On Tue, Jan 16, 2018 at 1:25 PM, Виталий Ищенко <betalb(a)gmail.com> wrote:
I think mailing list is not allowing attachments, you need to host
images
somewhere else and post link here
On Tue, Jan 16, 2018 at 3:15 PM Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
> Hello ,
> what do you mean by headers dump?
> I included two screenshots in the previous post, is this what you mean?
> Thanks
>
> On Tue, Jan 16, 2018 at 12:46 PM, Виталий Ищенко <betalb(a)gmail.com>
> wrote:
>
>> Hi
>>
>> Asterisk should be pretty valid, maybe at some point in time KC stopped
>> expanding it and just started to pass in reply as-is, but
>> Access-Control-Allow-Origin: *
>>
>> Is valid header value [1]. And status = 0 means that preflight request
>> check failed on the browser side and JS code can't even access any info
>> from KC.
>>
>> Do you have request and response headers dump, an asterisk was quoted or
>> not?
>>
>> [1]
https://developer.mozilla.org/ru/docs/Web/HTTP/Headers/
>> Access-Control-Allow-Origin
>>
>> On Tue, Jan 16, 2018 at 1:10 PM Corentin Dupont <
>> corentin.dupont(a)gmail.com> wrote:
>>
>>> Hi guys,
>>> I finally solved this problem.
>>> Posting here for memory :)
>>> I use this simple code in my NodeJS application:
>>>
>>> import Keycloak from 'keycloak-js';
>>>
>>> var keycloak = Keycloak();
>>> keycloak.init({ onLoad: 'login-required'}).success(authenticated
=> {
>>> if (authenticated) {
>>> console.log("Authenticated");
>>> }
>>> }).error(function (error) {
>>> console.log("Authentication error");
>>> });
>>> }
>>>
>>> In Keycloak 3.3 and above, I kept getting the message "Authentication
>>> error".
>>> Keycloak 3.2 and below works.
>>>
>>> I finally understood that the problem is the Web Origins of my client.
>>> It was set to "*", but apparently this is not supported anymore in
>>> KC>=3.3.
>>> By putting something more precise it worked (e.g.
http://localhost:3000
>>> ).
>>>
>>> The debugging of this one was very tricky...
>>> The problem happens at the "code to token exchange" step.
>>> In KC 3.3, the response headers "Access-Control-Allow-Origin" is
set to
>>> "*".
>>> This doesn't seem to work with keycloak.js adapter, at this line:
>>>
https://github.com/keycloak/keycloak/blob/master/adapters/
>>> oidc/js/src/main/resources/keycloak.js#L341
>>>
>>> The req.status is 0. It seems that XMLHttpRequest doesn't like this
>>> Access-Control-Allow-Origin="*".
>>>
>>> If I change the Web Origins to
http://localhost:3000, it works.
>>> Likewise, in KC=3.2, the Web Origins = * seems to be translated
>>> automatically to Access-Control-Allow-Origin hea=
>>>
>>>
>>>
>>>
>>>
>>> In KC 3.2, with Web Origin "*", the is transformed as "
>>>
http://localhost:3000"
>>>
>>>
>>>
>>>
https://github.com/keycloak/keycloak/blob/master/adapters/
>>> oidc/js/src/main/resources/keycloak.js#L337
>>>
>>>
>>>
>>>
>>> On Tue, Dec 12, 2017 at 10:45 AM, Corentin Dupont <
>>> corentin.dupont(a)gmail.com
>>> > wrote:
>>>
>>> > Hi guys,
>>> >
>>> > I use this code in my javascript application:
>>> >
>>> > var keycloak = Keycloak();
>>> > keycloak.init().success(function(authenticated) {
>>> > alert(authenticated ? 'authenticated' : 'not
>>> authenticated');
>>> > }).error(function() {
>>> > alert('failed to initialize');
>>> > });
>>> >
>>> > Since I updated Keycloak I get the message 'failed to
initialize'.
>>> > It was working well with the previous version of KC 3.2.
>>> >
>>> > What could it be? How can I get a better error message?
>>> >
>>> >
>>> > Thanks!
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>