It seems like I have to use the Admin REST API somehow, but I am not sure which rest calls from the vast REST APIs I need to use? Is it "Add realm-level role mappings to the user" and "Delete realm-level role mappings"? What is "id" param then? Is this the "user id"? Can you please categorize the REST APIs in groups - "user management", "role CRUDs", etc., to make it easier to navigate?
There seems to be an example "admin-access-app", but it is not clear where it gets the app username/password. Are they just hard-coded "username" and "password"? In the case of Wildfly adapter, the client secret is configured inside the standalone.xml configuration file,
so
I expect to not have to configure it or read it from file configurations, but the container should provide it/inject it for me? Is this correct assumption? Any example wildfly code?
B.
It seems like i also need to use a
service account , so that the app can change user roles behind the scene on its own? Correct?
This blog post seems obsolete as there is no more "Service accounts enabled" switch I could find. I figured, one need to switch to "confidential" access type instead. Is this correct? Unfortunately, the corresponding example, "Service Account Example" does not show how one should proceed when the client secret is configured in the Wildfly's standalone.xml file and the developer is not expected to parse configuration files (either embedded in the WAR or elsewhere). Any example of how to get configured objects? I tried to get some clue from the
KeycloakDeploymentBuilderTest.java file, but it is not clear how one can get
KeycloakDeployment injected by the container rather than paring it from files. Any clue?
Thank you for the grate product! And thank you for any guidance you can provide - that would save me a lot of time and questions!