stackoom
  简体   繁体   中英

CORS is not working on oAuth2 UserInfo endpoint in WSO2 API Manager

 原文  2016-10-23 10:00:53       wso2/ cors/ wso2carbon/ wso2-am

Question

I am having trouble making CORS work at oAuth2's UserInfo endpoint. I want to retrieve claims (UserInfo) by calling the oAuth2 UserInfo resource.

As I understood from stackoverflow post " WSO2 API Manager CORS " ... enabling CORS for oAuth2 resources should be done in the Synapse configuration by adding the CORSRequest handler as described in above stackoverflow link. I added this CORSRequest handler for Token en Revoke resources ( _TokenAPI_.xml en _RevokeAPI_xml ) as described in the above link. And, it worked! After those additions I discovered also CORS problem in my app, so I did the same procedure by adding the CORSRequestHandler to _UserInfoAPI_.xml (inlcuding a restart on the server wso2server.bat)), but still I am getting the same CORS errors: 

XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

I don't understand that CORS is working on my token resource and not working on my userinfo resource ?

Btw, I am not using WSO2 Identity Server, but only using API Manager with oAuth2 capabilities. I checked and I can see that there is no Allows-* headers being sent back to the client (during an OPTIONS preflight) call by my browser(javascript).

Why is the CORSRequestHandler not working if I add this handler in UserInfAPI .xml?

1 answers

solution1
 2  2016-10-23 15:05:26

Are you sure you used the correct URL which is https://localhost:8243/userinfo for OPTION call?

I just tried, and this is what I got. 

bhathiya@bhathiya-x1:/$ curl -v -k -X OPTIONS https://localhost:8243/userinfo
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*    server certificate verification SKIPPED
*    server certificate status verification SKIPPED
*    common name: localhost (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: RSA
*    certificate version: #3
*    subject: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
*    start date: Fri, 19 Feb 2010 07:02:26 GMT
*    expire date: Tue, 13 Feb 2035 07:02:26 GMT
*    issuer: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
*    compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS /userinfo HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Host: localhost:8243
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< Date: Sun, 23 Oct 2016 14:43:27 GMT
< Transfer-Encoding: chunked
<

If you're using the same URL, please post your complete curl request and response.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question wso2 api manager 1.7 /oauth2/userinfo api throws NullPointerException Configuring CORS for WSO2 API Manager JWT Grant token endpoint How to implement OAuth2 authorization with WSO2 API Manager oAuth2 - WSO2 API Manager and Identity Server Integration Accessing a oauth2 secured service via WSO2 API Manager WSO2 API Manager - CORS WSO2 API Manager CORS What is WSO2 oauth2 authorize endpoint in WSO2 Identity and Oauth2 - Userinfo throws Error: Insufficient Scope WSO2 API Manager - Can we limit supported OAuth2 Grant Type for an API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM