[keycloak-dev] Fwd: Preflight for token refresh

Stian Thorgersen stian at redhat.com
Tue Dec 2 09:49:28 EST 2014 


----- Original Message -----
> From: "Alain Penders" <alain at rexorient.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 2 December, 2014 3:43:13 PM
> Subject: Re: [keycloak-dev] Fwd: Preflight for token refresh
> 
> I'm testing my UI using GWTs Super Dev Mode, which means its origin is set
> to http://127.0.0.1:8888.    Keycloak runs on http://127.0.0.1:8080/auth.

Yes, that requires CORS, but doesn't necessarily require a PREFLIGHT request. My guess is that "GWTs Super Dev Mode" sets some custom headers on all requests.

> 
> On Tue, Dec 2, 2014 at 7:32 AM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > It's the correct approach to add the preflight. Please send a PR and we'll
> > merge it.
> >
> > Out of curiosity do you know why it's sending a preflight in your app? It
> > doesn't when I test it out here, which AFAIK is correct according to spec
> > (content-type is application/x-www-form-urlencoded and there's no custom
> > headers set).
> >
> > ----- Original Message -----
> > > From: "Alain Penders" <alain at rexorient.com>
> > > To: keycloak-dev at lists.jboss.org
> > > Sent: Tuesday, 2 December, 2014 3:04:50 PM
> > > Subject: [keycloak-dev] Fwd: Preflight for token refresh
> > >
> > > Hi all,
> > >
> > > I'm building a new app using GWT 2.7 using the Keycloak javascript
> > adapter
> > > and GWT jsInterop. This works extremely well.
> > >
> > > The problem I ran into is if I walk away for 5 minutes and then try to do
> > > something, the token refresh fails on preflight. As shown in the
> > > documentation, I call keycloak.updateToken(30) to refresh the base token
> > in
> > > case it has expired. Since in this case it has indeed expired, keycloak
> > > makes a call to /auth/realms/<myrealm>/tokens/refresh. The OPTIONS call
> > to
> > > this location doesn't contain the Accept headers, and my app ends up
> > dead in
> > > the water.
> > >
> > > To fix this, I added the following code to OpenIDConnectService:
> > >
> > > /**
> > > * CORS preflight path for refresh token requests
> > > *
> > > * @return
> > > */
> > > @Path("refresh")
> > > @OPTIONS
> > > @Produces(MediaType.APPLICATION_JSON)
> > > public Response refreshAccessTokenPreflight() {
> > > if (logger.isDebugEnabled()) {
> > > logger.debugv("cors request from: {0}",
> > > request.getHttpHeaders().getRequestHeaders().getFirst("Origin"));
> > > }
> > > return Cors.add(request, Response.ok()).auth().preflight().build();
> > > }
> > >
> > > If this wasn't the correct solution for my problem, I'd enjoy hearing
> > where I
> > > went wrong.
> > >
> > > Thanks,
> > > Alain
> > >
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>

More information about the keycloak-dev mailing list