Add CORS support for discovery and JSON Web Key Set endpoints
This makes absolute sense to support in order to ensure library compat, thanks for bringing this up. We are working to finish this, I’ll update this when it’s complete.
Sukrit Khera commented
I just ran a test for both the endpoints and it looks like it started working:
Here is test-cors playground:
I tried it with <tenantid> as well I am getting back expected CORS responses. Is this now officially supported by Azure team ?
Hosking, Matt commented
This now works? Would be worth letting everybody know it's all good.
It still dose not work for /discovery/keys
Hi, no updates? 8 months later
Hi, no updates to this?
Hi! Any updates with this? thanks!
That's great looking forward to it, I hope it will be completed as early as possible...
Jeremy Huckeba commented
Adding CORS to the key server would be helpful to get OpenID Connect certified clients such as oidc-client-js (and redux-oidc) to work. It is a common scenario to decrypt the key on the client to obtain claims for display purposes and *ALSO* pass that key in cookies or the auth header to an API layer to be validated by the API.
I see it's OK for .well-known/openid-configuration but NOK for /discovery/keys