I'm using keycloak-connect (nodejs) for my backend with a bearer-only profile. The frontend is a client with a public profile:
1 - How can I add some private custom attributes in userInfo that are only accessible by the backend (bearer-only) ? I'm adding some attributes to the client that can only be seen by the backend, plus I don't want to add them to the token so I wont have a huge token size.
2 - How are sessions used with keycloak-connect ? I don't see anything stored by keyclaok when I inspect my store (redis) and I didn't find anything in the documentation.
3 - When performing online validation, Is grantmanager.validateAccessToken sufficient to get the userInfo or do I also need to use grantmanager.userInfo ? because 2 requests are a little bit costly
Thank you