Authorization policy is breaking preflight check in APIMAN

110 views Asked by At

I have 2 policies on my API (+1 for cors), first is keycloakOauthPolicy and the second is AuthorizationPolicy.

When I make some preflight request (then with verb OPTIONS and without any token in the header), I get that error from AuthorizationPolicy :

No roles have been extracted during authentication. Make sure the >authorization policy comes after a compatible authentication policy in >your configuration

What am I doing wrong?

1

There are 1 answers

0
maxence smets On BEST ANSWER

My bad, I had a plan with another policy (keycloak authentication) which was also taking in charge or at least breaking the flow, then CORS policy (which is filtering preflight request) wasn't working properly.