[keycloak-dev] bug: how did javascript adapter ever work?

Does our javascript adapter use code to token flow by default? Is that the preferred mechanism? I don't think anybody is using it and has never used it if so, because...its broken. I'm integrating with a non-keycloak html5 app that is using code to token and the code to token request is failing with a CORS error. This is because we do not set allowed origins in TokenEndpoint: https://github.com/keycloak/keycloak/blob/master/services/src/main/java/o... Embarrassing? Or am i missing something? -- Bill Burke Red Hat