<div dir="ltr">I'm testing my UI using GWTs Super Dev Mode, which means its origin is set to <a href="http://127.0.0.1:8888">http://127.0.0.1:8888</a>. Keycloak runs on <a href="http://127.0.0.1:8080/auth">http://127.0.0.1:8080/auth</a>.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Dec 2, 2014 at 7:32 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It's the correct approach to add the preflight. Please send a PR and we'll merge it.<br>
<br>
Out of curiosity do you know why it's sending a preflight in your app? It doesn't when I test it out here, which AFAIK is correct according to spec (content-type is application/x-www-form-urlencoded and there's no custom headers set).<br>
<span class=""><br>
----- Original Message -----<br>
> From: "Alain Penders" <<a href="mailto:alain@rexorient.com">alain@rexorient.com</a>><br>
</span><div><div class="h5">> To: <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> Sent: Tuesday, 2 December, 2014 3:04:50 PM<br>
> Subject: [keycloak-dev] Fwd: Preflight for token refresh<br>
><br>
> Hi all,<br>
><br>
> I'm building a new app using GWT 2.7 using the Keycloak javascript adapter<br>
> and GWT jsInterop. This works extremely well.<br>
><br>
> The problem I ran into is if I walk away for 5 minutes and then try to do<br>
> something, the token refresh fails on preflight. As shown in the<br>
> documentation, I call keycloak.updateToken(30) to refresh the base token in<br>
> case it has expired. Since in this case it has indeed expired, keycloak<br>
> makes a call to /auth/realms/<myrealm>/tokens/refresh. The OPTIONS call to<br>
> this location doesn't contain the Accept headers, and my app ends up dead in<br>
> the water.<br>
><br>
> To fix this, I added the following code to OpenIDConnectService:<br>
><br>
> /**<br>
> * CORS preflight path for refresh token requests<br>
> *<br>
> * @return<br>
> */<br>
> @Path("refresh")<br>
> @OPTIONS<br>
> @Produces(MediaType.APPLICATION_JSON)<br>
> public Response refreshAccessTokenPreflight() {<br>
> if (logger.isDebugEnabled()) {<br>
> logger.debugv("cors request from: {0}",<br>
> request.getHttpHeaders().getRequestHeaders().getFirst("Origin"));<br>
> }<br>
> return Cors.add(request, Response.ok()).auth().preflight().build();<br>
> }<br>
><br>
> If this wasn't the correct solution for my problem, I'd enjoy hearing where I<br>
> went wrong.<br>
><br>
> Thanks,<br>
> Alain<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote></div><br></div>