New spec (#16)

* add format * fix tests * implement new spec * fix unit tests * try to fix * use the spec * exclude * fix the config * implement new api * fix tests * update * correct support for the format * more fixes * extend oidc4vci * extend support to work within walt * fix tests * fix tests * fix more tests * remove dup * fix it * extend testing * more testing * doc * walt compat * fix immutable list problem * try to fix ui * log * only info * add proof check * update doc * change case * case mapping * show exception * did * everything out * dumb mistake * more * fix test * fix types read * fix format * use an object * cors header * options response
FIWARE · Mar 27, 2023 · e5d8c5c · e5d8c5c
1 parent 1b002f4
commit e5d8c5c
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/main/java/org/fiware/keycloak/VCIssuerRealmResourceProvider.java b/src/main/java/org/fiware/keycloak/VCIssuerRealmResourceProvider.java
@@ -64,6 +64,7 @@
 import javax.ws.rs.Consumes;
 import javax.ws.rs.FormParam;
 import javax.ws.rs.GET;
+import javax.ws.rs.OPTIONS;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@@ -366,7 +367,8 @@ public Response exchangeToken(@PathParam("issuer-did") String issuerDidParam,
 
 		LOGGER.infof("Successfully returned the token: %s.", encryptedToken);
 		return Response.ok().entity(new TokenResponse(encryptedToken, tokenType, expiresIn, null, null))
-				.header("Access-Control-Allow-Origin", "*").build();
+				.header("Access-Control-Allow-Origin", "*")
+				.build();
 	}
 
 	public String generateAuthorizationCode() {
@@ -390,6 +392,14 @@ private Response getErrorResponse(ErrorType errorType) {
 		return Response.status(Response.Status.BAD_REQUEST).entity(new ErrorResponse(errorType.getValue())).build();
 	}
 
+	// since we cannot know the address of the requesting wallets in advance, we have to accept all origins.
+	@OPTIONS
+	@Path("{any: .*}")
+	public Response optionCorsResponse() {
+		return Response.ok().header("Access-Control-Allow-Origin", "*")
+				.header("Access-Control-Allow-Methods", "POST,GET,OPTIONS").build();
+	}
+
 	/**
 	 * Returns a verifiable credential of the given type, containing the information and roles assigned to the
 	 * authenticated user.