[java confidential client] is it necessary to manually instantiate client to access admin api?

Hi All,
I’m new to Keycloak and I successfully managed to set it up and cover nearly all my needs.
From a java app I see in the keycloak-quickstart projects it is easy to access the AuthzClient by simply using getAuthzClient() below:

    private AuthzClient getAuthzClient() {
        return getAuthorizationContext().getClient();

    private ClientAuthorizationContext getAuthorizationContext() {
        return ClientAuthorizationContext.class.cast(getKeycloakSecurityContext().getAuthorizationContext());

    private KeycloakSecurityContext getKeycloakSecurityContext() {
        return KeycloakSecurityContext.class.cast(request.getAttribute(KeycloakSecurityContext.class.getName()));

Is there a way to easily get an AdminClient the same way? I’d like for example to get the list of groups of a realm, i found it weird to have to manually instantiate a client and manually put credential if my client is a confidential client:

Keycloak keycloak = Keycloak.getInstance(

like specified in doc https://www.keycloak.org/docs/latest/server_development/#example-using-java
Am I missing something?

Thank you. What is still unclear to me, is why i can access directly the AuthzClient (I guess in this case it possible by using the confidential client credentials defined in the Keycloak OIDC json or Jboss XML subsystem…) and why for accessing Admin Client I need to use a different access or credentials.

Problem with what you mentioned above is that in case of having several client instance deployments of the same ear, you need to manually configure, for each instance, and at the client level, a secret or some credentials separately from confidential client OIDC credentials.

So it is not possible to use the same OIDC credentials for the Admin Client?