Andreas Abraham

This would be a feature request. It seems to be a single endpoint (`POST /{realm}/users/{id}/impersonation`) thus it should not be a big effort. What is the use case behind?

How about using the already existing `keycloak_admin.delete_realm_roles()`?

How about `delete_realm_roles()` It is a DELETE on URL_ADMIN_USER_REALM_ROLES

keycloak_admin.generate_client_secrets(client_id) should do the job.

No, there is no interface for that.

Only Marcos might comment on that; I assume that it is just a missing shortcut. On the other hand it will fail if the user does not have permissions for...

Works for me. The user has a client role assigned?

Currently the API does not support this. You would need to get a new token anyway thus the overhead is probably neglectable.

Sounds like the session timed out. Using `keycloak_admin.refresh_token()` should help (before the timeout)...

Never fiddled around with those, but you don't get it via `keycloak_openid.token()` or `introspect()`? If you want the external token, the API described in https://www.keycloak.org/docs/latest/server_development/index.html#retrieving-external-idp-tokens is not implemented yet.