<div dir="ltr"><div>I am receiving Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a>. This can be fixed by moving the resource to the same domain or enabling CORS. What 'application' does the <a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a> url use for it's origins? I have worktrac realm worktrac app and account app both configured with <a href="http://localhost:8080/*">http://localhost:8080/*</a> which is the origin. Also it seems like that's the errors it's indicated, but I also see a 404 error for this URL. I have valid Subject, idtoken and token as I printed them to the console and included below. I also pasted the java code and my keycloak.json which seems to be working upto "Here 2". It seems this is 90% there it's just failing at the actual call.<br><br></div><span style="color:rgb(255,0,0)"><i>"subject"<br></i></span><div><span style="color:rgb(255,0,0)"><i>"441e652f-fc78-453e-90dd-2b998eb771d7" <br>"idtoken"<br>"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE" MyController.js:86<br>"token" <br>"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU" <br></i></span><br><br> var keycloak = Keycloak();<br> var loadData = function () {<br><br> console.log(keycloak.subject);<br> console.log('idtoken');<br> console.log(keycloak.idToken);<br> console.log('token');<br> console.log(keycloak.token);<br><br> var url = '<a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a>';<br> var req = new XMLHttpRequest();<br><br> req.open('GET', url, true);<br> req.setRequestHeader('Accept', 'application/json');<br> req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);<br><br> console.log('Here 1');<br> req.onreadystatechange = function () {<br> if (req.readyState == 4) {<br> console.log('Here 2');<br> if (req.status == 200) {<br> console.log('render page 3');<br> var users = JSON.parse(req.responseText);<br> var html = '';<br> for (var i = 0; i < users.length; i++) {<br> html += '<p>' + users[i] + '</p>';<br> }<br> console.log('HTML');<br> console.log(html);<br> console.log('finished loading data');<br> }<br> }<br> };<br><br> req.send();<br> };<br><br><br> var loadFailure = function () {<br> document.getElementById('customers').innerHTML = '<b>Failed to load data. Check console log</b>';<br> };<br><br> var reloadData = function () {<br> keycloak.updateToken(10)<br> .success(loadData)<br> .error(function() {<br> document.getElementById('customers').innerHTML = '<b>Failed to load data. User is logged out.</b>';<br> });<br> };<br><br><br> keycloak.init({ onLoad: 'login-required' }).success(reloadData);<br><br></div><div>keycloak.json<br>{<br> "realm": "worktrac",<br> "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",<br> "auth-server-url": "<a href="http://localhost:8082/auth">http://localhost:8082/auth</a>",<br> "ssl-required": "none",<br> "resource": "worktrac",<br> "public-client": true,<br> "use-resource-role-mappings": true,<br> "enable-cors" : true,<br> "cors-max-age" : 1000,<br> "cors-allowed-methods": "POST, PUT, DELETE, GET"<br>}<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Christopher Wallace" <<a href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a>><br>
> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
</span><span class="">> Cc: <a href="mailto:yonim@odoro.co.il">yonim@odoro.co.il</a>, <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Tuesday, February 24, 2015 7:21:11 PM<br>
> Subject: Re: [keycloak-user] Endpoint URL's<br>
><br>
</span><span class="">> I am actually not able to access any of the REST urls I tried from<br>
> <a href="http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html" target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html</a><br>
> is this something that needs to be enabled or installed speratly from the<br>
> keycloak appliance?<br>
<br>
</span>They should work fine as long as you have a token to invoke them with. Have you look at admin-access-app example? We also have a Java wrapper for this that makes it easier to invoke from Java, see the admin-client example for that.<br>
<div class="HOEnZb"><div class="h5"><br>
><br>
> On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace <<a href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a>><br>
> wrote:<br>
><br>
> > Yoni,<br>
> ><br>
> > Where you able to get this to work? I am attempting to get user<br>
> > information also using<br>
> > <a href="http://localhost:8082/auth/realms/" target="_blank">http://localhost:8082/auth/realms/</a><realm>/protocol/openid-connect/userinfo<br>
> > and it doesn't bring back any data. Any trics?<br>
> ><br>
> > Chris W.<br>
> ><br>
> > On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> > wrote:<br>
> ><br>
> >><br>
> >><br>
> >> ----- Original Message -----<br>
> >> > From: <a href="mailto:yonim@odoro.co.il">yonim@odoro.co.il</a><br>
> >> > To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> >> > Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> >> > Sent: Monday, February 23, 2015 10:39:14 AM<br>
> >> > Subject: RE: [keycloak-user] Endpoint URL's<br>
> >> ><br>
> >> > Ok.. a bit frustrating.<br>
> >> ><br>
> >> > Any change the 1.2.0 Beta solves some of the issues? I can build it if<br>
> >> > needed...<br>
> >><br>
> >> Afraid not. We are planning to add the discovery endpoint, but it may be<br>
> >> a month or so before we get time.<br>
> >><br>
> >> ><br>
> >> > I've tried openid4java (on top of spring security ) and another client<br>
> >> > (mitred one, their client not the server) and both looked for the<br>
> >> discovery<br>
> >> > endpoint.<br>
> >> ><br>
> >> > Assuming I switch from opened-connect to OAuth - how can I get the<br>
> >> userinfo<br>
> >> > after that? any special endpoint to oauth userinfo after I got the<br>
> >> token?<br>
> >><br>
> >> You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo with<br>
> >> the token.<br>
> >><br>
> >> ><br>
> >> > Cheers,<br>
> >> > Yoni<br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> ><br>
> >> > -----Original Message-----<br>
> >> > From: Stian Thorgersen [mailto:<a href="mailto:stian@redhat.com">stian@redhat.com</a>]<br>
> >> > Sent: Monday, February 23, 2015 10:52 AM<br>
> >> > To: Yoni Moses<br>
> >> > Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> >> > Subject: Re: [keycloak-user] Endpoint URL's<br>
> >> ><br>
> >> > Hi,<br>
> >> ><br>
> >> > We haven't added the discovery part of OpenID Connect yet and there are<br>
> >> some<br>
> >> > issues with the docs as the protocol related endpoints are missing. The<br>
> >> > endpoints of interest to you are:<br>
> >> ><br>
> >> > * /auth/realms/{name}/protocol/openid-connect/login<br>
> >> > * /auth/realms/{name}/protocol/openid-connect/access/codes<br>
> >> > * /auth/realms/{name}/protocol/openid-connect/refresh<br>
> >> > * /auth/realms/{name}/protocol/openid-connect/userinfo<br>
> >> ><br>
> >> > We are actively working on better integration with other openid connect<br>
> >> > client libraries, so let us know what works and what doesn't.<br>
> >> ><br>
> >> > ----- Original Message -----<br>
> >> > > From: "Yoni Moses" <<a href="mailto:yonim@odoro.co.il">yonim@odoro.co.il</a>><br>
> >> > > To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> >> > > Sent: Sunday, February 22, 2015 1:07:36 PM<br>
> >> > > Subject: [keycloak-user] Endpoint URL's<br>
> >> > ><br>
> >> > > Hi,<br>
> >> > ><br>
> >> > > I've been trying keycloak , very impressive!<br>
> >> > > I don't intended to use it as the sample in jee but rather through<br>
> >> openid<br>
> >> > > provider in my case its openid4java with spring security.<br>
> >> > > I've been struggling with configuration of the endpoint especially<br>
> >> with<br>
> >> > > discovery end point..<br>
> >> > > is there somewhere in the doc the list of endpoints keycloak has?<br>
> >> > > so far I've been trying with /auth/realms/{name}<br>
> >> > ><br>
> >> > ><br>
> >> > > Thanks,<br>
> >> > > Yoni<br>
> >> > ><br>
> >> > ><br>
> >> > > _______________________________________________<br>
> >> > > keycloak-user mailing list<br>
> >> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> >> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> >> ><br>
> >> ><br>
> >> _______________________________________________<br>
> >> keycloak-user mailing list<br>
> >> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> >> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> >><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Chris Wallace<br>
> > <a href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a><br>
> > c: <a href="tel:570.582.9955" value="+15705829955">570.582.9955</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> Chris Wallace<br>
> <a href="mailto:cjwallac@gmail.com">cjwallac@gmail.com</a><br>
> c: <a href="tel:570.582.9955" value="+15705829955">570.582.9955</a><br>
><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Chris Wallace<br><a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a><br>c: 570.582.9955<br></div>
</div>