i am using keycloak 5.0.0, on a setup with spring security backend and an angular frontend.
all has been autowired and setup by jhipster to work out of the box.
when a user is not yet authenticated and the frontend makes a call to a secured “account” endpoint to validate if the used is authenticated or not, this call triggers a redirect to keycloak to login. keycloak then sends a response with the url to login.
unfortunatelly this response does not include the CORS Access Control Allow Origin and therefore is blocked by the browser preventing the redirect. (see attached image)
On my keycloak instance i have configured the Web Origins: *
And valid redirect urls: *
The client is using the confidential access type with a client secret
Thank you for any ideas you may have