[keycloak-user] Securing rest api with keycloak without cookie
Rudolf Jurišić
rudolf.jurisic at degordian.com
Thu Mar 1 15:42:16 EST 2018
Hi guys!
I am building a nodejs restify app.
I want to protect my endpoints, but to use the login programatically.
I used the example from
https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/app.js
I make a request to the server
http://localhost:3000/login?login=admin_user&password=
admin_user&client_id=CAMPAIGN_CLIENT
and get a response with tokens.
{
"access_token": {
"token": "eyJhbGciOiJSUzI1NiIs...
With this token I then make a request with Authorization header bearer plus
token to a keycloak.protected endpoint.
If I do it with cookie, everythig works fine.
Can I do it without cookie (for example from postman), just by using the
token in every request I make on the protected endpoints?
And more importantly, is this a good flow and can it work like this:
1. obtain tokens
2. use bearer with the access token for every request to protected endpoints
?
Thanks
--
*RUDOLF JURIŠIĆ*
#SENIOR_SOFTWARE_DEVELOPER
rudolf.jurisic at degordian.com
+385 99 2737 781
www.degordian.com
<http://www.degordian.com/?utm_source=signature&utm_medium=email&utm_content=rudolf.jurisic&utm_campaign=_d_email%20signature>
www.facebook.com/Degordian
More information about the keycloak-user
mailing list