I am having trouble making CORS work at oAuth2's UserInfo endpoint. I want to retrieve claims (UserInfo) by calling the oAuth2 UserInfo resource.
As I understood from stackoverflow post " WSO2 API Manager CORS " ... enabling CORS for oAuth2 resources should be done in the Synapse configuration by adding the CORSRequest handler as described in above stackoverflow link. I added this CORSRequest handler for Token en Revoke resources ( _TokenAPI_.xml
en _RevokeAPI_xml
) as described in the above link. And, it worked! After those additions I discovered also CORS problem in my app, so I did the same procedure by adding the CORSRequestHandler to _UserInfoAPI_.xml
(inlcuding a restart on the server wso2server.bat)), but still I am getting the same CORS errors:
XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
I don't understand that CORS is working on my token resource and not working on my userinfo resource ?
Btw, I am not using WSO2 Identity Server, but only using API Manager with oAuth2 capabilities. I checked and I can see that there is no Allows-* headers being sent back to the client (during an OPTIONS preflight) call by my browser(javascript).
Why is the CORSRequestHandler not working if I add this handler in UserInfAPI .xml?
Are you sure you used the correct URL which is https://localhost:8243/userinfo
for OPTION call?
I just tried, and this is what I got.
bhathiya@bhathiya-x1:/$ curl -v -k -X OPTIONS https://localhost:8243/userinfo
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* start date: Fri, 19 Feb 2010 07:02:26 GMT
* expire date: Tue, 13 Feb 2035 07:02:26 GMT
* issuer: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS /userinfo HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Host: localhost:8243
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< Date: Sun, 23 Oct 2016 14:43:27 GMT
< Transfer-Encoding: chunked
<
If you're using the same URL, please post your complete curl request and response.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.