keycloak · vmuzikar · Apr 24, 2026 · Apr 21, 2026 · Apr 23, 2026
@@ -59,16 +59,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-admin-v2-api</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>*</groupId>
-                    <artifactId>*</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-client</artifactId>

@@ -16,8 +16,6 @@
  */
 package org.keycloak.admin.client;
 
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
 import java.net.URI;
 import java.util.Iterator;
 import java.util.ServiceLoader;
@@ -218,6 +216,13 @@ public <T> T proxy(Class<T> proxyClass, URI absoluteURI) {
         WebTarget register = client.target(absoluteURI).register(newAuthFilter());
         return CLIENT_PROVIDER.targetProxy(register, proxyClass);
     }
+
+    /**
+     * Create a secure proxy with endpoints targetting the server
+     */
+    public <T> T proxy(Class<T> proxyClass) {
+        return CLIENT_PROVIDER.targetProxy(target, proxyClass);
+    }
 
     /**
      * Closes the underlying client. After calling this method, this <code>Keycloak</code> instance cannot be reused.
@@ -243,20 +248,4 @@ public boolean isClosed() {
         return closed;
     }
 
-    /**
-     * Method to return org.keycloak.admin.client.wrapper.Clients instance. Note that this class
-     * may not be available in some cases and hence reflection is used to instantiate that class
-     *
-     * @param realmName realm name
-     * @param clientsClass Typically class org.keycloak.admin.client.wrapper.Clients . This argument is present just to avoid casting.
-     * @return Instance of org.keycloak.admin.client.wrapper.Clients
-     */
-    public <C> C clients(String realmName, Class<C> clientsClass) {
-        try {
-            Constructor<C> constructor = clientsClass.getDeclaredConstructor(ResteasyClientProvider.class, WebTarget.class, String.class);
-            return constructor.newInstance(CLIENT_PROVIDER, target, realmName);
-        } catch (NoSuchMethodException | InstantiationException | IllegalAccessException | InvocationTargetException e) {
-            throw new RuntimeException(e);
-        }
-    }
 }
@@ -159,7 +159,7 @@ tags:
 - name: Clients (v2)
   x-smallrye-profile-admin: ""
 paths:
-  /admin/api/{realmName}/clients/{version}:
+  /admin/api/{realmName}/clients/v2:
     get:
       summary: Get all clients
       description: Returns a list of all clients in the realm
@@ -200,13 +200,7 @@ paths:
       required: true
       schema:
         type: string
-    - name: version
-      in: path
-      required: true
-      schema:
-        type: string
-        pattern: v\d+
-  /admin/api/{realmName}/clients/{version}/{id}:
+  /admin/api/{realmName}/clients/v2/{id}:
     get:
       summary: Get a client
       description: Returns a single client by its clientId
@@ -285,12 +279,6 @@ paths:
       required: true
       schema:
         type: string
-    - name: version
-      in: path
-      required: true
-      schema:
-        type: string
-        pattern: v\d+
     - name: id
       in: path
       required: true

@@ -6,7 +6,7 @@ import { FetchRequestAdapter } from "@microsoft/kiota-http-fetchlibrary";
 
 import type { KeycloakAdminClient } from "../client.js";
 import { createAdminClient } from "../generated/adminClient.js";
-import type { WithVersionItemRequestBuilder } from "../generated/admin/api/item/clients/item/index.js";
+import type { V2RequestBuilder } from "../generated/admin/api/item/clients/v2/index.js";
 
 // Re-export types for convenience
 export type {
@@ -42,15 +42,13 @@ class KeycloakAuthProvider implements AuthenticationProvider {
  */
 function createClientsV2Endpoint(
   client: KeycloakAdminClient,
-): WithVersionItemRequestBuilder {
+): V2RequestBuilder {
   const authProvider = new KeycloakAuthProvider(() => client.getAccessToken());
   const adapter = new FetchRequestAdapter(authProvider);
   adapter.baseUrl = client.baseUrl;
 
   const adminClient = createAdminClient(adapter);
-  return adminClient.admin.api
-    .byRealmName(client.realmName)
-    .clients.byVersion("v2");
+  return adminClient.admin.api.byRealmName(client.realmName).clients.v2;
 }
 
 /**
@@ -70,7 +68,7 @@ export class ClientsV2 {
    *
    * @returns The clients v2 endpoint
    */
-  api(): WithVersionItemRequestBuilder {
+  api(): V2RequestBuilder {
     return createClientsV2Endpoint(this.#client);
   }
 }
@@ -98,7 +98,6 @@ public abstract class KeycloakClientBaseController<R extends CustomResource<? ex
         implements Reconciler<R>, Cleaner<R> {
 
     public static final String CLIENT_ADMIN_API_V2 = "client-admin-api:v2";
-    private static final String CLIENT_API_VERSION = "v2";
     private static final String HTTPS = "https";
 
     static class KeycloakClientStatusAggregator {
@@ -308,7 +307,7 @@ private <V> V invoke(R resource, Context<R> context, Keycloak keycloak,
             var target = getWebTarget(kcAdmin);
             AdminRootV2 root = org.keycloak.admin.client.Keycloak.getClientProvider().targetProxy(target,
                     AdminRootV2.class);
-            return action.apply(root.adminApi(resource.getSpec().getRealm()).clients(CLIENT_API_VERSION)
+            return action.apply(root.adminApi(resource.getSpec().getRealm()).clientsV2()
                     .client(resource.getMetadata().getName()));
         }
     }

@@ -119,10 +119,10 @@ void testOpenApiFilter(KeycloakDistribution distribution) {
 
       // Verify endpoints reference the parent schema (no inline oneOf)
       response
-          .body("paths.'/admin/api/{realmName}/clients/{version}'.get.responses.'200'.content.'application/json'.schema.type", equalTo("array"))
-          .body("paths.'/admin/api/{realmName}/clients/{version}'.get.responses.'200'.content.'application/json'.schema.items.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"))
-          .body("paths.'/admin/api/{realmName}/clients/{version}/{id}'.get.responses.'200'.content.'application/json'.schema.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"))
-          .body("paths.'/admin/api/{realmName}/clients/{version}/{id}'.put.requestBody.content.'application/json'.schema.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"));
+          .body("paths.'/admin/api/{realmName}/clients/v2'.get.responses.'200'.content.'application/json'.schema.type", equalTo("array"))
+          .body("paths.'/admin/api/{realmName}/clients/v2'.get.responses.'200'.content.'application/json'.schema.items.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"))
+          .body("paths.'/admin/api/{realmName}/clients/v2/{id}'.get.responses.'200'.content.'application/json'.schema.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"))
+          .body("paths.'/admin/api/{realmName}/clients/v2/{id}'.put.requestBody.content.'application/json'.schema.'$ref'", equalTo("#/components/schemas/BaseClientRepresentation"));
 
       // @JsonPropertyDescription values must be propagated to schema property descriptions
       response

@@ -13,9 +13,9 @@
     <name>Keycloak Admin API v2 APIs</name>
 
     <properties>
-        <maven.compiler.source>17</maven.compiler.source>
-        <maven.compiler.target>17</maven.compiler.target>
-        <maven.compiler.release>17</maven.compiler.release>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
+        <maven.compiler.release>11</maven.compiler.release>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 

@@ -1,15 +1,14 @@
 package org.keycloak.admin.api;
 
 import jakarta.ws.rs.Path;
-import jakarta.ws.rs.PathParam;
 
 import org.keycloak.admin.api.client.ClientsApi;
 
 public interface AdminApi {
 
     /**
-     * Retrieve the Clients API group by version
+     * Retrieve the Clients v2 api
      */
-    @Path("clients/{version:v\\d+}")
-    ClientsApi clients(@PathParam("version") String version);
+    @Path("clients/v2")
+    ClientsApi clientsV2();
 }
@@ -140,9 +140,10 @@ void setProtocol(String protocol) {
 
     @Override
     public boolean equals(Object o) {
-        if (!(o instanceof BaseClientRepresentation that)) {
+        if (!(o instanceof BaseClientRepresentation)) {
             return false;
         }
+        BaseClientRepresentation that = (BaseClientRepresentation)o;
         return Objects.equals(uuid, that.uuid) && Objects.equals(clientId, that.clientId) && Objects.equals(displayName, that.displayName) && Objects.equals(description, that.description) && Objects.equals(enabled, that.enabled) && Objects.equals(appUrl, that.appUrl) && Objects.equals(redirectUris, that.redirectUris) && Objects.equals(roles, that.roles);
     }
 

@@ -127,9 +127,10 @@ public void setCertificate(String certificate) {
 
         @Override
         public boolean equals(Object o) {
-            if (!(o instanceof Auth auth)) {
+            if (!(o instanceof Auth)) {
                 return false;
             }
+            Auth auth = (Auth)o;
             return Objects.equals(method, auth.method) && Objects.equals(secret, auth.secret) && Objects.equals(certificate, auth.certificate);
         }
 
@@ -141,12 +142,13 @@ public int hashCode() {
 
     @Override
     public boolean equals(Object o) {
-        if (!(o instanceof OIDCClientRepresentation that)) {
+        if (!(o instanceof OIDCClientRepresentation)) {
             return false;
         }
         if (!super.equals(o)) {
             return false;
         }
+        OIDCClientRepresentation that = (OIDCClientRepresentation)o;
         return Objects.equals(loginFlows, that.loginFlows) && Objects.equals(auth, that.auth) && Objects.equals(webOrigins, that.webOrigins) && Objects.equals(serviceAccountRoles, that.serviceAccountRoles);
     }
 

@@ -169,8 +169,9 @@ public void setAllowEcpFlow(Boolean allowEcpFlow) {
 
     @Override
     public boolean equals(Object o) {
-        if (!(o instanceof SAMLClientRepresentation that)) return false;
+        if (!(o instanceof SAMLClientRepresentation)) return false;
         if (!super.equals(o)) return false;
+        SAMLClientRepresentation that = (SAMLClientRepresentation)o;
         return Objects.equals(nameIdFormat, that.nameIdFormat) 
                 && Objects.equals(forceNameIdFormat, that.forceNameIdFormat) 
                 && Objects.equals(includeAuthnStatement, that.includeAuthnStatement) 

@@ -1,7 +1,5 @@
 package org.keycloak.rest.admin.api;
 
-import jakarta.ws.rs.NotFoundException;
-
 import org.keycloak.admin.api.AdminApi;
 import org.keycloak.admin.api.client.ClientsApi;
 import org.keycloak.models.KeycloakSession;
@@ -32,10 +30,7 @@ public DefaultAdminApi(KeycloakSession session, String realmName) {
     }
 
     @Override
-    public ClientsApi clients(String version) {
-        return switch (version) {
-            case "v2" -> new DefaultClientsApi(session, realm, permissions, realmAdminResource);
-            default -> throw new NotFoundException();
-        };
+    public ClientsApi clientsV2() {
+        return new DefaultClientsApi(session, realm, permissions, realmAdminResource);
     }
 }