Generate realm keys on startup


since the keys inside a new realm are empty (no jwks keys; /auth/realms/master/protocol/openid-connect/certs) unless the admin user logged in first time.

Is there a way (trough an SPI?) to get the old behavior back? There there a hook that can be executed on realm creation and execute the function DefaultKeyProviders.createProviders(newRealm);

Hey @jkroepke

This is currently planned to be reverted back in KC 13 release

However it sounds like it will probably change again in a later release as they transition to the Quarkus dist.

If you need the old behaviour back for now, probably best to run a minor fork until 13 is released.

Hey @samdammers

thanks for the information.

In meanwhile, we extract our custom logic from keycloak in a reverse proxy application. That should be more future proof.