We are trying to setup an app in CAM for authentication from an angular APP using OpenID Connect oAuth 2.0
It works to receive access token and id_token. But we need additional functionality to refresh tokens(access, id_token) silently with no prompt to login to extend user session. And there is only one way to achieve it by setting a "silent-refresh.html" page which can be loaded in a hidden iframe. But we need to add additional redirectURI for it which CAM is not allowing.
Problem 1: How to add 2 redirectURI for same application?
If we are setting up Authorization Code Flow in angular app, we are getting back Authorization Code but we send request to TokenEndpoint with auth code for retrieving access token. It keep throwing back "Access-Control-Allow-Origin" error while we angular app is on same domain as of CAM server.
Problem 2: How to add a website for "Access-Control-Allow-Origin" in CAM?