[keycloak-user] CORS Header for direct grants
Stian Thorgersen
stian at redhat.com
Tue Jul 14 03:27:02 EDT 2015
Thanks for adding it yourself :)
----- Original Message -----
> From: "Gregor Tudan" <Gregor.Tudan at cofinpro.de>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Tuesday, 14 July, 2015 8:49:55 AM
> Subject: Re: [keycloak-user] CORS Header for direct grants
>
> Here’s the JIRA with the PR linked:
> https://issues.jboss.org/browse/KEYCLOAK-1564
>
> This fixes the issue on my setup, so thanks Stian for your advice.
>
>
> Am 13. Juli 2015 bei 16:44:48, Stian Thorgersen
> (stian at redhat.com<mailto:stian at redhat.com>) schrieb:
>
> It's not a big deal to add CORS support for it, so create a JIRA for it. Even
> better provide a PR and it'll be included for the 1.4 release
>
> ----- Original Message -----
> > From: "Gregor Tudan" <Gregor.Tudan at cofinpro.de>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: keycloak-user at lists.jboss.org
> > Sent: Monday, 13 July, 2015 4:37:24 PM
> > Subject: Re: [keycloak-user] CORS Header for direct grants
> >
> > I see, so I’ll need to think of something else then - I know that this is a
> > stupid use-case, but we have a requirement where the application has to
> > request a token by credentials supplied from elsewhere. :-(
> >
> > Thanks again,
> > Gregor
> >
> >
> > Am 13. Juli 2015 bei 16:22:34, Stian Thorgersen
> > (stian at redhat.com<mailto:stian at redhat.com>) schrieb:
> >
> > Ah, sorry missed that. We don't currently add CORS headers for the user
> > credential grant flow as it shouldn't be used by a web application.
> >
> > ----- Original Message -----
> > > From: "Gregor Tudan" <Gregor.Tudan at cofinpro.de>
> > > To: keycloak-user at lists.jboss.org
> > > Sent: Monday, 13 July, 2015 4:07:12 PM
> > > Subject: Re: [keycloak-user] CORS Header for direct grants
> > >
> > > Hi Stian,
> > >
> > > I’m aware that I’m comparing different request here (code vs. password -
> > > I
> > > just had them at hands). But is that relevant relevant in terms of the
> > > CORS-Headers returned?
> > >
> > > Thanks,
> > > Gregor
> > >
> > >
> > >
> > >
> > >
> > >
> > > Am 13. Juli 2015 bei 15:14:42, Stian Thorgersen ( stian at redhat.com )
> > > schrieb:
> > >
> > >
> > > 20AEZy_EQY5Is.03b568e4-adcd-4c7d-bc81-44fded29be61&grant_type=authorization_code&client_id=vv-frontend&redirect_uri=<snip>
> > > > But when I request a token by direct grant, the CORS-Headers are
> > > > missing:
> > > >
> > > >
> > > >
> > > > 1. POST /auth/realms/VV/protocol/openid-connect/token HTTP/1.1 Host:
> > > > fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 69
> > > > Accept: application/json Origin: http://localhost:8000 User-Agent:
> > > > Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36
> > > > (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 Content-type:
> > > > application/x-www-form-urlencoded DNT: 1 Referer:
> > > > http://localhost:8000/app/depot/ Accept-Encoding: gzip, deflate
> > > > Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
> > > > Content
> > > >
> > > >
> > > > 1.
> > > > username=dirk&password=dirk&client_id=vv-frontend&grant_type=password
> > > > Am I missing something?
> > > >
> > > > Thanks,
> > > > Gregor
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > OCALE=de;
> > > > KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1YTI4YTk1MS02ZDY2LTQ1YzEtOTM3Ny0zMjdjYzAwYzA3YjYiLCJleHAiOjE0MzY4MjgyNjIsIm5iZiI6MCwiaWF0IjoxNDM2NzkyMjYyLCJpc3MiOiJodHRwOi8vZnMwMWUudGVjaC52aXN1YWx2ZXN0LmRlL2F1dGgvcmVhbG1zL1ZWIiwic3ViIjoiOWZlNGM3ZWEtYmNjNS00NmY2LWEwMzMtZjllZGE4ZDlmYTVjIiwic2Vzc2lvbl9zdGF0ZSI6ImRkNmE2ZDVjLWRkYjMtNDc3Mi1hZDNkLTk2OGJiMzc1NzdjOSIsInJlc291cmNlX2FjY2VzcyI6e319.PabltPm2_dkWsZ4fwS8jrxTW0qv7nFY2ZkZAjjFozkxP7K8kZcg7We4gzshkqdRF1kfB57_zQFp8BKyRa08hG5zskZk_SmpbOwAoKL2lrME7Zm7ErBSMIF7KZ6ZUIznIu8LTnP0m0mgmReqxNEYtIdim-7sXdfEhws9q-cC4mAQ;
> > > > KEYCLOAK_SESSION=VV/9fe4c7ea-bcc5-46f6-a033-f9eda8d9fa5c/dd6a6d5c-ddb3-4772-ad3d-968bb37577c9
> > > >
> > > > Content:
> > > >
> > > >
> > > > 1.
> > > > code=rDhHgSDNa9MgJl9RSqk7TLOByTto2A20AEZy_EQY5Is.03b568e4-adcd-4c7d-bc81-44fded29be61&grant_type=authorization_code&client_id=vv-frontend&redirect_uri=<snip>
> > > > But when I request a token by direct grant, the CORS-Headers are
> > > > missing:
> > > >
> > > >
> > > >
> > > > 1. POST /auth/realms/VV/protocol/openid-connect/token HTTP/1.1 Host:
> > > > fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 69
> > > > Accept: application/json Origin: http://localhost:8000 User-Agent:
> > > > Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36
> > > > (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 Content-type:
> > > > application/x-www-form-urlencoded DNT: 1 Referer:
> > > > http://localhost:8000/app/depot/ Accept-Encoding: gzip, deflate
> > > > Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
> > > > Content
> > > >
> > > >
> > > > 1.
> > > > username=dirk&password=dirk&client_id=vv-frontend&grant_type=password
> > > > Am I missing something?
> > > >
> > > > Thanks,
> > > > Gregor
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
More information about the keycloak-user
mailing list