CORS Issue for loadUserProfile and loadUserInfo

We are using the keycloak-js library (version 10) and previously version 7 allowed us to get information about the user that logged into keycloack using loadUserProfile and loadUserInfo.

Something changed around the time we upgraded to v10, but we also made some settings changes as well. Since then we are getting CORS issues for the above mentioned methods.

We double checked that our settings were “right” and confirmed things like the comments here: CORS settings don't work

What is odd is we have no issue connecting to keycloak using init setup and the updateToken seems to work fine as well with no CORS issues.

Any ideas what we could look at to figure out what changed on us to cause these sudden CORS issues that we never used to have?


A few months late to the party here…

I had a very similar issue that led me to this post, loadUserProfile gave me the CORS issue but loadUserInfo was fine. After many hours it turned out turning off full scope allowed in the client was to blame. To get the call working I added all of the client roles under the account client.

If this is of any help to you / anyone in the future.


1 Like

You saved me some hours. :pray:

1 Like

I’m having the same exact issue, but no proposed fix works.

loadUserInfo does the trick, but loadUserProfile still gives a CORS problem, even if I give “Full Scope Allowed” to the account client.
The client I’m using for keycloak-js has the redirect uri and web origins all set correctly.