问题
I am using Keycloak 10.0.2 to secure the spring boot REST API's and Angular 9 for front end.
The front end is served from the spring boot microservice running on http://localhost:8080.
On the keycloak side the openid-connect client web origin is configured to allow all origins.
Spring boot spring security is configured to use the Keycloak as oauth2 client provider.
spring:
security:
oauth2:
client:
provider:
keycloak:
issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc
scope: openid, profile
registration:
keycloak:
client-id: localhost
client-secret: xxxxx
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
resourceserver:
jwt:
issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc
The angular front end makes a logout API call http://localhost:8080/logout and is redirected to
HTTP/1.1 302 Found Location:
https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx
I am getting a CORS error in the Google Chrome browser
Access to XMLHttpRequest at 'https://abc-keycloak.abccloud.com/auth/realms/abc/protocol/openid-connect/logout?id_token_hint=xxxxxx&post_logout_redirect_uri=http://localhost:8080' (redirected from 'http://localhost:8080/logout') from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
回答1:
It shouldn't be a API call (request in the backround). Whole browser should be navigated to that app logout URL (and then to Keycloak logout URL).
来源:https://stackoverflow.com/questions/64713413/keycloak-cors-issue-on-logout-redirect