Re: [keycloak-user] Endpoint URL's

Wednesday, 25 February 2015

I am receiving Cross-Origin Request Blocked: The Same Origin Policy
disallows reading the remote resource at
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo.
This can be fixed by moving the resource to the same domain or enabling
CORS. What 'application' does the
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
url use for it's origins? I have worktrac realm worktrac app and account
app both configured with http://localhost:8080/* which is the origin. Also
it seems like that's the errors it's indicated, but I also see a 404 error
for this URL. I have valid Subject, idtoken and token as I printed them to
the console and included below. I also pasted the java code and my
keycloak.json which seems to be working upto "Here 2". It seems this is 90%
there it's just failing at the actual call.

*"subject"*

*"441e652f-fc78-453e-90dd-2b998eb771d7"
"idtoken""eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE"
MyController.js:86"token"
"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU"
*

 var keycloak = Keycloak();
    var loadData = function () {

        console.log(keycloak.subject);
        console.log('idtoken');
        console.log(keycloak.idToken);
        console.log('token');
        console.log(keycloak.token);

        var url = '
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
';
        var req = new XMLHttpRequest();

        req.open('GET', url, true);
        req.setRequestHeader('Accept', 'application/json');
        req.setRequestHeader('Authorization', 'Bearer ' +
keycloak.token);

        console.log('Here 1');
        req.onreadystatechange = function () {
            if (req.readyState == 4) {
                console.log('Here 2');
                if (req.status == 200) {
                    console.log('render page 3');
                    var users = JSON.parse(req.responseText);
                    var html = '';
                    for (var i = 0; i < users.length; i++) {
                        html += '<p>' + users[i] + '</p>';
                    }
                    console.log('HTML');
                    console.log(html);
                    console.log('finished loading data');
                }
            }
        };

        req.send();
    };

    var loadFailure = function () {
        document.getElementById('customers').innerHTML = '<b>Failed to
load
data. Check console log</b>';
    };

    var reloadData = function () {
        keycloak.updateToken(10)
        .success(loadData)
        .error(function() {
            document.getElementById('customers').innerHTML = '<b>Failed
to
load data. User is logged out.</b>';
        });
    };

    keycloak.init({ onLoad: 'login-required' }).success(reloadData);

keycloak.json
{
  "realm": "worktrac",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
  "auth-server-url": "http://localhost:8082/auth",
  "ssl-required": "none",
  "resource": "worktrac",
  "public-client": true,
  "use-resource-role-mappings": true,
  "enable-cors" : true,
  "cors-max-age" : 1000,
  "cors-allowed-methods": "POST, PUT, DELETE, GET"
}

On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <stian(a)redhat.com&gt; wrote:

...

 ----- Original Message -----
 > From: "Christopher Wallace" <cjwallac(a)gmail.com&gt;
 > To: "Stian Thorgersen" <stian(a)redhat.com&gt;
 > Cc: yonim(a)odoro.co.il, keycloak-user(a)lists.jboss.org
 > Sent: Tuesday, February 24, 2015 7:21:11 PM
 > Subject: Re: [keycloak-user] Endpoint URL's
 >
 > I am actually not able to access any of the REST urls I tried from
 >
 http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html
 > is this something that needs to be enabled or installed speratly from the
 > keycloak appliance?

 They should work fine as long as you have a token to invoke them with.
 Have you look at admin-access-app example? We also have a Java wrapper for
 this that makes it easier to invoke from Java, see the admin-client example
 for that.

 >
 > On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace <
 cjwallac(a)gmail.com&gt;
 > wrote:
 >
 > > Yoni,
 > >
 > > Where you able to get this to work? I am attempting to get user
 > > information also using
 > > http://localhost:8082/auth/realms/
 <realm>/protocol/openid-connect/userinfo
 > > and it doesn't bring back any data. Any trics?
 > >
 > > Chris W.
 > >
 > > On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen <stian(a)redhat.com&gt;
 > > wrote:
 > >
 > >>
 > >>
 > >> ----- Original Message -----
 > >> > From: yonim(a)odoro.co.il
 > >> > To: "Stian Thorgersen" <stian(a)redhat.com&gt;
 > >> > Cc: keycloak-user(a)lists.jboss.org
 > >> > Sent: Monday, February 23, 2015 10:39:14 AM
 > >> > Subject: RE: [keycloak-user] Endpoint URL's
 > >> >
 > >> > Ok.. a bit frustrating.
 > >> >
 > >> > Any change the 1.2.0 Beta solves some of the issues? I can build it
 if
 > >> > needed...
 > >>
 > >> Afraid not. We are planning to add the discovery endpoint, but it may
 be
 > >> a month or so before we get time.
 > >>
 > >> >
 > >> > I've tried openid4java (on top of spring security ) and another
 client
 > >> > (mitred one, their client not the server) and both looked for the
 > >> discovery
 > >> > endpoint.
 > >> >
 > >> > Assuming I switch from opened-connect to OAuth - how can I get the
 > >> userinfo
 > >> > after that? any special endpoint to oauth userinfo after I got the
 > >> token?
 > >>
 > >> You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo
 with
 > >> the token.
 > >>
 > >> >
 > >> > Cheers,
 > >> > Yoni
 > >> >
 > >> >
 > >> >
 > >> >
 > >> >
 > >> >
 > >> > -----Original Message-----
 > >> > From: Stian Thorgersen [mailto:stian@redhat.com]
 > >> > Sent: Monday, February 23, 2015 10:52 AM
 > >> > To: Yoni Moses
 > >> > Cc: keycloak-user(a)lists.jboss.org
 > >> > Subject: Re: [keycloak-user] Endpoint URL's
 > >> >
 > >> > Hi,
 > >> >
 > >> > We haven't added the discovery part of OpenID Connect yet and
there
 are
 > >> some
 > >> > issues with the docs as the protocol related endpoints are missing.
 The
 > >> > endpoints of interest to you are:
 > >> >
 > >> > * /auth/realms/{name}/protocol/openid-connect/login
 > >> > * /auth/realms/{name}/protocol/openid-connect/access/codes
 > >> > * /auth/realms/{name}/protocol/openid-connect/refresh
 > >> > * /auth/realms/{name}/protocol/openid-connect/userinfo
 > >> >
 > >> > We are actively working on better integration with other openid
 connect
 > >> > client libraries, so let us know what works and what doesn't.
 > >> >
 > >> > ----- Original Message -----
 > >> > > From: "Yoni Moses" <yonim(a)odoro.co.il&gt;
 > >> > > To: keycloak-user(a)lists.jboss.org
 > >> > > Sent: Sunday, February 22, 2015 1:07:36 PM
 > >> > > Subject: [keycloak-user] Endpoint URL's
 > >> > >
 > >> > > Hi,
 > >> > >
 > >> > > I've been trying keycloak , very impressive!
 > >> > > I don't intended to use it as the sample in jee but rather
through
 > >> openid
 > >> > > provider in my case its openid4java with spring security.
 > >> > > I've been struggling with configuration of the endpoint
especially
 > >> with
 > >> > > discovery end point..
 > >> > > is there somewhere in the doc the list of endpoints keycloak
has?
 > >> > > so far I've been trying with /auth/realms/{name}
 > >> > >
 > >> > >
 > >> > > Thanks,
 > >> > > Yoni
 > >> > >
 > >> > >
 > >> > > _______________________________________________
 > >> > > keycloak-user mailing list
 > >> > > keycloak-user(a)lists.jboss.org
 > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
 > >> >
 > >> >
 > >> _______________________________________________
 > >> keycloak-user mailing list
 > >> keycloak-user(a)lists.jboss.org
 > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
 > >>
 > >
 > >
 > >
 > > --
 > > Chris Wallace
 > > cjwallac(a)gmail.com
 > > c: 570.582.9955
 > >
 >
 >
 >
 > --
 > Chris Wallace
 > cjwallac(a)gmail.com
 > c: 570.582.9955
 >

-- 
Chris Wallace
cjwallac(a)gmail.com
c: 570.582.9955

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Endpoint URL's