[keycloak-dev] modeling CORS support
bburke at redhat.com
Fri Oct 18 10:07:29 EDT 2013
Here's my thoughts on modeling CORS.
* We'll take the access token approach to support CORS
* There will be a default set of allowed origins configurable at the
* Each Application and OAuth Client within the realm can add their own
allowed origins. When an Application or OAuth Client initiates a token
grant request, the token will be populated with the allowed origins
configured for that Application or OAuth client.
* Application adapters will have configuration switches to allow all
method/headers. Later on we will add options in the management
interfaces to configure headers/methods as well.
JBoss, a division of Red Hat
More information about the keycloak-dev