[keycloak-user] Securing rest api with keycloak without cookie

Rudolf Jurišić rudolf.jurisic at degordian.com
Thu Mar 1 15:42:16 EST 2018


Hi guys!

I am building a nodejs restify app.
I want to protect my endpoints, but to use the login programatically.

I used the example from
https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/app.js

I make a request to the server
http://localhost:3000/login?login=admin_user&password=
admin_user&client_id=CAMPAIGN_CLIENT

and get a response with tokens.
{
    "access_token": {
        "token": "eyJhbGciOiJSUzI1NiIs...

With this token I then make a request with Authorization header bearer plus
token to a keycloak.protected endpoint.

If I do it with cookie, everythig works fine.

Can I do it without cookie (for example from postman), just by using the
token in every request I make on the protected endpoints?

And more importantly, is this a good flow and can it work like this:
1. obtain tokens
2. use bearer with the access token for every request to protected endpoints

?

Thanks


-- 
*RUDOLF JURIŠIĆ*
 #SENIOR_SOFTWARE_DEVELOPER
rudolf.jurisic at degordian.com
+385 99 2737 781

www.degordian.com
<http://www.degordian.com/?utm_source=signature&utm_medium=email&utm_content=rudolf.jurisic&utm_campaign=_d_email%20signature>
www.facebook.com/Degordian


More information about the keycloak-user mailing list