Details
diff --git a/examples/cors/angular-product-app/src/main/webapp/index.html b/examples/cors/angular-product-app/src/main/webapp/index.html
index 4627452..3ba1344 100755
--- a/examples/cors/angular-product-app/src/main/webapp/index.html
+++ b/examples/cors/angular-product-app/src/main/webapp/index.html
@@ -92,9 +92,20 @@
<h2><span>Realm info</span></h2>
<button type="submit" data-ng-click="loadPublicRealmInfo()">Load public realm info</button>
- <div data-ng-show="realm">
- Realm name: {{realm.realm}} <br/>
- Public key: {{realm.public_key}} <br/>
+ <div data-ng-show="publicKeys">
+ <b>Realm issuer</b>: {{realmOIDCInfo.issuer}} <br/>
+ <table class="table" data-ng-show="publicKeys.keys.length > 0">
+ <thead>
+ <tr>
+ <th>Public Key KIDs</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr data-ng-repeat="pk in publicKeys.keys">
+ <td>{{pk.kid}}</td>
+ </tr>
+ </tbody>
+ </table>
</div>
</div>
<hr />
diff --git a/examples/cors/angular-product-app/src/main/webapp/js/app.js b/examples/cors/angular-product-app/src/main/webapp/js/app.js
index 70db67e..5ddf077 100755
--- a/examples/cors/angular-product-app/src/main/webapp/js/app.js
+++ b/examples/cors/angular-product-app/src/main/webapp/js/app.js
@@ -87,8 +87,13 @@ module.controller('GlobalCtrl', function($scope, $http) {
};
$scope.loadPublicRealmInfo = function() {
- $http.get("http://localhost-auth:8080/auth/realms/cors").success(function(data) {
- $scope.realm = angular.fromJson(data);
+ $http.get("http://localhost-auth:8080/auth/realms/cors/.well-known/openid-configuration").success(function(data) {
+ $scope.realmOIDCInfo = angular.fromJson(data);
+
+ var jwksUri = $scope.realmOIDCInfo.jwks_uri;
+ $http.get(jwksUri).success(function(data) {
+ $scope.publicKeys = angular.fromJson(data);
+ });
});
};
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
index 2c983ed..b07f06a 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolService.java
@@ -18,6 +18,7 @@
package org.keycloak.protocol.oidc;
import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.keycloak.events.EventBuilder;
import org.keycloak.forms.login.LoginFormsProvider;
@@ -32,9 +33,12 @@ import org.keycloak.protocol.oidc.endpoints.LoginStatusIframeEndpoint;
import org.keycloak.protocol.oidc.endpoints.LogoutEndpoint;
import org.keycloak.protocol.oidc.endpoints.TokenEndpoint;
import org.keycloak.protocol.oidc.endpoints.UserInfoEndpoint;
+import org.keycloak.services.resources.Cors;
import org.keycloak.services.resources.RealmsResource;
+import org.keycloak.services.util.CacheControlUtil;
import javax.ws.rs.GET;
+import javax.ws.rs.OPTIONS;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
@@ -67,6 +71,9 @@ public class OIDCLoginProtocolService {
@Context
private HttpHeaders headers;
+ @Context
+ private HttpRequest request;
+
public OIDCLoginProtocolService(RealmModel realm, EventBuilder event) {
this.realm = realm;
this.tokenManager = new TokenManager();
@@ -168,11 +175,18 @@ public class OIDCLoginProtocolService {
return endpoint;
}
+ @OPTIONS
+ @Path("certs")
+ @Produces(MediaType.APPLICATION_JSON)
+ public Response getVersionPreflight() {
+ return Cors.add(request, Response.ok()).allowedMethods("GET").preflight().auth().build();
+ }
+
@GET
@Path("certs")
@Produces(MediaType.APPLICATION_JSON)
@NoCache
- public JSONWebKeySet certs() {
+ public Response certs() {
List<KeyMetadata> publicKeys = session.keys().getKeys(realm, false);
JWK[] keys = new JWK[publicKeys.size()];
@@ -183,7 +197,9 @@ public class OIDCLoginProtocolService {
JSONWebKeySet keySet = new JSONWebKeySet();
keySet.setKeys(keys);
- return keySet;
+
+ Response.ResponseBuilder responseBuilder = Response.ok(keySet).cacheControl(CacheControlUtil.getDefaultCacheControl());
+ return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build();
}
@Path("userinfo")
diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
index f30665b..3ee7938 100755
--- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java
@@ -40,6 +40,7 @@ import org.keycloak.wellknown.WellKnownProvider;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
+import javax.ws.rs.OPTIONS;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
@@ -240,6 +241,14 @@ public class RealmsResource {
return brokerService;
}
+ @OPTIONS
+ @Path("{realm}/.well-known/{provider}")
+ @Produces(MediaType.APPLICATION_JSON)
+ public Response getVersionPreflight(final @PathParam("realm") String name,
+ final @PathParam("provider") String providerName) {
+ return Cors.add(request, Response.ok()).allowedMethods("GET").preflight().auth().build();
+ }
+
@GET
@Path("{realm}/.well-known/{provider}")
@Produces(MediaType.APPLICATION_JSON)
@@ -250,7 +259,7 @@ public class RealmsResource {
WellKnownProvider wellKnown = session.getProvider(WellKnownProvider.class, providerName);
ResponseBuilder responseBuilder = Response.ok(wellKnown.getConfig()).cacheControl(CacheControlUtil.getDefaultCacheControl());
- return Cors.add(request, responseBuilder).allowedOrigins("*").build();
+ return Cors.add(request, responseBuilder).allowedOrigins("*").auth().build();
}
@Path("{realm}/authz")
