From ea0575869d928f24d225c60d1201fd1ae837d8a7 Mon Sep 17 00:00:00 2001 From: Jens Trinh Date: Thu, 11 Jan 2024 19:45:39 +0100 Subject: [PATCH] fix: use grant type password with client secret When both user credentials and client credentials are supplied, this library used the grant_type=client_credentials. This fix will instead retrieve the token with grant_type=password, similar to the Keycloak admin CLI kcadm.sh. --- src/keycloak/openid_connection.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/keycloak/openid_connection.py b/src/keycloak/openid_connection.py index c41af1c..081cbaf 100644 --- a/src/keycloak/openid_connection.py +++ b/src/keycloak/openid_connection.py @@ -311,10 +311,10 @@ class KeycloakOpenIDConnection(ConnectionManager): The admin token is then set in the `token` attribute. """ grant_type = [] - if self.client_secret_key: - grant_type.append("client_credentials") - elif self.username and self.password: + if self.username and self.password: grant_type.append("password") + elif self.client_secret_key: + grant_type.append("client_credentials") if grant_type: self.token = self.keycloak_openid.token(