I'm implementing stripe to a website which use parse server for the backend and keycloack for the security. Everything is running on the same server using docker.

Here's the flow to manage subscription. 1 When a user ask for checkout the backend generate a new stripe checkout session and redirect to the user. In the back I save the user ID and the checkout session ID. 2 The user does checkout and is redirected to the success url.

3 when The back recieve a checkout.session.completed, we look for the user based on checkout session and save the subscription ID Update keycloack user role to say it's a subscribed user

4 When the back get from stripe an invoice.payment_failed event or when the subscribition isn't renewed I need to remove the role on keycloack server.

I already have done the major part in an express js app but I was wondering what solution would be the best for security, reliability and maintenance :

1. Create a paiement service in nestjs which handle the stripe events and use his own mongodb database to save paiement data( user session and subscription) and update user roles on keycloack
2. Create a paiement service in nestjs which handle the stripe events and save user checkout session and subscription using parse server object rest api and update user roles on keycloack
3. Do everything in parse server cloud code but Is that safe to store keycloack account into parse server cloudcode ?

Thanks for your help