Keycloak to authenticate Grafana login

have to create OAuth login to Grafana with Keycloak as a SSO. I created Realm with Client (confidential, valid redirect URI is a Grafana URI). Now when I’m starting Grafana (with ansible) I have to create grafana.ini and put there client-secret . I want to make it automatically and I was trying to get client-secret from Keycloak API, in that order https://localhost:8080/auth/realms/realm_name/protocol/openid-connect/token with username and password, then https://localhost:8080/auth/admin/realms/realm_name/clients givin access token, then https://localhost:8080/auth/admin/realms/client_name/clients/{{id of client}} with access token. But… I’ve got problem at beginning - first endpoint requires client secret when it’s confidential client. Is it possible to get client secret from API with confidential client? I’m running Keycloak and Grafana as containers from ansible, so I want to make it “automatic”.

Thanks for your help.