diff --git a/bom/runtime/pom.xml b/bom/runtime/pom.xml
index 11c8f780374f30..8aa72a7d053d6d 100644
--- a/bom/runtime/pom.xml
+++ b/bom/runtime/pom.xml
@@ -389,6 +389,11 @@
quarkus-keycloak-authorization
${project.version}
+
+ io.quarkus
+ quarkus-keycloak-admin-client
+ ${project.version}
+
io.quarkus
quarkus-flyway
@@ -2884,6 +2889,17 @@
keycloak-core
${keycloak.version}
+
+ org.keycloak
+ keycloak-admin-client
+ ${keycloak.version}
+
+
+ org.checkerframework
+ checker-qual
+
+
+
org.keycloak
keycloak-adapter-spi
diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index 420e6753ed5a38..d1f6d3927d7128 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -174,6 +174,9 @@ Log in as the `admin` user to access the Keycloak Administration Console. Userna
Import the {quickstarts-tree-url}/security-openid-connect-quickstart/config/quarkus-realm.json[realm configuration file] to create a new realm. For more details, see the Keycloak documentation about how to https://www.keycloak.org/docs/latest/server_admin/index.html#_create-realm[create a new realm].
+NOTE: If you want to use the Keycloak Admin Client to configure your server from your application you need to include the
+`quarkus-keycloak-admin-client` extension.
+
== Running and Using the Application
=== Running in Developer Mode
diff --git a/extensions/keycloak-admin-client/deployment/pom.xml b/extensions/keycloak-admin-client/deployment/pom.xml
new file mode 100644
index 00000000000000..e13a93ba4c636d
--- /dev/null
+++ b/extensions/keycloak-admin-client/deployment/pom.xml
@@ -0,0 +1,59 @@
+
+
+
+ quarkus-keycloak-admin-client-parent
+ io.quarkus
+ 999-SNAPSHOT
+ ../
+
+ 4.0.0
+
+ quarkus-keycloak-admin-client-deployment
+ Quarkus - Keycloak Admin Client - Deployment
+
+
+
+ io.quarkus
+ quarkus-keycloak-admin-client
+
+
+ io.quarkus
+ quarkus-rest-client-deployment
+
+
+ io.quarkus
+ quarkus-jackson-deployment
+
+
+
+ io.quarkus
+ quarkus-junit5-internal
+ test
+
+
+ io.rest-assured
+ rest-assured
+ test
+
+
+
+
+
+
+ maven-compiler-plugin
+
+
+
+ io.quarkus
+ quarkus-extension-processor
+ ${project.version}
+
+
+
+
+
+
+
+
diff --git a/extensions/keycloak-admin-client/deployment/src/main/java/io/quarkus/keycloak/adminclient/deployment/KeycloakAdminClientProcessor.java b/extensions/keycloak-admin-client/deployment/src/main/java/io/quarkus/keycloak/adminclient/deployment/KeycloakAdminClientProcessor.java
new file mode 100644
index 00000000000000..099861e898ea09
--- /dev/null
+++ b/extensions/keycloak-admin-client/deployment/src/main/java/io/quarkus/keycloak/adminclient/deployment/KeycloakAdminClientProcessor.java
@@ -0,0 +1,37 @@
+package io.quarkus.keycloak.adminclient.deployment;
+
+import org.jboss.jandex.DotName;
+import org.jboss.resteasy.client.jaxrs.internal.ResteasyClientBuilderImpl;
+import org.jboss.resteasy.client.jaxrs.internal.proxy.ProxyBuilderImpl;
+import org.keycloak.admin.client.JacksonProvider;
+import org.keycloak.common.util.MultivaluedHashMap;
+import org.keycloak.json.StringListMapDeserializer;
+import org.keycloak.json.StringOrArrayDeserializer;
+import org.keycloak.json.StringOrArraySerializer;
+
+import io.quarkus.deployment.annotations.BuildProducer;
+import io.quarkus.deployment.annotations.BuildStep;
+import io.quarkus.deployment.builditem.AdditionalApplicationArchiveMarkerBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.ReflectiveHierarchyIgnoreWarningBuildItem;
+
+public class KeycloakAdminClientProcessor {
+
+ @BuildStep
+ ReflectiveHierarchyIgnoreWarningBuildItem marker(BuildProducer prod) {
+ prod.produce(new AdditionalApplicationArchiveMarkerBuildItem("org/keycloak/admin/client/"));
+ prod.produce(new AdditionalApplicationArchiveMarkerBuildItem("org/keycloak/representations"));
+ return new ReflectiveHierarchyIgnoreWarningBuildItem(DotName.createSimple(MultivaluedHashMap.class.getName()));
+ }
+
+ @BuildStep
+ ReflectiveClassBuildItem reflect() {
+ return ReflectiveClassBuildItem.builder(ResteasyClientBuilderImpl.class, JacksonProvider.class, ProxyBuilderImpl.class,
+ StringListMapDeserializer.class,
+ StringOrArrayDeserializer.class,
+ StringOrArraySerializer.class)
+ .constructors(true)
+ .methods(true)
+ .build();
+ }
+}
diff --git a/extensions/keycloak-admin-client/pom.xml b/extensions/keycloak-admin-client/pom.xml
new file mode 100644
index 00000000000000..9a50c88c021b8f
--- /dev/null
+++ b/extensions/keycloak-admin-client/pom.xml
@@ -0,0 +1,20 @@
+
+
+
+ quarkus-build-parent
+ io.quarkus
+ 999-SNAPSHOT
+ ../../build-parent/pom.xml
+
+ 4.0.0
+
+ quarkus-keycloak-admin-client-parent
+ Quarkus - Keycloak Admin Client
+ pom
+
+ deployment
+ runtime
+
+
diff --git a/extensions/keycloak-admin-client/runtime/pom.xml b/extensions/keycloak-admin-client/runtime/pom.xml
new file mode 100644
index 00000000000000..fc18926b83f681
--- /dev/null
+++ b/extensions/keycloak-admin-client/runtime/pom.xml
@@ -0,0 +1,93 @@
+
+
+
+ quarkus-keycloak-admin-client-parent
+ io.quarkus
+ 999-SNAPSHOT
+ ../
+
+ 4.0.0
+
+ quarkus-keycloak-admin-client
+ Quarkus - Keycloak Admin Client - Runtime
+ Administer a Keycloak Instance
+
+
+
+ io.quarkus
+ quarkus-oidc
+
+
+ io.quarkus
+ quarkus-rest-client
+
+
+ org.keycloak
+ keycloak-adapter-core
+
+
+ org.keycloak
+ keycloak-core
+
+
+ org.keycloak
+ keycloak-admin-client
+
+
+ io.quarkus
+ quarkus-jackson
+
+
+ org.apache.httpcomponents
+ httpasyncclient
+
+
+ commons-logging
+ commons-logging
+
+
+
+
+ org.keycloak
+ keycloak-authz-client
+
+
+ commons-logging
+ commons-logging
+
+
+
+
+ org.jboss.logging
+ commons-logging-jboss-logging
+
+
+ junit
+ junit
+ test
+
+
+
+
+
+
+ io.quarkus
+ quarkus-bootstrap-maven-plugin
+
+
+ maven-compiler-plugin
+
+
+
+ io.quarkus
+ quarkus-extension-processor
+ ${project.version}
+
+
+
+
+
+
+
diff --git a/extensions/keycloak-admin-client/runtime/src/main/resources/META-INF/quarkus-extension.yaml b/extensions/keycloak-admin-client/runtime/src/main/resources/META-INF/quarkus-extension.yaml
new file mode 100644
index 00000000000000..1d7184fc22ffbf
--- /dev/null
+++ b/extensions/keycloak-admin-client/runtime/src/main/resources/META-INF/quarkus-extension.yaml
@@ -0,0 +1,11 @@
+---
+name: "Keycloak Admin Client"
+metadata:
+ keywords:
+ - "oauth2"
+ - "openid-connect"
+ - "keycloak"
+ - "authorization-services"
+ categories:
+ - "security"
+ status: "stable"
diff --git a/extensions/pom.xml b/extensions/pom.xml
index f7395ba7092182..9e4763a2500a76 100644
--- a/extensions/pom.xml
+++ b/extensions/pom.xml
@@ -114,6 +114,7 @@
smallrye-jwt
oidc
keycloak-authorization
+ keycloak-admin-client
infinispan-client
diff --git a/integration-tests/oidc-code-flow/pom.xml b/integration-tests/oidc-code-flow/pom.xml
index f3867b720ee6a8..ddbd3c11ef8a61 100644
--- a/integration-tests/oidc-code-flow/pom.xml
+++ b/integration-tests/oidc-code-flow/pom.xml
@@ -23,6 +23,10 @@
io.quarkus
quarkus-oidc
+
+ io.quarkus
+ quarkus-keycloak-admin-client
+
io.quarkus
quarkus-resteasy-jackson
@@ -42,7 +46,6 @@
org.keycloak
keycloak-core
- test
io.rest-assured
diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/AdminClientResource.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/AdminClientResource.java
new file mode 100644
index 00000000000000..f6690d0a2bb9f5
--- /dev/null
+++ b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/AdminClientResource.java
@@ -0,0 +1,33 @@
+package io.quarkus.it.keycloak;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+import org.jboss.logging.Logger;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
+
+@Path("/admin-client")
+public class AdminClientResource {
+
+ private static final Logger LOG = Logger.getLogger(AdminClientResource.class);
+
+ @ConfigProperty(name = "admin-url")
+ String url;
+
+ @GET
+ @Produces(MediaType.TEXT_PLAIN)
+ public String hello() {
+ LOG.info("Hello invoked");
+
+ Keycloak keycloak = KeycloakBuilder.builder().serverUrl(url)
+ .realm("master")
+ .clientId("admin-cli")
+ .username("admin")
+ .password("admin").build();
+ return keycloak.realm("quarkus").toRepresentation().getRealm();
+ }
+}
diff --git a/integration-tests/oidc-code-flow/src/main/resources/application.properties b/integration-tests/oidc-code-flow/src/main/resources/application.properties
index d7a58cc8d54354..05b6e013dc98cb 100644
--- a/integration-tests/oidc-code-flow/src/main/resources/application.properties
+++ b/integration-tests/oidc-code-flow/src/main/resources/application.properties
@@ -1,6 +1,7 @@
# Configuration file
# Default tenant configuration
+admin-url=${keycloak.url}
quarkus.oidc.auth-server-url=${keycloak.url}/realms/quarkus
quarkus.oidc.client-id=quarkus-app
quarkus.oidc.credentials.secret=secret
diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/AdminClientTestCase.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/AdminClientTestCase.java
new file mode 100644
index 00000000000000..9d04d016d0ae0b
--- /dev/null
+++ b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/AdminClientTestCase.java
@@ -0,0 +1,22 @@
+package io.quarkus.it.keycloak;
+
+import static io.restassured.RestAssured.given;
+import static org.hamcrest.CoreMatchers.is;
+
+import org.junit.jupiter.api.Test;
+
+import io.quarkus.test.junit.QuarkusTest;
+
+@QuarkusTest
+public class AdminClientTestCase {
+
+ @Test
+ public void testHelloEndpoint() {
+ given()
+ .when().get("/admin-client")
+ .then()
+ .statusCode(200)
+ .body(is("quarkus"));
+ }
+
+}
\ No newline at end of file
diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/NativeAdminClientITCase.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/NativeAdminClientITCase.java
new file mode 100644
index 00000000000000..7a6eb73b226668
--- /dev/null
+++ b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/NativeAdminClientITCase.java
@@ -0,0 +1,9 @@
+package io.quarkus.it.keycloak;
+
+import io.quarkus.test.junit.NativeImageTest;
+
+@NativeImageTest
+public class NativeAdminClientITCase extends AdminClientTestCase {
+
+ // Execute the same tests but in native mode.
+}
\ No newline at end of file