I have 2 policies on my API (+1 for cors), first is keycloakOauthPolicy and the second is AuthorizationPolicy.
When I make some preflight request (then with verb OPTIONS and without any token in the header), I get that error from AuthorizationPolicy :
No roles have been extracted during authentication. Make sure the >authorization policy comes after a compatible authentication policy in >your configuration
What am I doing wrong?
My bad, I had a plan with another policy (keycloak authentication) which was also taking in charge or at least breaking the flow, then CORS policy (which is filtering preflight request) wasn't working properly.