From fb5e1e88fe4c3552172ca0ad888e95ebc5feb484 Mon Sep 17 00:00:00 2001
From: Jens Trinh <jens.trinh@mgm-sp.com>
Date: Thu, 11 Jan 2024 19:45:39 +0100
Subject: [PATCH] fix: use grant type password with client secret

When both user credentials and client credentials are supplied, this
library used the grant_type=client_credentials. This fix will instead
retrieve the token with grant_type=password, similar to the Keycloak
admin CLI kcadm.sh.
---
 src/keycloak/openid_connection.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/keycloak/openid_connection.py b/src/keycloak/openid_connection.py
index c41af1c..081cbaf 100644
--- a/src/keycloak/openid_connection.py
+++ b/src/keycloak/openid_connection.py
@@ -311,10 +311,10 @@ class KeycloakOpenIDConnection(ConnectionManager):
         The admin token is then set in the `token` attribute.
         """
         grant_type = []
-        if self.client_secret_key:
-            grant_type.append("client_credentials")
-        elif self.username and self.password:
+        if self.username and self.password:
             grant_type.append("password")
+        elif self.client_secret_key:
+            grant_type.append("client_credentials")
 
         if grant_type:
             self.token = self.keycloak_openid.token(