[PR #10933/c850e209 backport][stable-11] Add support for client auth in Keycloak cllient secrets module (#10946)

Add support for client auth in Keycloak cllient secrets module (#10933) * keycloak: add client authentication support for client_secret * readd ['token', 'auth_realm'] --------- (cherry picked from commit c850e209ab) Signed-off-by: Marius Bertram <marius@brtrm.de> Co-authored-by: Marius Bertram <marius@brtrm.de>
2026-02-04 07:51:50 +00:00 · 2025-10-19 21:22:44 +02:00 · 2025-10-19 21:22:44 +02:00 · 6526e0196a
commit 6526e0196a
parent e757adbfca
4 changed files with 24 additions and 2 deletions
--- a/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml
+++ b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth`` work (https://github.com/ansible-collections/community.general/issues/10932, https://github.com/ansible-collections/community.general/pull/10933).
--- a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py
+++ b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py
@ -35,8 +35,8 @@ def keycloak_clientsecret_module():
        argument_spec=argument_spec,
        supports_check_mode=True,
        required_one_of=([['id', 'client_id'],
-                         ['token', 'auth_realm', 'auth_username', 'auth_password']]),
-        required_together=([['auth_realm', 'auth_username', 'auth_password']]),
+                         ['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]),
+        required_together=([['auth_username', 'auth_password']]),
        mutually_exclusive=[
            ['token', 'auth_realm'],
            ['token', 'auth_username'],
--- a/plugins/modules/keycloak_clientsecret_info.py
+++ b/plugins/modules/keycloak_clientsecret_info.py
@ -94,6 +94,16 @@ EXAMPLES = r"""
    token: TOKEN
  delegate_to: localhost
  no_log: true
+
+- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_info:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """

 RETURN = r"""
--- a/plugins/modules/keycloak_clientsecret_regenerate.py
+++ b/plugins/modules/keycloak_clientsecret_regenerate.py
@ -97,6 +97,16 @@ EXAMPLES = r"""
    token: TOKEN
  delegate_to: localhost
  no_log: true
+
+- name: Regenerate a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_regenerate:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """

 RETURN = r"""