diff --git a/src/main.ts b/src/main.ts
index 94745b3d..0073e2c5 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -3,7 +3,7 @@ import App from "./App.vue";
 import router from "./router";
 import { Dialog, Notify, Quasar, Loading } from "quasar";
 import "./quasar-user-options";
-import keycloak from "@/plugins/keycloak";
+import keycloak, { getToken } from "@/plugins/keycloak";
 
 import qDraggableTable from "quasar-ui-q-draggable-table";
 import "quasar-ui-q-draggable-table/dist/index.css";
@@ -100,15 +100,13 @@ function getCookie(name: string) {
   return null;
 }
 
-const kcToken = getCookie("BMAHRIS_KEYCLOAK_IDENTITY");
-const kcRefreshToken = getCookie("BMAHRIS_KEYCLOAK_REFRESH");
+const auth = await getToken();
 
-if (kcToken && kcRefreshToken) {
+if (auth.token && auth.refresh_token) {
   keycloak.init({
-    // onLoad: 'login-required',
     checkLoginIframe: false,
-    token: kcToken,
-    refreshToken: kcRefreshToken,
+    token: auth.token,
+    refreshToken: auth.refresh_token,
   });
   // .then((authenticated) => {
   //   console.log("authenticated", authenticated);
diff --git a/src/plugins/http.ts b/src/plugins/http.ts
index fdce539c..1e65294e 100644
--- a/src/plugins/http.ts
+++ b/src/plugins/http.ts
@@ -1,5 +1,5 @@
 import Axios, { type AxiosRequestConfig, type AxiosResponse } from "axios";
-import keycloak from "./keycloak";
+import keycloak, { kcLogout } from "./keycloak";
 
 const http = Axios.create({
   timeout: 1000000000, // เพิ่มค่า timeout
@@ -33,7 +33,7 @@ http.interceptors.response.use(
       // eslint-disable-next-line no-prototype-builtins
       if (error.hasOwnProperty("response")) {
         if (error.response.status === 401 || error.response.status === 403) {
-          window.location.href = "/login";
+          kcLogout();
           // Store.commit("SET_ERROR_MESSAGE", error.response.data.message);
           // Store.commit("REMOVE_ACCESS_TOKEN")
         }
diff --git a/src/plugins/keycloak.ts b/src/plugins/keycloak.ts
index 214c25e2..19e0f9af 100644
--- a/src/plugins/keycloak.ts
+++ b/src/plugins/keycloak.ts
@@ -1,6 +1,8 @@
 // authen with keycloak client
 import Keycloak from "keycloak-js";
 
+const ACCESS_TOKEN = "BMAHRIS_KEYCLOAK_IDENTITY";
+const REFRESH_TOKEN = "BMAHRIS_KEYCLOAK_REFRESH";
 const keycloakConfig = {
   url: "https://id.frappet.synology.me",
   realm: "bma-ehr",
@@ -9,5 +11,60 @@ const keycloakConfig = {
 };
 
 const keycloak = new Keycloak(keycloakConfig);
+
+async function kcAuthen(access_token: string, refresh_token: string) {
+  await setCookie(ACCESS_TOKEN, access_token, 1);
+  await setCookie(REFRESH_TOKEN, refresh_token, 1);
+  window.location.href = "/";
+}
+
+async function kcLogout() {
+  await deleteCookie(ACCESS_TOKEN);
+  await deleteCookie(REFRESH_TOKEN);
+  if (keycloak.authenticated !== undefined) {
+    keycloak.logout();
+  }
+  window.location.href = "/login";
+}
+
+async function getToken() {
+  return {
+    token: getCookie(ACCESS_TOKEN),
+    refresh_token: getCookie(REFRESH_TOKEN),
+  };
+}
+
+function setCookie(name: string, value: any, days: number) {
+  let expires = "";
+  if (days) {
+    const date = new Date();
+    date.setTime(date.getTime() + days * 24 * 60 * 60 * 1000);
+    expires = "; expires=" + date.toUTCString();
+  }
+  document.cookie = name + "=" + (value || "") + expires + "; path=/";
+}
+
+function getCookie(name: string) {
+  const nameEQ = name + "=";
+  const ca = document.cookie.split(";");
+  for (let i = 0; i < ca.length; i++) {
+    let c = ca[i];
+    while (c.charAt(0) == " ") c = c.substring(1, c.length);
+    if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
+  }
+  return null;
+}
+
+function deleteCookie(name: string) {
+  document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;`;
+}
+
 export default keycloak;
-export { keycloakConfig };
+export {
+  keycloakConfig,
+  getToken,
+  kcAuthen,
+  kcLogout,
+  ACCESS_TOKEN,
+  REFRESH_TOKEN,
+};
diff --git a/src/router/index.ts b/src/router/index.ts
index 8c3739a3..a7b71bd3 100644
--- a/src/router/index.ts
+++ b/src/router/index.ts
@@ -11,7 +11,7 @@ import ModuleLogs from "@/modules/03_logs/router";
 import ModuleSystem from "@/modules/04_system/router";
 
 // TODO: ใช้หรือไม่?
-import keycloak from "@/plugins/keycloak";
+import keycloak, { kcLogout } from "@/plugins/keycloak";
 import checkPermission from "@/plugins/checkPermission";
 
 const router = createRouter({
@@ -57,6 +57,11 @@ const router = createRouter({
         Auth: false,
       },
     },
+    {
+      path: "/auth",
+      name: "auth",
+      component: () => import("@/views/auth.vue"),
+    },
   ],
 
   scrollBehavior(to, from, savedPosition) {
@@ -75,7 +80,7 @@ const router = createRouter({
 router.beforeEach((to, from, next) => {
   if (to.meta.Auth) {
     if (keycloak.authenticated === undefined && to.meta.Auth) {
-      window.location.href = "/login";
+      kcLogout();
     }
   } else {
     next();
diff --git a/src/views/MainLayout.vue b/src/views/MainLayout.vue
index c086685a..355a7e87 100644
--- a/src/views/MainLayout.vue
+++ b/src/views/MainLayout.vue
@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { ref, onMounted, onUnmounted, watch } from "vue";
-import keycloak from "@/plugins/keycloak";
+import keycloak, { kcLogout } from "@/plugins/keycloak";
 import { useRoute } from "vue-router";
 import { useDataStore } from "@/stores/data";
 import { storeToRefs } from "pinia";
@@ -261,10 +261,7 @@ const doLogout = () => {
   dialogConfirm(
     $q,
     async () => {
-      keycloak.logout();
-      await deleteCookie("BMAHRIS_KEYCLOAK_IDENTITY");
-      await deleteCookie("BMAHRIS_KEYCLOAK_REFRESH");
-      window.location.href = "/login";
+      kcLogout();
     },
     // keycloak.logout({
     //   redirectUri: `${window.location.protocol}//${window.location.host}/`,
diff --git a/src/views/auth.vue b/src/views/auth.vue
index 13301ef0..20c1e3e4 100644
--- a/src/views/auth.vue
+++ b/src/views/auth.vue
@@ -1,28 +1,27 @@
 <script setup lang="ts">
-import { onMounted } from 'vue'
-import { useRoute } from 'vue-router'
+import { onMounted } from "vue";
+import { useRoute } from "vue-router";
+import { kcAuthen } from "@/plugins/keycloak";
 
-const route = useRoute()
+const route = useRoute();
 
 function setCookie(name: string, value: any, days: number) {
-  let expires = ''
+  let expires = "";
   if (days) {
-    const date = new Date()
-    date.setTime(date.getTime() + days * 24 * 60 * 55 * 1000)
-    expires = '; expires=' + date.toUTCString()
+    const date = new Date();
+    date.setTime(date.getTime() + days * 24 * 60 * 55 * 1000);
+    expires = "; expires=" + date.toUTCString();
   }
-  document.cookie = name + '=' + (value || '') + expires + '; path=/'
+  document.cookie = name + "=" + (value || "") + expires + "; path=/";
 }
 
 onMounted(async () => {
-  console.log('query', route.query.token)
-  console.log('accessToken', route.query.accessToken)
-
-  setCookie('BMAHRIS_KEYCLOAK_IDENTITY', route.query.token, 1)
-  setCookie('BMAHRIS_KEYCLOAK_REFRESH', route.query.accessToken, 1)
-
-  window.location.href = '/'
-})
+  if (route.query.token && route.query.accessToken) {
+    // console.log('query', route.query.token)
+    // console.log('accessToken', route.query.accessToken)
+    kcAuthen(route.query.token.toString(), route.query.accessToken.toString());
+  }
+});
 </script>
 
 <template>
diff --git a/src/views/login.vue b/src/views/login.vue
index 1a6ff093..81725ef3 100644
--- a/src/views/login.vue
+++ b/src/views/login.vue
@@ -2,7 +2,7 @@
 <script setup lang="ts">
 import { ref, onMounted } from "vue";
 import axios from "axios";
-import keycloak, { keycloakConfig } from "@/plugins/keycloak";
+import keycloak, { keycloakConfig, kcAuthen } from "@/plugins/keycloak";
 import { useRouter } from "vue-router";
 import { useQuasar } from "quasar";
 import { useCounterMixin } from "@/stores/mixin";
@@ -48,10 +48,8 @@ async function onSubmit() {
         },
       }
     )
-    .then(async (res) => {
-      await setCookie("BMAHRIS_KEYCLOAK_IDENTITY", res.data.access_token, 1);
-      await setCookie("BMAHRIS_KEYCLOAK_REFRESH", res.data.refresh_token, 1);
-      window.location.href = "/";
+    .then((res) => {
+      kcAuthen(res.data.access_token, res.data.refresh_token);
     })
     .catch((err) => {
       messageError($q, err, "ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง");
@@ -59,18 +57,11 @@ async function onSubmit() {
     .finally(() => {
       hideLoader();
     });
-
-  // if (response.status !== 200) {
-  //   messageError($q, err)
-  // } else {
-  //   await setCookie('BMAHRIS_KEYCLOAK_IDENTITY', response.data.access_token, 1)
-  //   await setCookie('BMAHRIS_KEYCLOAK_REFRESH', response.data.refresh_token, 1)
-  //   router.push('/')
-  // }
 }
 
 onMounted(() => {
   if (keycloak.authenticated) {
+    console.log("authenticated", keycloak.authenticated);
     router.push("/");
   }
 });