<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)">Dear Stian,</div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)">The reason I am not using Keycloak login page is that I have existing application which have its own user management. From that application I am calling some RestEasy services for which I have configured KeyCloak. So basically user would be authenticated using existing application's mechanism + keycloak. [crazy things happen]</div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)">For refreshing token (<a href="http://localhost:8080/auth/realms/master/tokens/refresh">http://localhost:8080/auth/realms/master/tokens/refresh</a>), if I add origin to my own public application, would that work? </div><div class="gmail_default" style="font-family:verdana,sans-serif;color:rgb(153,51,0)"><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial;font-size:small"><span style="color:rgb(153,51,0);font-family:verdana,sans-serif"><div style="display:inline"></div>Regards,</span><br style="color:rgb(153,51,0);font-family:verdana,sans-serif"><span style="color:rgb(153,51,0);font-family:verdana,sans-serif"><b><div style="display:inline"></div>Sadiq Khoja</b></span></div><div style="font-family:arial;font-size:small"><div style="font-family:verdana,sans-serif;color:rgb(153,51,0)"><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Tue, Apr 7, 2015 at 3:39 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
----- Original Message -----<br>
> From: "Sadiq Khoja" <<a href="mailto:sadiqkhoja@gmail.com">sadiqkhoja@gmail.com</a>><br>
> To: "Marek Posolda" <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Tuesday, 7 April, 2015 12:28:28 PM<br>
> Subject: Re: [keycloak-user] CORS for direct grant access<br>
><br>
> Dear Marek,<br>
><br>
> Because I don't want to redirect user to Keycloak's login page.<br>
><br>
> BTW: I was getting CORS error for refresh url as well so I added my origin in<br>
> security-admin-console application and its working now.<br>
<br>
</span>There's many many reasons why what you're doing isn't the greatest idea and you'd be much better with redirecting to the login page (which you can style to match your app).<br>
<br>
In either case you shouldn't use the security-admin-console app for your application, that's for the KC admin console. Create your own app and set origin on that!<br>
<span class=""><br>
><br>
> <br>
> Regards,<br>
> <br>
> Sadiq Khoja<br>
><br>
><br>
> On Tue, Apr 7, 2015 at 3:12 PM, Marek Posolda < <a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a> > wrote:<br>
><br>
><br>
><br>
> Hi,<br>
><br>
> the question is why you need Direct Grant Access in javascript application? I<br>
> think it will be much better to use our javascript adapter and retrieve the<br>
> access token with it:<br>
> <a href="http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/ch08.html#javascript-adapter" target="_blank">http://docs.jboss.org/keycloak/docs/1.2.0.Beta1/userguide/html/ch08.html#javascript-adapter</a><br>
><br>
> Marek<br>
><br>
><br>
> On 7.4.2015 10:24, Sadiq Khoja wrote:<br>
><br>
><br>
><br>
> Guys,<br>
><br>
> I want to enable CORS for Direct Grant Access, how to do it? I am getting<br>
> following error from my javascript application:<br>
><br>
> (index):1 XMLHttpRequest cannot load<br>
</span>> <a href="http://localhost:8080/auth/realms/master/tokens/grants/access" target="_blank">http://localhost:8080/auth/realms/master/tokens/grants/access</a> . No<br>
<div class="HOEnZb"><div class="h5">> 'Access-Control-Allow-Origin' header is present on the requested resource.<br>
> Origin ' <a href="http://pn.localhost:81" target="_blank">http://pn.localhost:81</a> ' is therefore not allowed access. The<br>
> response had HTTP status code 400.<br>
><br>
><br>
> <br>
> Regards,<br>
> <br>
> Sadiq Khoja<br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>