CORS on the OAuth Server

The OAuth server supports CORS. CORS is always enabled for some endpoints whereas others need explicit configuration to enable it.

Default CORS Enabled Endpoints

The following endpoints support CORS without any configuration or setup:

  • OpenID Connect metadata
  • JWKS

These endpoints also do not require pre-flight checks.

Endpoints that Can be CORS Enabled

The following endpoints can be configured to support CORS:

  • Revoke
  • Dynamic Client Registration (DCR)
  • OpenID Connect User Info

To enable CORS on these endpoints, refer to the CORS section of the system admin guide.