[keycloak-dev] modeling CORS support

Bill Burke bburke at redhat.com
Fri Oct 18 10:07:29 EDT 2013

Here's my thoughts on modeling CORS.

* We'll take the access token approach to support CORS
* There will be a default set of allowed origins configurable at the 
realm level.
* Each Application and OAuth Client within the realm can add their own 
allowed origins.  When an Application or OAuth Client initiates a token 
grant request, the token will be populated with the allowed origins 
configured for that Application or OAuth client.
* Application adapters will have configuration switches to allow all 
method/headers.  Later on we will add options in the management 
interfaces to configure headers/methods as well.


Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list