I'm setting up apiman with Keycloak and have a question that the folks on the apiman user list suggested I ask here.
In the Wildfly configuration for apiman, I see several entries like this (one for each war file):
<kc:secure-deployment xmlns:kc="urn:jboss:domain:keycloak:1.0" name="apiman.war">
<kc:realm>apiman</kc:realm>
<kc:resource>apiman</kc:resource>
<kc:credential name="secret">password</kc:credential>
I'm noticing that they fill in the word "password" here, but in their instructions they don't specify to replace it with a particular password. My guess is that this credential is used only for applications that request REST Direct Access Grants, and that
since apiman doesn't do that, they can use a dummy password in this configuration.
Is it correct that this credential is used only for Direct Access Grants?