[keycloak-user] Securing Node.js stateless API

Hi guys, I want to secure a Node.js API with Keycloak. As a first step, I only want to allow requests of users with an open session in Keycloak. I've followed the guide here, http://www.keycloak.org/docs/latest/securing_apps/topics/oidc/nodejs-adap... However I don't want to use a session store as the API is stateless. Maybe I'm missing something here. My route looks like, router.use('/author', keycloak.protect(), author()); And my keycloak.json is below, { "realm": "testrealm", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "postman-client", "credentials": { "secret": "123a4567-abcd-12a4-987x-bb87f8f7f621" }, "bearerOnly": true } When I make a request to my Node.js API, I always receive a 403 with the message "Access denied". Te requests look like the below, GET /api/v1/en/author/ariel HTTP/1.1 Host: localhost:8081 Authorization: Bearer [the token I got upon authentication] Accept: application/json I'll appreciate any pointers on this. Thanks, Ariel