<div dir="ltr">One correction this is refering to the account app json not worktrac as specified below:<br><pre>{
  &quot;realm&quot;: &quot;worktrac&quot;,
  &quot;realm-public-key&quot;: &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB&quot;,
  &quot;auth-server-url&quot;: &quot;<a href="http://localhost:8082/auth">http://localhost:8082/auth</a>&quot;,
  &quot;ssl-required&quot;: &quot;none&quot;,
  &quot;resource&quot;: &quot;account&quot;,
  &quot;public-client&quot;: true,
  &quot;use-resource-role-mappings&quot;: true,
  &quot;enable-cors&quot; : true,
  &quot;cors-max-age&quot; : 1000,
  &quot;cors-allowed-methods&quot;: &quot;POST, PUT, DELETE, GET&quot;
}
</pre><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 25, 2015 at 7:34 AM, Christopher Wallace <span dir="ltr">&lt;<a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I am receiving Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo" target="_blank">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a>. This can be fixed by moving the resource to the same domain or enabling CORS. What &#39;application&#39; does the <a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo" target="_blank">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a> url use for it&#39;s origins? I have worktrac realm worktrac app and account app both configured with <a href="http://localhost:8080/*" target="_blank">http://localhost:8080/*</a> which is the origin. Also it seems like that&#39;s the errors it&#39;s indicated, but I also see a 404 error for this URL. I have valid Subject, idtoken and token as I printed them to the console and included below. I also pasted the java code and my keycloak.json which seems to be working upto &quot;Here 2&quot;. It seems this is 90% there it&#39;s just failing at the actual call.<br><br></div><span style="color:rgb(255,0,0)"><i>&quot;subject&quot;<br></i></span><div><span style="color:rgb(255,0,0)"><i>&quot;441e652f-fc78-453e-90dd-2b998eb771d7&quot; <br>&quot;idtoken&quot;<br>&quot;eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE&quot; MyController.js:86<br>&quot;token&quot; <br>&quot;eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU&quot; <br></i></span><br><br> var keycloak = Keycloak();<br>    var loadData = function () {<br><br>        console.log(keycloak.subject);<br>        console.log(&#39;idtoken&#39;);<br>        console.log(keycloak.idToken);<br>        console.log(&#39;token&#39;);<br>        console.log(keycloak.token);<br><br>        var url = &#39;<a href="http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo" target="_blank">http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo</a>&#39;;<br>        var req = new XMLHttpRequest();<br><br>        req.open(&#39;GET&#39;, url, true);<br>        req.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;);<br>        req.setRequestHeader(&#39;Authorization&#39;, &#39;Bearer &#39; + keycloak.token);<br><br>        console.log(&#39;Here 1&#39;);<br>        req.onreadystatechange = function () {<br>            if (req.readyState == 4) {<br>                console.log(&#39;Here 2&#39;);<br>                if (req.status == 200) {<br>                    console.log(&#39;render page 3&#39;);<br>                    var users = JSON.parse(req.responseText);<br>                    var html = &#39;&#39;;<br>                    for (var i = 0; i &lt; users.length; i++) {<br>                        html += &#39;&lt;p&gt;&#39; + users[i] + &#39;&lt;/p&gt;&#39;;<br>                    }<br>                    console.log(&#39;HTML&#39;);<br>                    console.log(html);<br>                    console.log(&#39;finished loading data&#39;);<br>                }<br>            }<br>        };<br><br>        req.send();<br>    };<br><br><br>    var loadFailure = function () {<br>        document.getElementById(&#39;customers&#39;).innerHTML = &#39;&lt;b&gt;Failed to load data. Check console log&lt;/b&gt;&#39;;<br>    };<br><br>    var reloadData = function () {<br>        keycloak.updateToken(10)<br>        .success(loadData)<br>        .error(function() {<br>            document.getElementById(&#39;customers&#39;).innerHTML = &#39;&lt;b&gt;Failed to load data. User is logged out.&lt;/b&gt;&#39;;<br>        });<br>    };<br><br><br>    keycloak.init({ onLoad: &#39;login-required&#39; }).success(reloadData);<br><br></div><div>keycloak.json<br>{<br>  &quot;realm&quot;: &quot;worktrac&quot;,<br>  &quot;realm-public-key&quot;: &quot;MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB&quot;,<br>  &quot;auth-server-url&quot;: &quot;<a href="http://localhost:8082/auth" target="_blank">http://localhost:8082/auth</a>&quot;,<br>  &quot;ssl-required&quot;: &quot;none&quot;,<br>  &quot;resource&quot;: &quot;worktrac&quot;,<br>  &quot;public-client&quot;: true,<br>  &quot;use-resource-role-mappings&quot;: true,<br>  &quot;enable-cors&quot; : true,<br>  &quot;cors-max-age&quot; : 1000,<br>  &quot;cors-allowed-methods&quot;: &quot;POST, PUT, DELETE, GET&quot;<br>}<br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <span dir="ltr">&lt;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span><br>
<br>
----- Original Message -----<br>
&gt; From: &quot;Christopher Wallace&quot; &lt;<a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a>&gt;<br>
&gt; To: &quot;Stian Thorgersen&quot; &lt;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;<br>
</span><span>&gt; Cc: <a href="mailto:yonim@odoro.co.il" target="_blank">yonim@odoro.co.il</a>, <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; Sent: Tuesday, February 24, 2015 7:21:11 PM<br>
&gt; Subject: Re: [keycloak-user] Endpoint URL&#39;s<br>
&gt;<br>
</span><span>&gt; I am actually not able to access any of the REST urls I tried from<br>
&gt; <a href="http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html" target="_blank">http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html</a><br>
&gt; is this something that needs to be enabled or installed speratly from the<br>
&gt; keycloak appliance?<br>
<br>
</span>They should work fine as long as you have a token to invoke them with. Have you look at admin-access-app example? We also have a Java wrapper for this that makes it easier to invoke from Java, see the admin-client example for that.<br>
<div><div><br>
&gt;<br>
&gt; On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace &lt;<a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a>&gt;<br>
&gt; wrote:<br>
&gt;<br>
&gt; &gt; Yoni,<br>
&gt; &gt;<br>
&gt; &gt; Where you able to get this to work? I am attempting to get user<br>
&gt; &gt; information also using<br>
&gt; &gt; <a href="http://localhost:8082/auth/realms/" target="_blank">http://localhost:8082/auth/realms/</a>&lt;realm&gt;/protocol/openid-connect/userinfo<br>
&gt; &gt; and it doesn&#39;t bring back any data. Any trics?<br>
&gt; &gt;<br>
&gt; &gt; Chris W.<br>
&gt; &gt;<br>
&gt; &gt; On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen &lt;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;<br>
&gt; &gt; wrote:<br>
&gt; &gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; ----- Original Message -----<br>
&gt; &gt;&gt; &gt; From: <a href="mailto:yonim@odoro.co.il" target="_blank">yonim@odoro.co.il</a><br>
&gt; &gt;&gt; &gt; To: &quot;Stian Thorgersen&quot; &lt;<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;<br>
&gt; &gt;&gt; &gt; Cc: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; &gt;&gt; &gt; Sent: Monday, February 23, 2015 10:39:14 AM<br>
&gt; &gt;&gt; &gt; Subject: RE: [keycloak-user] Endpoint URL&#39;s<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; Ok.. a bit frustrating.<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; Any change the 1.2.0 Beta solves some of the issues? I can build it if<br>
&gt; &gt;&gt; &gt; needed...<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Afraid not. We are planning to add the discovery endpoint, but it may be<br>
&gt; &gt;&gt; a month or so before we get time.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; I&#39;ve tried openid4java (on top of spring security ) and another client<br>
&gt; &gt;&gt; &gt; (mitred one, their client not the server) and both looked for the<br>
&gt; &gt;&gt; discovery<br>
&gt; &gt;&gt; &gt; endpoint.<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; Assuming I switch from opened-connect to OAuth - how can I get the<br>
&gt; &gt;&gt; userinfo<br>
&gt; &gt;&gt; &gt; after that? any special endpoint to oauth userinfo after I got the<br>
&gt; &gt;&gt; token?<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo with<br>
&gt; &gt;&gt; the token.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; Cheers,<br>
&gt; &gt;&gt; &gt; Yoni<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; -----Original Message-----<br>
&gt; &gt;&gt; &gt; From: Stian Thorgersen [mailto:<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>]<br>
&gt; &gt;&gt; &gt; Sent: Monday, February 23, 2015 10:52 AM<br>
&gt; &gt;&gt; &gt; To: Yoni Moses<br>
&gt; &gt;&gt; &gt; Cc: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; &gt;&gt; &gt; Subject: Re: [keycloak-user] Endpoint URL&#39;s<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; Hi,<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; We haven&#39;t added the discovery part of OpenID Connect yet and there are<br>
&gt; &gt;&gt; some<br>
&gt; &gt;&gt; &gt; issues with the docs as the protocol related endpoints are missing. The<br>
&gt; &gt;&gt; &gt; endpoints of interest to you are:<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; * /auth/realms/{name}/protocol/openid-connect/login<br>
&gt; &gt;&gt; &gt; * /auth/realms/{name}/protocol/openid-connect/access/codes<br>
&gt; &gt;&gt; &gt; * /auth/realms/{name}/protocol/openid-connect/refresh<br>
&gt; &gt;&gt; &gt; * /auth/realms/{name}/protocol/openid-connect/userinfo<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; We are actively working on better integration with other openid connect<br>
&gt; &gt;&gt; &gt; client libraries, so let us know what works and what doesn&#39;t.<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt; ----- Original Message -----<br>
&gt; &gt;&gt; &gt; &gt; From: &quot;Yoni Moses&quot; &lt;<a href="mailto:yonim@odoro.co.il" target="_blank">yonim@odoro.co.il</a>&gt;<br>
&gt; &gt;&gt; &gt; &gt; To: <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; &gt;&gt; &gt; &gt; Sent: Sunday, February 22, 2015 1:07:36 PM<br>
&gt; &gt;&gt; &gt; &gt; Subject: [keycloak-user] Endpoint URL&#39;s<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt; Hi,<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt; I&#39;ve been trying keycloak , very impressive!<br>
&gt; &gt;&gt; &gt; &gt; I don&#39;t intended to use it as the sample in jee but rather through<br>
&gt; &gt;&gt; openid<br>
&gt; &gt;&gt; &gt; &gt; provider in my case its openid4java with spring security.<br>
&gt; &gt;&gt; &gt; &gt; I&#39;ve been struggling with configuration of the endpoint especially<br>
&gt; &gt;&gt; with<br>
&gt; &gt;&gt; &gt; &gt; discovery end point..<br>
&gt; &gt;&gt; &gt; &gt; is there somewhere in the doc the list of endpoints keycloak has?<br>
&gt; &gt;&gt; &gt; &gt; so far I&#39;ve been trying with /auth/realms/{name}<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt; Thanks,<br>
&gt; &gt;&gt; &gt; &gt; Yoni<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt;<br>
&gt; &gt;&gt; &gt; &gt; _______________________________________________<br>
&gt; &gt;&gt; &gt; &gt; keycloak-user mailing list<br>
&gt; &gt;&gt; &gt; &gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; &gt;&gt; &gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; &gt;<br>
&gt; &gt;&gt; _______________________________________________<br>
&gt; &gt;&gt; keycloak-user mailing list<br>
&gt; &gt;&gt; <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
&gt; &gt;&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt;<br>
&gt; &gt; --<br>
&gt; &gt; Chris Wallace<br>
&gt; &gt; <a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a><br>
&gt; &gt; c: <a href="tel:570.582.9955" value="+15705829955" target="_blank">570.582.9955</a><br>
&gt; &gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Chris Wallace<br>
&gt; <a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a><br>
&gt; c: <a href="tel:570.582.9955" value="+15705829955" target="_blank">570.582.9955</a><br>
&gt;<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div>Chris Wallace<br><a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a><br>c: <a href="tel:570.582.9955" value="+15705829955" target="_blank">570.582.9955</a><br></div>
</div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Chris Wallace<br><a href="mailto:cjwallac@gmail.com" target="_blank">cjwallac@gmail.com</a><br>c: 570.582.9955<br></div>
</div>