Maybe I am missing something, but it seems that the admin client and as well the Quarkus Keycloak Admin Client) does not support any other authentication methods than client id and secret, which surprises me a bit. I would have assumed that the admin client supports all, or at least most, of the client authentication methods that Keycloak supports.

Now with Keycloak 26.6, where the Federated client authentication feature is a supported feature, we are especially interested in authenticating with a Kubernetes Service Account Token, which we hoped would let us remove the client secret. But currently it seems we are blocked by the very limited authentication options of the admin client. (Which is, in my opinion, a bit sad 🙂)

I am really not sure if I am just missing something in this case. I would welcome any clarification. At least the documentation of the Quarkus Keycloak Admin Client states that the OidcClient can be used: “Note that the OidcClient can also be used to acquire tokens.” (https://quarkus.io/guides/security-keycloak-admin-client#:~:text=Note%20that%20the%20OidcClient%20can%20also%20be%20used%20to%20acquire%20tokens.). But I do not see how this should be done.

Thanks!