diff --git a/integration/js/src/main/resources/META-INF/resources/js/keycloak.js b/integration/js/src/main/resources/META-INF/resources/js/keycloak.js index dd49966b8d..336974bfce 100755 --- a/integration/js/src/main/resources/META-INF/resources/js/keycloak.js +++ b/integration/js/src/main/resources/META-INF/resources/js/keycloak.js @@ -38,9 +38,9 @@ var Keycloak = function (options) { delete sessionStorage.oauthToken; processCallback(successCallback, errorCallback); } else if (options.token) { - setToken(options.token, successCallback); + kc.setToken(options.token, successCallback); } else if (sessionStorage.oauthToken) { - setToken(sessionStorage.oauthToken, successCallback); + kc.setToken(sessionStorage.oauthToken, successCallback); } else if (options.onload) { switch (options.onload) { case 'login-required' : @@ -58,7 +58,7 @@ var Keycloak = function (options) { } kc.logout = function () { - setToken(undefined); + kc.setToken(undefined); window.location.href = kc.createLogoutUrl(); } @@ -164,8 +164,10 @@ var Keycloak = function (options) { var url = kc.getRealmUrl() + '/tokens/access/codes'; var req = new XMLHttpRequest(); - req.open('POST', url, true, options.clientId, options.clientSecret); + req.open('POST', url, true); req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); + req.setRequestHeader('Authorization', 'Basic ' + btoa(options.clientId + ':' + options.clientSecret)); + req.withCredentials = true; req.onreadystatechange = function () { if (req.readyState == 4) { @@ -197,12 +199,12 @@ var Keycloak = function (options) { kc.tokenParsed = JSON.parse(atob(token.split('.')[1])); kc.authenticated = true; - kc.username = kc.tokenParsed.sub; + kc.subject = kc.tokenParsed.sub; kc.realmAccess = kc.tokenParsed.realm_access; kc.resourceAccess = kc.tokenParsed.resource_access; setTimeout(function() { - successCallback && successCallback({ authenticated: kc.authenticated, username: kc.username }); + successCallback && successCallback({ authenticated: kc.authenticated, subject: kc.subject }); }, 0); } else { delete sessionStorage.oauthToken; diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java index 16db7d0310..6784de8c99 100755 --- a/services/src/main/java/org/keycloak/services/resources/TokenService.java +++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java @@ -38,6 +38,7 @@ import javax.ws.rs.GET; import javax.ws.rs.HeaderParam; import javax.ws.rs.NotAcceptableException; import javax.ws.rs.NotAuthorizedException; +import javax.ws.rs.OPTIONS; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.Produces; @@ -343,6 +344,13 @@ public class TokenService { return processLogin(clientId, scopeParam, state, redirect, formData); } + @Path("access/codes") + @OPTIONS + @Produces("application/json") + public Response accessCodeToTokenPreflight() { + return Cors.add(request, Response.ok()).auth().preflight().build(); + } + @Path("access/codes") @POST @Produces("application/json") @@ -418,7 +426,7 @@ public class TokenService { .generateIDToken() .generateRefreshToken().build(); - return Cors.add(request, Response.ok(res)).allowedOrigins(client).allowedMethods("POST").build(); + return Cors.add(request, Response.ok(res)).auth().allowedOrigins(client).allowedMethods("POST").build(); } protected ClientModel authorizeClient(String authorizationHeader) {