[keycloak-dev] bug: how did javascript adapter ever work?
Bill Burke
bburke at redhat.com
Sun Apr 8 21:04:59 EDT 2018
Does our javascript adapter use code to token flow by default? Is
that the preferred mechanism? I don't think anybody is using it and
has never used it if so, because...its broken.
I'm integrating with a non-keycloak html5 app that is using code to
token and the code to token request is failing with a CORS error.
This is because we do not set allowed origins in TokenEndpoint:
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java#L416
Embarrassing? Or am i missing something?
--
Bill Burke
Red Hat
More information about the keycloak-dev
mailing list