Closing this ticket: we won't be adding this option.

It should be up to the user, to configure Keycloak as needed. If one wants direct access, they should enable it. Our work is mainly to test the assignment of the token and make sure HTTP API invoke works (which is the case).

At some point we need to move forward with decoupling from Keycloak: AGPUSH-1047