See also: https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/admin-cli.adoc
alias kcadmdocker="docker run --net=host -it --user=1000:1000 --rm -v $(echo $HOME)/.acme/.keycloak:/opt/jboss/.keycloak --entrypoint /opt/jboss/keycloak/bin/kcadm.sh jboss/keycloak:10.0.2"
docker exec -it vertx-keycloak /bin/bash
alias kcadm='/opt/jboss/keycloak/bin/kcadm.sh'
cd $KEYCLOAK_HOME
alias kcadm='bin/kcadm.sh'
kcadm config credentials --server http://127.0.0.1:8080/auth --realm master --user admin --password admin
KC_REALM=vertx
kcadm create realms -s realm=$KC_REALM -s enabled=true
kcadm create roles -r $KC_REALM -s name=user -o
kcadm create roles -r $KC_REALM -s name=admin -o
kcadm create users -r $KC_REALM -s username=tester -s firstName=Theo -s lastName=Tester -s email='tom+tester@localhost' -s enabled=true
kcadm create users -r $KC_REALM -s username=vadmin -s firstName=Vlad -s lastName=Admin -s email='tom+vlad@localhost' -s enabled=true
kcadm set-password -r $KC_REALM --username tester --new-password test
kcadm set-password -r $KC_REALM --username vadmin --new-password test
kcadm add-roles -r $KC_REALM --uusername tester --rolename user
kcadm add-roles -r $KC_REALM --uusername vadmin --rolename user --rolename admin
# Create client with client secret
kcadm create clients -r $KC_REALM -f - << EOF
{
"clientId": "demo-client",
"rootUrl": "http://localhost:8090",
"baseUrl": "/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "1f88bd14-7e7f-45e7-be27-d680da6e48d8",
"redirectUris": ["/*"],
"webOrigins": ["+"],
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"defaultClientScopes": ["web-origins","role_list","roles","profile","email"],
"optionalClientScopes": ["address","phone","offline_access","microprofile-jwt"]
}
EOF
# Update client secret
## find id of client
KC_CLIENT=demo-client
clientUuid=$(bin/kcadm.sh get clients -r $KC_REALM --fields 'id,clientId' | jq -c ".[] | select(.clientId == \"$KC_CLIENT\")" | jq -r .id)
clientSecret=abc1234
## Set new client secret
kcadm update clients/$clientUuid -r $KC_REALM -s "secret=$clientSecret"
Love this, thanks!