Re: [keycloak-user] Securing rest api with keycloak without cookie

wrote:

Hi guys! I am building a nodejs restify app. I want to protect my endpoints, but to use the login programatically. I used the example from https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/app.js I make a request to the server http://localhost:3000/login?login=admin_user&password= admin_user&client_id=CAMPAIGN_CLIENT and get a response with tokens. { "access_token": { "token": "eyJhbGciOiJSUzI1NiIs... With this token I then make a request with Authorization header bearer plus token to a keycloak.protected endpoint. If I do it with cookie, everythig works fine. Can I do it without cookie (for example from postman), just by using the token in every request I make on the protected endpoints?

And more importantly, is this a good flow and can it work like this: 1. obtain tokens 2. use bearer with the access token for every request to protected endpoints

? Thanks -- *RUDOLF JURIŠIĆ* #SENIOR_SOFTWARE_DEVELOPER rudolf.jurisic(a)degordian.com +385 99 2737 781 www.degordian.com <http://www.degordian.com/?utm_source=signature&utm_ medium=email&utm_content=rudolf.jurisic&utm_campaign=_d_email%20signature> www.facebook.com/Degordian _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user