[keycloak-user] Enable CORS on token endpoint
Sebastien Blanc
sblanc at redhat.com
Thu Sep 5 04:50:02 EDT 2019
Hi,
Have you set the "Web Origins" field in the client configuration on the
keycloak webconsole ?
That should be enough.
Sebi
On Thu, Sep 5, 2019 at 10:47 AM David Sautter <
David.Sautter at rohde-schwarz.com> wrote:
> Hello,
>
> I’m trying to do OpenId Connect Authentication using the Authorization
> Code Flow with the client library openid-client-js library. It behaves
> conformant to the specification.
> If you are doing the Authorization Code Flow without using a server-side
> component to exchange the code for a token (which you can/should do
> according to the security best practices recommendation), you run into a
> problem. The browser needs to exchange the code for a token and therefore
> perform a CORS request on the token endpoint.
> The token endpoint currently does not have CORS enabled, as far as the
> response is telling me.
> How to enable it?
>
>
> Mit freundlichen Grüßen/ Best Regards,
> David Sautter
>
> Rohde & Schwarz GmbH & Co. KG
> Postbox 80 14 69, D-81614 Muenchen
> Dept. 1DS5
> Fon: +49 89 4129 15256
> Email: David.Sautter at rohde-schwarz.com<mailto:
> David.Sautter at rohde-schwarz.com>
>
> Der Inhalt dieses E-Mails ist ausschliesslich für den/die beabsichtigten
> Adressaten bestimmt. Es kann Informationen enthalten, die vertraulich
> und/oder rechtlich geschützt sind. Jegliche Ansicht, Weiterleitung,
> Verbreitung oder Nutzung durch andere Personen oder Stellen als durch den
> beabsichtigten Adressaten ist verboten.
> Falls Sie diese E-Mail irrtümlicherweise erhalten haben, informieren Sie
> bitte den Absender und löschen Sie das Datenmaterial von Ihrem Computer.
>
> If you are not the intended recipient of this message, you are hereby
> notified that any dissemination, use or distribution of this message is
> unauthorized and prohibited. Please immediately notify the sender that you
> have received this mes-sage and destroy the original.
> Although this message has been checked for viruses, it is not guaranteed
> to be virus-free. You are strongly advised to perform another virus check
> of any attachment before opening it.
>
> Geschäftsführung / Executive Board: Christian Leicher (Vorsitzender /
> Chairman), Peter Riedel, Sitz der Gesellschaft / Company's Place of
> Business: München, Registereintrag / Commercial Register No.: HRA 16 270,
> Persönlich haftender Gesellschafter / Personally Liable Partner: RUSEG
> Verwaltungs-GmbH, Sitz der Gesellschaft / Company's Place of Business:
> München, Registereintrag / Commercial Register No.: HRB 7 534,
> Umsatzsteuer-Identifikationsnummer (USt-IdNr.) / VAT Identification No.: DE
> 130 256 683, Elektro-Altgeräte Register (EAR) / WEEE Register No.: DE 240
> 437 86
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list