How is it possible that programmatically creating and logging in users is so difficult in a years-old user accounts application?

Programmatic management of user accounts is an absolute mess in Keycloak.

It is insane there is no “login” method defined in the Keycloak admin client. There isn’t a path for the OAuth2 credential flow either.

People need to migrate and test user accounts. The password hash migration is a mess. I cannot tell you how to create a user using the Keycloak admin client that uses a custom algorithm (i.e., the one you’re migrating from), because all the CredentialRepresentation fields that would be appropriate have been deprecated for years.

The idea that it’s just people futsing about CSV files and GUIs is doubly insane. Nobody writes software that way. There’s nothing there. You have to elevate your practice.