I have just started to work with keycloak 1.7.0 and I have a PHP rest service that I want to write an adapter for. I have read the docs and the code but I don't understand how the token is validated from the rest service.

I understand that with a js client they would be redirected to keycloak to obtain an access token which will be passed to my rest api. At that point I should validate the token, and I see that keycloak provides a rest endpoint for validation: http://docs.jboss.org/keycloak/docs/1.0-rc-1/rest-api/realms/%7Brealm%7D/tokens/validate/index.html

I get held from cors because the realm itself does not have configuration for setting the 'Access-Control-Allow-Origin' header. Can anyone point me in the right direction?

Thanks,

-Brian