Apologies, I had to work on a new Resteasy release for the past week.
Am back on Keycloak now.
I committed support for CORS at the adapter level. Allowed origins are
now stuffed into the token. The adapter handles Preflight and Regular
CORS requests. It validates Origin vs. the allowed origins within the
token. There's an example:
* add localhost1 and localhost2 entry to your /etc/hosts or OS equivalent
* Open browser debug console window
*
http://localhost1:8080/customer-portal/customers/cors-test.html
* login and then view the console.
If you instead go to:
http://localhost2:8080/customer-portal/customers/cors-test.html
You will see a failure.
I also added a "/K_QUERY_BEARER_TOKEN" endpoint to the adapter. This
allows you to obtain the text representation of the access token so that
it can be used to make authenticated REST calls. The example makes use
of it.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com