[keycloak-user] Endpoint URL's

Christopher Wallace cjwallac at gmail.com
Wed Feb 25 07:34:15 EST 2015


I am receiving Cross-Origin Request Blocked: The Same Origin Policy
disallows reading the remote resource at
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo.
This can be fixed by moving the resource to the same domain or enabling
CORS. What 'application' does the
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
url use for it's origins? I have worktrac realm worktrac app and account
app both configured with http://localhost:8080/* which is the origin. Also
it seems like that's the errors it's indicated, but I also see a 404 error
for this URL. I have valid Subject, idtoken and token as I printed them to
the console and included below. I also pasted the java code and my
keycloak.json which seems to be working upto "Here 2". It seems this is 90%
there it's just failing at the actual call.


*"subject"*





*"441e652f-fc78-453e-90dd-2b998eb771d7"
"idtoken""eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiNWJmZDlkYzItYzU1NC00YTY2LWE0MDAtN2EwNmQxODZjNDNmIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlfQ.HNR7tHN7jngluZNEJsrL-CVDzP96mIm4jMZVqvy56w_rsRjvvTuvj8Ke4raWyDVXzbZv4TmSk5iobPAzXlUCx4KLlHlrC6W5yTGXJ20Mgn73PHlsM3dCOJIyFYs6o2J19a8iZyHtuS5BwXiR44Ba5xPmzw9LVNmOm4ppropTPgE"
MyController.js:86"token"
"eyJhbGciOiJSUzI1NiJ9.eyJuYW1lIjoiQ2hyaXMgV2FsbGFjZSBXYWxsYWNlIiwiZW1haWwiOiJjaHJpcy53YWxhbGNlQG1lZGljYWxwYXlyZXZpZXcuY29tIiwianRpIjoiMzY0YjE3YjQtNjJkZS00NDY5LWFkYjUtNDdmMmYzNGU1NDBjIiwiZXhwIjoxNDI0ODY3NTA4LCJuYmYiOjAsImlhdCI6MTQyNDg2NzIwOCwiaXNzIjoid29ya3RyYWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNDQxZTY1MmYtZmM3OC00NTNlLTkwZGQtMmI5OThlYjc3MWQ3IiwiYXpwIjoiYWNjb3VudCIsImdpdmVuX25hbWUiOiJDaHJpcyBXYWxsYWNlIiwiZmFtaWx5X25hbWUiOiJXYWxsYWNlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2p3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJzZXNzaW9uX3N0YXRlIjoiZmQzNTY4OTAtMDUyMy00Y2JkLWE2OTEtZTk0MDQxOTYyZDc1IiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC8qIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIl0sInJlc291cmNlX2FjY2VzcyI6eyJ3b3JrdHJhYyI6eyJyb2xlcyI6WyJhZG1pbiIsInVzZXIiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19fQ.R8NdAIf2P3-6JfxE9maP6PtPGE04zdM8LgaUbLqqfKOEDu2Pe5JMoUO5tbD20_oYMe_gr6jZOJsOmY01VtuWHVYczS7KIRXm3KnmrKIBeNXETPineb1wT7MgtzKYcf3MqoLcje1vR48iTbVlSszb2Np8Jqo4wa7cGSfadaZApgU"
*

 var keycloak = Keycloak();
    var loadData = function () {

        console.log(keycloak.subject);
        console.log('idtoken');
        console.log(keycloak.idToken);
        console.log('token');
        console.log(keycloak.token);

        var url = '
http://localhost:8082/auth/realms/worktrac/protocol/openid-connect/userinfo
';
        var req = new XMLHttpRequest();

        req.open('GET', url, true);
        req.setRequestHeader('Accept', 'application/json');
        req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token);

        console.log('Here 1');
        req.onreadystatechange = function () {
            if (req.readyState == 4) {
                console.log('Here 2');
                if (req.status == 200) {
                    console.log('render page 3');
                    var users = JSON.parse(req.responseText);
                    var html = '';
                    for (var i = 0; i < users.length; i++) {
                        html += '<p>' + users[i] + '</p>';
                    }
                    console.log('HTML');
                    console.log(html);
                    console.log('finished loading data');
                }
            }
        };

        req.send();
    };


    var loadFailure = function () {
        document.getElementById('customers').innerHTML = '<b>Failed to load
data. Check console log</b>';
    };

    var reloadData = function () {
        keycloak.updateToken(10)
        .success(loadData)
        .error(function() {
            document.getElementById('customers').innerHTML = '<b>Failed to
load data. User is logged out.</b>';
        });
    };


    keycloak.init({ onLoad: 'login-required' }).success(reloadData);

keycloak.json
{
  "realm": "worktrac",
  "realm-public-key":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJSuOKHBTZxV4/KKAZH8i4+nB/65IY8VDe+70pWrJSpm0pJICfSbnSmJ3YFKKK3B1RR1Ev8mxFRyVTVm+TZgflkZ8HJM+wfEGgySMZvBlRAsR2yI0mmTrbGBA8c6RJAA4B2+9nxk0/iXCJGq545aDvbXjPMuhy6zf3OqpdqgcFYQIDAQAB",
  "auth-server-url": "http://localhost:8082/auth",
  "ssl-required": "none",
  "resource": "worktrac",
  "public-client": true,
  "use-resource-role-mappings": true,
  "enable-cors" : true,
  "cors-max-age" : 1000,
  "cors-allowed-methods": "POST, PUT, DELETE, GET"
}

On Wed, Feb 25, 2015 at 12:10 AM, Stian Thorgersen <stian at redhat.com> wrote:

>
>
> ----- Original Message -----
> > From: "Christopher Wallace" <cjwallac at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: yonim at odoro.co.il, keycloak-user at lists.jboss.org
> > Sent: Tuesday, February 24, 2015 7:21:11 PM
> > Subject: Re: [keycloak-user] Endpoint URL's
> >
> > I am actually not able to access any of the REST urls I tried from
> >
> http://docs.jboss.org/keycloak/docs/1.1.0.Final/rest-api/overview-index.html
> > is this something that needs to be enabled or installed speratly from the
> > keycloak appliance?
>
> They should work fine as long as you have a token to invoke them with.
> Have you look at admin-access-app example? We also have a Java wrapper for
> this that makes it easier to invoke from Java, see the admin-client example
> for that.
>
> >
> > On Tue, Feb 24, 2015 at 12:19 PM, Christopher Wallace <
> cjwallac at gmail.com>
> > wrote:
> >
> > > Yoni,
> > >
> > > Where you able to get this to work? I am attempting to get user
> > > information also using
> > > http://localhost:8082/auth/realms/
> <realm>/protocol/openid-connect/userinfo
> > > and it doesn't bring back any data. Any trics?
> > >
> > > Chris W.
> > >
> > > On Mon, Feb 23, 2015 at 8:16 AM, Stian Thorgersen <stian at redhat.com>
> > > wrote:
> > >
> > >>
> > >>
> > >> ----- Original Message -----
> > >> > From: yonim at odoro.co.il
> > >> > To: "Stian Thorgersen" <stian at redhat.com>
> > >> > Cc: keycloak-user at lists.jboss.org
> > >> > Sent: Monday, February 23, 2015 10:39:14 AM
> > >> > Subject: RE: [keycloak-user] Endpoint URL's
> > >> >
> > >> > Ok.. a bit frustrating.
> > >> >
> > >> > Any change the 1.2.0 Beta solves some of the issues? I can build it
> if
> > >> > needed...
> > >>
> > >> Afraid not. We are planning to add the discovery endpoint, but it may
> be
> > >> a month or so before we get time.
> > >>
> > >> >
> > >> > I've tried openid4java (on top of spring security ) and another
> client
> > >> > (mitred one, their client not the server) and both looked for the
> > >> discovery
> > >> > endpoint.
> > >> >
> > >> > Assuming I switch from opened-connect to OAuth - how can I get the
> > >> userinfo
> > >> > after that? any special endpoint to oauth userinfo after I got the
> > >> token?
> > >>
> > >> You can invoke /auth/realms/{name}/protocol/openid-connect/userinfo
> with
> > >> the token.
> > >>
> > >> >
> > >> > Cheers,
> > >> > Yoni
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >
> > >> > -----Original Message-----
> > >> > From: Stian Thorgersen [mailto:stian at redhat.com]
> > >> > Sent: Monday, February 23, 2015 10:52 AM
> > >> > To: Yoni Moses
> > >> > Cc: keycloak-user at lists.jboss.org
> > >> > Subject: Re: [keycloak-user] Endpoint URL's
> > >> >
> > >> > Hi,
> > >> >
> > >> > We haven't added the discovery part of OpenID Connect yet and there
> are
> > >> some
> > >> > issues with the docs as the protocol related endpoints are missing.
> The
> > >> > endpoints of interest to you are:
> > >> >
> > >> > * /auth/realms/{name}/protocol/openid-connect/login
> > >> > * /auth/realms/{name}/protocol/openid-connect/access/codes
> > >> > * /auth/realms/{name}/protocol/openid-connect/refresh
> > >> > * /auth/realms/{name}/protocol/openid-connect/userinfo
> > >> >
> > >> > We are actively working on better integration with other openid
> connect
> > >> > client libraries, so let us know what works and what doesn't.
> > >> >
> > >> > ----- Original Message -----
> > >> > > From: "Yoni Moses" <yonim at odoro.co.il>
> > >> > > To: keycloak-user at lists.jboss.org
> > >> > > Sent: Sunday, February 22, 2015 1:07:36 PM
> > >> > > Subject: [keycloak-user] Endpoint URL's
> > >> > >
> > >> > > Hi,
> > >> > >
> > >> > > I've been trying keycloak , very impressive!
> > >> > > I don't intended to use it as the sample in jee but rather through
> > >> openid
> > >> > > provider in my case its openid4java with spring security.
> > >> > > I've been struggling with configuration of the endpoint especially
> > >> with
> > >> > > discovery end point..
> > >> > > is there somewhere in the doc the list of endpoints keycloak has?
> > >> > > so far I've been trying with /auth/realms/{name}
> > >> > >
> > >> > >
> > >> > > Thanks,
> > >> > > Yoni
> > >> > >
> > >> > >
> > >> > > _______________________________________________
> > >> > > keycloak-user mailing list
> > >> > > keycloak-user at lists.jboss.org
> > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >> >
> > >> >
> > >> _______________________________________________
> > >> keycloak-user mailing list
> > >> keycloak-user at lists.jboss.org
> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >>
> > >
> > >
> > >
> > > --
> > > Chris Wallace
> > > cjwallac at gmail.com
> > > c: 570.582.9955
> > >
> >
> >
> >
> > --
> > Chris Wallace
> > cjwallac at gmail.com
> > c: 570.582.9955
> >
>



-- 
Chris Wallace
cjwallac at gmail.com
c: 570.582.9955
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150225/416a2d25/attachment-0001.html 


More information about the keycloak-user mailing list