[keycloak-user] nodejs keycloak connect
Olivier Refalo
orefalo at yahoo.com
Wed Nov 29 17:47:00 EST 2017
Hi everyone,
I am playing with KeyCloak in order to protect my nodeJS API.
Looking at the node connector, there are areas which I don't understand....
First and foremost, why does the connector creates a SessionStore???
I mean it makes perfect sense when it's a web application, but for a stateless API (protected by a BearerToken), it sounds overkill to think in terms of "session"
Directly related, I see a BearerStore, which I don't know how to use.. Should I use it as the store to protect an API?
Last but not least, and this is a broader question, How would you protect a GraphQL Schema?
FYI, a typical GraphQL API only has one endpoint. authorization would be defined in the data schema itself, using some @directives.
Thanks for the help,
Sincerely,
Olivier
More information about the keycloak-user
mailing list