
+echo "[🔧] Mise à jour de : $HOSTS_FILE"
+
+for domain in "${DOMAINS[@]}"; do
+  if grep -q "$domain" "$HOSTS_FILE"; then
+    echo "[=] Déjà présent : $domain"
+  else
+    echo "127.0.0.1 $domain" | sudo tee -a "$HOSTS_FILE" > /dev/null
+    echo "[+] Ajouté : $domain"
+  fi
+done
+
+echo "[✅] Terminé."
diff --git a/docker-compose.yml b/docker-compose.yml
index 73266bc..04eabff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,7 @@ services:
       - wekan
       - mattermost
     networks:
-      - backend
+      - gesthub
 
   flask:
     build: ./web
@@ -22,13 +22,14 @@ services:
       - DB_USER=flaskuser
       - DB_PASSWORD=flaskpass
       - DB_NAME=flaskdb
+    extra_hosts:
+    - "keycloak.localhost:172.18.0.10"
     depends_on:
       - mariadb
-      - keycloak
     volumes:
       - ./web:/app
     networks:
-      - backend
+      - gesthub
 
   mariadb:
     image: mariadb:latest
@@ -40,7 +41,7 @@ services:
     volumes:
       - mariadb_data:/var/lib/mysql
     networks:
-      - backend
+      - gesthub
 
   wekan:
     image: wekanteam/wekan
@@ -50,14 +51,14 @@ services:
     depends_on:
       - mongo
     networks:
-      - backend
+      - gesthub
 
   mongo:
     image: mongo:latest
     volumes:
       - mongo_data:/data/db
     networks:
-      - backend
+      - gesthub
 
   mattermost:
     image: mattermost/mattermost-team-edition:latest
@@ -72,7 +73,7 @@ services:
     volumes:
       - mattermost_data:/mattermost/data
     networks:
-      - backend
+      - gesthub
 
   db:
     image: postgres:13
@@ -83,8 +84,7 @@ services:
     volumes:
       - postgres_data:/var/lib/postgresql/data
     networks:
-      - backend
-
+      - gesthub
   keycloak:
     image: quay.io/keycloak/keycloak:22.0.5
     command: start-dev
@@ -94,13 +94,8 @@ services:
       - KC_DB=postgres
       - KC_DB_URL_HOST=keycloak-db
       - KC_DB_URL_DATABASE=keycloak
-      # - KC_DB_USERNAME=keycloak
+      - KC_DB_USERNAME=keycloak
       - KC_DB_PASSWORD=keycloakpass
-      - KC_HOSTNAME=keycloak
-      - KC_HTTP_ENABLED=true
-      - KC_HOSTNAME_STRICT=false
-      - KC_HOSTNAME_STRICT_HTTPS=false
-      - KC_PROXY=edge
     ports:
       - "8080:8080"
     depends_on:
@@ -108,8 +103,7 @@ services:
     volumes:
       - keycloak_data:/opt/keycloak/data
     networks:
-      - backend
-
+      - gesthub
   keycloak-db:
     image: postgres:13
     environment:
@@ -119,8 +113,11 @@ services:
     volumes:
       - keycloakdb_data:/var/lib/postgresql/data
     networks:
-      - backend
-
+      - gesthub
+networks:
+  gesthub:
+    driver: bridge
+    
 volumes:
   caddy_data:
   caddy_config:
@@ -129,7 +126,4 @@ volumes:
   mattermost_data:
   postgres_data:
   keycloak_data:
-  keycloakdb_data:
-
-networks:
-  backend:
+  keycloakdb_data:
\ No newline at end of file
diff --git a/web/app.py b/web/app.py
index acf5857..389de19 100644
--- a/web/app.py
+++ b/web/app.py
@@ -1,3 +1,4 @@
+import os
 from flask import Flask, redirect, url_for, session, render_template
 from flask_sqlalchemy import SQLAlchemy
 from authlib.integrations.flask_client import OAuth
@@ -5,7 +6,7 @@ from authlib.integrations.flask_client import OAuth
 app = Flask(__name__)
 app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://flaskuser:flaskpass@mariadb/flaskdb'
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-app.secret_key = 'ninolabat'
+app.secret_key = os.environ.get("SECRET_KEY", "dev-key")
 
 db = SQLAlchemy(app)
 
@@ -15,8 +16,8 @@ oauth = OAuth(app)
 keycloak = oauth.register(
     name='keycloak',
     client_id='flask-app',
-    client_secret='jp4T3FnlpzHyc4Ch4zNoO8cAakXzHi50',
-    server_metadata_url='http://keycloak:8080/realms/GestHub/.well-known/openid-configuration',
+    client_secret='6R70kt1x9KjYpccZCMnPvJAGiJFzRHjE',
+    server_metadata_url='http://keycloak.localhost/realms/gesthub/.well-known/openid-configuration',
     client_kwargs={
         'scope': 'openid profile email',
     }
@@ -31,12 +32,15 @@ def index():
 
 @app.route('/login')
 def login():
+    nonce = uuid.uuid4().hex
+    session['nonce'] = nonce
     redirect_uri = url_for('auth', _external=True)
     return keycloak.authorize_redirect(redirect_uri)
 
 @app.route('/auth')
 def auth():
     token = keycloak.authorize_access_token()
+    nonce = session.pop('nonce', None)
     userinfo = keycloak.parse_id_token(token)
     session['user'] = userinfo
     return redirect('/')