I am having trouble making CORS work at oAuth2's UserInfo endpoint. I want to retrieve claims (UserInfo) by calling the oAuth2 UserInfo resource.
As I understood from stackoverflow post "WSO2 API Manager CORS" ... enabling CORS for oAuth2 resources should be done in the Synapse configuration by adding the CORSRequest handler as described in above stackoverflow link.
I added this CORSRequest handler for Token en Revoke resources ( _TokenAPI_.xml
en _RevokeAPI_xml
) as described in the above link. And, it worked!
After those additions I discovered also CORS problem in my app, so I did the same procedure by adding the CORSRequestHandler to _UserInfoAPI_.xml
(inlcuding a restart on the server wso2server.bat)), but still I am getting the same CORS errors:
XMLHttpRequest cannot load https://localhost:9443/oauth2/userinfo?schema=openid. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
I don't understand that CORS is working on my token resource and not working on my userinfo resource ?
Btw, I am not using WSO2 Identity Server, but only using API Manager with oAuth2 capabilities. I checked and I can see that there is no Allows-* headers being sent back to the client (during an OPTIONS preflight) call by my browser(javascript).
Why is the CORSRequestHandler not working if I add this handler in UserInfAPI.xml?