[英]CORS is not working on oAuth2 UserInfo endpoint in WSO2 API Manager
我无法使CORS在oAuth2的UserInfo端点上工作。 我想通过调用oAuth2 UserInfo资源来检索声明(UserInfo)。
正如我从stackoverflow帖子“ WSO2 API Manager CORS ”中了解到的那样,应通过在Synapse配置中通过添加如上面stackoverflow链接中所述的CORSRequest处理程序来为oAuth2资源启用CORS。 如上链接中所述,我为令牌en撤销资源( _TokenAPI_.xml和_RevokeAPI_xml )添加了此CORSRequest处理程序。 而且,它起作用了! 这些添加之后,我在应用程序中也发现了CORS问题,因此我通过将CORSRequestHandler添加到_UserInfoAPI_.xml (包括在服务器wso2server.bat上重新启动)来_UserInfoAPI_.xml相同的过程,但是仍然出现相同的CORS错误:
XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
我不了解CORS正在使用我的令牌资源,而不正在使用我的userinfo资源?
顺便说一句,我不是使用WSO2 Identity Server,而是使用具有oAuth2功能的API Manager。 我检查了一下,发现我的浏览器(javascript)没有将Allows- *标头发送回客户端(在OPTIONS预检期间)。
如果在UserInfAPI .xml中添加此处理程序, 为什么CORSRequestHandler不起作用 ?
您确定对OPTION调用使用了正确的URL,即https://localhost:8243/userinfo吗?
我只是尝试了,这就是我得到的。
bhathiya@bhathiya-x1:/$ curl -v -k -X OPTIONS https://localhost:8243/userinfo
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* start date: Fri, 19 Feb 2010 07:02:26 GMT
* expire date: Tue, 13 Feb 2035 07:02:26 GMT
* issuer: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS /userinfo HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Host: localhost:8243
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< Date: Sun, 23 Oct 2016 14:43:27 GMT
< Transfer-Encoding: chunked
<
如果您使用相同的URL,请发布完整的curl请求和响应。
wso2 api管理器1.7 / oauth2 / userinfo api引发NullPointerException
[英]wso2 api manager 1.7 /oauth2/userinfo api throws NullPointerException
为WSO2 API Manager JWT Grant令牌端点配置CORS
[英]Configuring CORS for WSO2 API Manager JWT Grant token endpoint
oAuth2 - WSO2 API Manager和Identity Server集成
[英]oAuth2 - WSO2 API Manager and Identity Server Integration
WSO2身份和Oauth2-Userinfo引发错误:范围不足
[英]WSO2 Identity and Oauth2 - Userinfo throws Error: Insufficient Scope
WSO2 API管理器-我们可以限制API支持的OAuth2授权类型吗
[英]WSO2 API Manager - Can we limit supported OAuth2 Grant Type for an API
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.