I have few points regarding example applications:
- For third-party oauth client example, there is not possibility to configure stuff through JSON but everything is hardcoded in classes Bootstrap and ProductDatabaseClient. There are also some strange comments in code like "This is the worst code ever" etc :-) This is not so ideal IMO as I expect that people will often look to the source code of these examples for inspiration. I believe that OAuth clients should also have something like ManagedResourceConfigLoader for Applications.

- For the "third-party" OAuth client, I don't like the fact that when user press "Cancel" in OAuth grant page, there is exception in server.log and Tomcat error page displayed. I believe the behaviour should be more user-friendly.

- Examples "customer-portal", "product-portal", "database-service" and "oauth-client" are using package "org.jboss.reasteasy..." instead of "org.keycloak..."

Any thoughts? Let me know if I should create JIRA or help with fixing those.