[keycloak-user] Securing rest api with keycloak without cookie