WORS2 API Manager中的oAuth2 UserInfo终结点上CORS无效 [英] CORS is not working on oAuth2 UserInfo endpoint in WSO2 API Manager
问题描述
我无法使CORS在oAuth2的UserInfo端点上工作.我想通过调用oAuth2 UserInfo资源来检索声明(UserInfo).
I am having trouble making CORS work at oAuth2's UserInfo endpoint. I want to retrieve claims (UserInfo) by calling the oAuth2 UserInfo resource.
据我从stackoverflow帖子中了解到的" WSO2 API管理器CORS " ...启用了CORS应该按照上述stackoverflow链接中所述通过添加CORSRequest处理程序在Synapse配置中完成用于oAuth2资源的操作.如上链接中所述,我添加了此CORSRequest处理程序以用于令牌和撤销资源( _TokenAPI_.xml 和 _RevokeAPI_xml ).而且,它起作用了!这些添加之后,我在我的应用程序中也发现了CORS问题,因此我通过将CORSRequestHandler添加到 _UserInfoAPI_.xml (包括在服务器wso2server.bat上重新启动)来执行相同的步骤,但是我仍然收到相同的CORS错误:
As I understood from stackoverflow post "WSO2 API Manager CORS" ... enabling CORS for oAuth2 resources should be done in the Synapse configuration by adding the CORSRequest handler as described in above stackoverflow link.
I added this CORSRequest handler for Token en Revoke resources ( _TokenAPI_.xml en _RevokeAPI_xml) as described in the above link. And, it worked!
After those additions I discovered also CORS problem in my app, so I did the same procedure by adding the CORSRequestHandler to _UserInfoAPI_.xml (inlcuding a restart on the server wso2server.bat)), but still I am getting the same CORS errors:
XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
我不知道CORS正在使用我的令牌资源,而不正在使用我的userinfo资源?
I don't understand that CORS is working on my token resource and not working on my userinfo resource ?
顺便说一句,我不使用WSO2 Identity Server,而仅使用具有oAuth2功能的API管理器.我检查了一下,发现我的浏览器(javascript)没有将Allows- *标头发送回客户端(在OPTIONS预检期间).
Btw, I am not using WSO2 Identity Server, but only using API Manager with oAuth2 capabilities. I checked and I can see that there is no Allows-* headers being sent back to the client (during an OPTIONS preflight) call by my browser(javascript).
如果我在 UserInfAPI .xml中添加此处理程序,为什么CORSRequestHandler不起作用?
Why is the CORSRequestHandler not working if I add this handler in UserInfAPI.xml?
推荐答案
您确定对OPTION调用使用的是正确的URL,即 https://localhost:8243/userinfo ?
Are you sure you used the correct URL which is https://localhost:8243/userinfo for OPTION call?
我刚刚尝试过,这就是我得到的.
I just tried, and this is what I got.
bhathiya@bhathiya-x1:/$ curl -v -k -X OPTIONS https://localhost:8243/userinfo
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8243 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* start date: Fri, 19 Feb 2010 07:02:26 GMT
* expire date: Tue, 13 Feb 2035 07:02:26 GMT
* issuer: C=US,ST=CA,L=Mountain View,O=WSO2,CN=localhost
* compression: NULL
* ALPN, server did not agree to a protocol
> OPTIONS /userinfo HTTP/1.1
> Host: localhost:8243
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept: */*
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Host: localhost:8243
< Access-Control-Allow-Headers: authorization,Access-Control-Allow-Origin,Content-Type,SOAPAction
< Date: Sun, 23 Oct 2016 14:43:27 GMT
< Transfer-Encoding: chunked
<
如果您使用相同的URL,请张贴完整的curl请求和响应.
If you're using the same URL, please post your complete curl request and response.
这篇关于WORS2 API Manager中的oAuth2 UserInfo终结点上CORS无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
