0

I try to reach this keycloak endpoint: http://10.10.10.10:8999/auth/realms/demo-realm/protocol/openid-connect/token

I add the client_secret, grant_type and client_id. Then when I send the request from my frontend app, I get back this error:

Access to XMLHttpRequest at 'http://10.10.10.10:8999/auth/realms/demo-realm/protocol/openid-connect/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

My keycloak setup is the following:

-confidential client

-valid redirect URIs: *

-web origins: + or * (tried both)

Also tried to set valid uris to http://localhost:4200 and web origins + or add the http://localhost:4200 to web origins.

It's important that the client have to be confidential or the access_token won't contain a resource-id when I try to use it...

Thanks in advance

Jonas
  • 121,568
  • 97
  • 310
  • 388
stackstack293
  • 341
  • 3
  • 12
  • Here, a post using similar setup: https://symbiotics.co.za/integrating-keycloak-with-an-angular-4-web-application-part-2/ – Claudio Weiler Dec 08 '20 at 15:43
  • I find some posts about some problems with angular and confidential client, having problems like you. Somes argues that it do not accept `http` calls, others about `*` conflict. Can you serve your keycloak on `https`? – Claudio Weiler Dec 08 '20 at 15:49
  • No I can't. Only http. For example from Postman I can reach the endpoint and get back the access_token. – stackstack293 Dec 08 '20 at 16:20
  • Requests with Postman are made with `redirect_uri` parameter? – Claudio Weiler Dec 08 '20 at 17:36
  • Did you check if the client you use includes the Origin header in the token request? Browsers usually do it, however other clients such as Postman don't do it by default. If you don't send an Origin header, no Access-Control-Allow-Origin will be set. – Philipp Dec 09 '20 at 21:01
  • @stackstack293 Did you fix your problem? – dreamcrash Feb 20 '21 at 21:10

2 Answers2

2

On keycloak client setup, add http://localhost:4200/* as valid redirect URI. In web origins a + is the best choice.

If you are using Java adapter, also set enable-cors tor true (see https://www.keycloak.org/docs/latest/securing_apps/index.html#_java_adapter_config)

Claudio Weiler
  • 589
  • 2
  • 15
0

Try to add:

webOrgins : localhost:4200
dreamcrash
  • 47,137
  • 25
  • 94
  • 117