[英]CORS is not working on oAuth2 UserInfo endpoint in WSO2 API Manager
我無法使CORS在oAuth2的UserInfo端點上工作。 我想通過調用oAuth2 UserInfo資源來檢索聲明(UserInfo)。
正如我從stackoverflow帖子“ WSO2 API Manager CORS ”中了解到的那樣,應通過在Synapse配置中通過添加如上面stackoverflow鏈接中所述的CORSRequest處理程序來為oAuth2資源啟用CORS。 如上鏈接中所述,我為令牌en撤銷資源( _TokenAPI_.xml和_RevokeAPI_xml )添加了此CORSRequest處理程序。 而且,它起作用了! 這些添加之后,我在應用程序中也發現了CORS問題,因此我通過將CORSRequestHandler添加到_UserInfoAPI_.xml (包括在服務器wso2server.bat上重新啟動)來_UserInfoAPI_.xml相同的過程,但是仍然出現相同的CORS錯誤:
XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
我不了解CORS正在使用我的令牌資源,而不正在使用我的userinfo資源?
順便說一句,我不是使用WSO2 Identity Server,而是使用具有oAuth2功能的API Manager。 我檢查了一下,發現我的瀏覽器(javascript)沒有將Allows- *標頭發送回客戶端(在OPTIONS預檢期間)。
如果在UserInfAPI .xml中添加此處理程序, 為什么CORSRequestHandler不起作用 ?
您確定對OPTION調用使用了正確的URL,即https://localhost:8243/userinfo嗎?
我只是嘗試了,這就是我得到的。
bhathiya@bhathiya-x1:/$ curl -v -k -X OPTIONS https://localhost:8243/userinfo
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* start date: Fri, 19 Feb 2010 07:02:26 GMT
* expire date: Tue, 13 Feb 2035 07:02:26 GMT
* issuer: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS /userinfo HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Host: localhost:8243
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< Date: Sun, 23 Oct 2016 14:43:27 GMT
< Transfer-Encoding: chunked
<
如果您使用相同的URL,請發布完整的curl請求和響應。
wso2 api管理器1.7 / oauth2 / userinfo api引發NullPointerException
[英]wso2 api manager 1.7 /oauth2/userinfo api throws NullPointerException
為WSO2 API Manager JWT Grant令牌端點配置CORS
[英]Configuring CORS for WSO2 API Manager JWT Grant token endpoint
oAuth2 - WSO2 API Manager和Identity Server集成
[英]oAuth2 - WSO2 API Manager and Identity Server Integration
WSO2身份和Oauth2-Userinfo引發錯誤:范圍不足
[英]WSO2 Identity and Oauth2 - Userinfo throws Error: Insufficient Scope
WSO2 API管理器-我們可以限制API支持的OAuth2授權類型嗎
[英]WSO2 API Manager - Can we limit supported OAuth2 Grant Type for an API
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.