<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>body{font-family:Verdana,Arial;font-size:13px}</style>
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div id="bloop_customfont" style="font-family:Verdana,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
Hi,</div>
<div id="bloop_customfont" style="font-family:Verdana,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
<br>
</div>
<div id="bloop_customfont" style="font-family:Verdana,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
I’m having trouble getting correct Access-Control Headers for requests to the openid-connect token endpoint. When asking for a token by code, everything seems fine:</div>
<div id="bloop_customfont" style="font-family:Verdana,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
<br>
</div>
<div class="bloop_container">
<div class="bloop_frame"></div>
</div>
<ol class="outline-disclosure" style="box-sizing: border-box; padding: 0px 0px 0px 4px; margin: 0px; list-style-type: none; -webkit-padding-start: 4px; overflow-y: auto; color: rgb(48, 57, 66); widows: 1;">
<ol class="children expanded" style="font-family: 'Lucida Grande', sans-serif; font-size: 12px; box-sizing: border-box; list-style-type: none; padding-left: 12px;">
<li style="box-sizing: border-box; margin-top: 1px; text-overflow: ellipsis; white-space: nowrap; overflow: hidden;">
<span class="header-value source-code" style="box-sizing: border-box; font-family: Menlo, monospace; white-space: pre-wrap; font-size: 11px !important; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px;">POST /auth/realms/VV/protocol/openid-connect/token
HTTP/1.1 Host: fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 303 Origin: http://fe01e.tech.visualvest.de User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
Content-type: application/x-www-form-urlencoded Accept: */* DNT: 1 Referer: http://fe01e.tech.<snip>.de/app/depot/ Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4 Cookie: KEYCLOAK_LOCALE=de; KEYCLOAK_IDENTITY=eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1YTI4YTk1MS02ZDY2LTQ1YzEtOTM3Ny0zMjdjYzAwYzA3YjYiLCJleHAiOjE0MzY4MjgyNjIsIm5iZiI6MCwiaWF0IjoxNDM2NzkyMjYyLCJpc3MiOiJodHRwOi8vZnMwMWUudGVjaC52aXN1YWx2ZXN0LmRlL2F1dGgvcmVhbG1zL1ZWIiwic3ViIjoiOWZlNGM3ZWEtYmNjNS00NmY2LWEwMzMtZjllZGE4ZDlmYTVjIiwic2Vzc2lvbl9zdGF0ZSI6ImRkNmE2ZDVjLWRkYjMtNDc3Mi1hZDNkLTk2OGJiMzc1NzdjOSIsInJlc291cmNlX2FjY2VzcyI6e319.PabltPm2_dkWsZ4fwS8jrxTW0qv7nFY2ZkZAjjFozkxP7K8kZcg7We4gzshkqdRF1kfB57_zQFp8BKyRa08hG5zskZk_SmpbOwAoKL2lrME7Zm7ErBSMIF7KZ6ZUIznIu8LTnP0m0mgmReqxNEYtIdim-7sXdfEhws9q-cC4mAQ;
KEYCLOAK_SESSION=VV/9fe4c7ea-bcc5-46f6-a033-f9eda8d9fa5c/dd6a6d5c-ddb3-4772-ad3d-968bb37577c9</span></li></ol>
</ol>
<div style="widows: 1;"><font color="#303942" face="Menlo, monospace"><span style="font-size: 11px; white-space: pre-wrap;"><br>
</span></font></div>
<div style="widows: 1;"><font color="#303942" face="Menlo, monospace"><span style="font-size: 11px; white-space: pre-wrap;">Content:</span></font></div>
<div style="widows: 1;">
<ol class="children expanded" style="box-sizing: border-box; list-style-type: none; padding-left: 12px; color: rgb(48, 57, 66); font-family: 'Lucida Grande', sans-serif; font-size: 12px;">
<li style="box-sizing: border-box; margin-top: 1px; text-overflow: ellipsis; white-space: nowrap; overflow: hidden;">
<span class="header-value source-code" style="box-sizing: border-box; font-family: Menlo, monospace; white-space: pre-wrap; font-size: 11px !important; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px;">code=rDhHgSDNa9MgJl9RSqk7TLOByTto2A20AEZy_EQY5Is.03b568e4-adcd-4c7d-bc81-44fded29be61&grant_type=authorization_code&client_id=vv-frontend&redirect_uri=<snip></span></li></ol>
<div><span style="widows: auto;">But when I request a token by direct grant, the CORS-Headers are missing:</span></div>
<div><span style="widows: auto;"><br>
</span></div>
<div>
<ol class="children expanded" style="box-sizing: border-box; list-style-type: none; padding-left: 12px; color: rgb(48, 57, 66); font-family: 'Lucida Grande', sans-serif; font-size: 12px;">
<li style="box-sizing: border-box; margin-top: 1px; text-overflow: ellipsis; white-space: nowrap; overflow: hidden;">
<span class="header-value source-code" style="box-sizing: border-box; font-family: Menlo, monospace; white-space: pre-wrap; font-size: 11px !important; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px;">POST /auth/realms/VV/protocol/openid-connect/token
HTTP/1.1 Host: fs01e.tech.visualvest.de Connection: keep-alive Content-Length: 69 Accept: application/json Origin: http://localhost:8000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132
Safari/537.36 Content-type: application/x-www-form-urlencoded DNT: 1 Referer: http://localhost:8000/app/depot/ Accept-Encoding: gzip, deflate Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4</span></li></ol>
<div><font color="#303942" face="Menlo, monospace"><span style="font-size: 11px; white-space: pre-wrap;">Content</span></font></div>
</div>
<div>
<ol class="children expanded" style="box-sizing: border-box; list-style-type: none; padding-left: 12px; color: rgb(48, 57, 66); font-family: 'Lucida Grande', sans-serif; font-size: 12px;">
<li style="box-sizing: border-box; margin-top: 1px; text-overflow: ellipsis; white-space: nowrap; overflow: hidden;">
<span class="header-value source-code" style="box-sizing: border-box; font-family: Menlo, monospace; white-space: pre-wrap; font-size: 11px !important; display: inline; margin-right: 1em; word-break: break-all; margin-top: 1px;">username=dirk&password=dirk&client_id=vv-frontend&grant_type=password</span></li></ol>
<div style="widows: auto; ">Am I missing something?</div>
</div>
<div style="widows: auto; "><br>
</div>
<div style="widows: auto; ">Thanks,</div>
<div style="widows: auto; ">Gregor</div>
</div>
</body>
</html>