Access type confidential causes CORS problems with keycloak.js

sveri · October 9, 2020, 12:45pm

Hi,

I created a new client with access type set to “public” and login from my web application using keycloak.js which works, at least with 10.0.
Now I switched the same setup to access type “confidential” and I get the error that the “Access-Control-Allow-Origin” header is missing.

Keycloak runs in development mode with a self signed cert and my client on localhostin non SSL mode.
Is that expected to work at all?

If so, what would I have to do? I am running 11.0.2 right now, but can easily switch to a different version if needed.

Thanks,
Sven

Edit So I went through the docs again and the keycloak.js part explicitly states that in the browser only the public setting is expected to work.

jangaraj · October 15, 2020, 8:23pm

You need to have configured Web Origins client config properly for confidential OIDC client.

Topic		Replies	Views
CORS different with client public or confidential Securing applications	7	8803	July 7, 2020
Changing client access-type from 'public' to 'confidential' breaks CORS? Getting advice	2	2197	May 31, 2020
No 'Access-Control-Allow-Origin' header is present on the requested resource authentication	0	335	February 23, 2021
CORS settings don't work Securing applications	6	9406	November 9, 2020
Access-Control-Allow-Origin header missing Securing applications	26	77802	March 8, 2022

Access type confidential causes CORS problems with keycloak.js

Related Topics