I am using keycloak (8.0.1) to secure an Angular app and a python backend.
Currently my backend return me a 302 to validate a session is open in keycloak.
I go into a CORS validation issue quite usual:
Access to XMLHttpRequest at 'http://localhost-kc.localdomain:8080/auth/realms/XXX/protocol/openid-connect/auth?client_id=xxx-backend&response_type=code&scope=openid&redirect_uri=http%3A%2F%2Flocalhost.localdomain%3A4200%2Fapi%2Fredirect_uri&state=XXXXXXXXXXXXXX&nonce=XXXXXXXXXXXXXX&prompt=none' (redirected from 'http://localhost.localdomain:4200/api/category/1/groups') from origin 'http://localhost.localdomain:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Off course http://localhost.localdomain:4200 is set as WebOrigins.
In fact I discovered that I got no real answer for CORS but something else. By the mean of a tcpdump and a keycloak on http, I got this:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json
Content-Length: 93
Date: Thu, 06 Feb 2020 13:52:55 GMT
{"error":"RESTEASY003655: No resource method found for options, return OK with Allow header"}
Any idea how to get out of this ? Do you think I should create an issue on the Issue Tracker ?
Hello all,
I know, this was almost 1.5 years ago, but I got the same issue, but only with revoking. May be it will help others. The problem was: I got the CORS error from my angular app while trying to logout the user (login was ok). And the main problem of all - preflight request. Please, read more here. So, my problem was not in Keycloak, it was in WildFly, as by default it does not enable any CORS (I am using Keycloak 15.0.2 in docker). To resolve my revoking issue, I update standalone-ha.xml: