In this documentation all the endpoints start with /realms/{realm}/... but older version use the /auth/ prefix, resulting in /auth/realms/{realm}. I haven’t found this change in any release notes. Am I missing something? From which version on is the change present and is there a way to determine this from outside in order to configure certain API-Call Urls.
Trying to access /auth/realms/{realm}... on the latest server version therefore results in a 404 Error
The default changed with the quarkus version. the /auth portion was removed. You can add it back with the --http-relative-path variable. Check the “new” configuration docs for more information: All configuration - Keycloak
If you are using a keycloak lib to do the auth, it already knows where to find the endpoints, but Keycloak is a openid connect provider and that protocol has an auto discovery mechanism.
So, if you use another oidc library, the base path (maybe called the issuer) is https://<full server dns name>/realms/<realm_name>
Also, if the lib asks for the auto configuration url, it is at https://<full server dns name>/realms/<realm_name>/.well-known/openid-configuration
That being said, you still need to tell the lib if keycloak is under /auth or /.
Okay, so this would mean that this relative path parameter (supposedly set to “/auth”) changes the auto configuration url to https://<full server dns name>/auth/realms/<realm_name>/.well-known/openid-configuration ?