[keycloak-user] Token Validation

Hi All, I have just started to work with keycloak 1.7.0 and I have a PHP rest service that I want to write an adapter for. I have read the docs and the code but I don't understand how the token is validated from the rest service. I understand that with a js client they would be redirected to keycloak to obtain an access token which will be passed to my rest api. At that point I should validate the token, and I see that keycloak provides a rest endpoint for validation: http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/... I get held from cors because the realm itself does not have configuration for setting the 'Access-Control-Allow-Origin' header. Can anyone point me in the right direction? Thanks, -Brian