Add CORS support for discovery and JSON Web Key Set endpoints
This makes absolute sense to support in order to ensure library compat, thanks for bringing this up. We are working to finish this, I’ll update this when it’s complete.
This now works? Would be worth letting everybody know it's all good.
It still dose not work for /discovery/keys
Hi, no updates? 8 months later
Hi, no updates to this?
Hi! Any updates with this? thanks!
That's great looking forward to it, I hope it will be completed as early as possible...
Jeremy Huckeba commented
Adding CORS to the key server would be helpful to get OpenID Connect certified clients such as oidc-client-js (and redux-oidc) to work. It is a common scenario to decrypt the key on the client to obtain claims for display purposes and *ALSO* pass that key in cookies or the auth header to an API layer to be validated by the API.
I see it's OK for .well-known/openid-configuration but NOK for /discovery/keys