[keycloak-dev] modeling CORS support
Bill Burke
bburke at redhat.com
Fri Oct 18 10:07:29 EDT 2013
Here's my thoughts on modeling CORS.
* We'll take the access token approach to support CORS
* There will be a default set of allowed origins configurable at the
realm level.
* Each Application and OAuth Client within the realm can add their own
allowed origins. When an Application or OAuth Client initiates a token
grant request, the token will be populated with the allowed origins
configured for that Application or OAuth client.
* Application adapters will have configuration switches to allow all
method/headers. Later on we will add options in the management
interfaces to configure headers/methods as well.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list