Remove client_secret from token request

Author: Daenges

realms/README.md

@@ -14,7 +14,6 @@
 |Key|Value|
 |:-:|:-:|
 |client_id|sb-backend|
-|client_secret|Keycloak → Clients → sb-backend → Credentials|
 |grant_type|password|
 |username|User created above|
 |password|Password of user created above|

realms/sb-backend.json

@@ -477,24 +477,6 @@
   "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
   "webAuthnPolicyPasswordlessAcceptableAaguids": [],
   "webAuthnPolicyPasswordlessExtraOrigins": [],
-  "users": [
-    {
-      "id": "e2f1cc15-fbdd-47a2-9150-f62ef4b7e7a4",
-      "username": "service-account-sb-backend",
-      "emailVerified": false,
-      "createdTimestamp": 1741450579853,
-      "enabled": true,
-      "totp": false,
-      "serviceAccountClientId": "sb-backend",
-      "disableableCredentialTypes": [],
-      "requiredActions": [],
-      "realmRoles": [
-        "default-roles-study-buddies"
-      ],
-      "notBefore": 0,
-      "groups": []
-    }
-  ],
   "scopeMappings": [
     {
       "clientScope": "offline_access",
@@ -762,7 +744,6 @@
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
-      "secret": "**********",
       "redirectUris": [
         "http://localhost:8080/*"
       ],
@@ -772,11 +753,11 @@
       "notBefore": 0,
       "bearerOnly": false,
       "consentRequired": false,
-      "standardFlowEnabled": false,
+      "standardFlowEnabled": true,
       "implicitFlowEnabled": false,
       "directAccessGrantsEnabled": true,
-      "serviceAccountsEnabled": true,
-      "publicClient": false,
+      "serviceAccountsEnabled": false,
+      "publicClient": true,
       "frontchannelLogout": true,
       "protocol": "openid-connect",
       "attributes": {
@@ -796,13 +777,13 @@
         "require.pushed.authorization.requests": "false",
         "acr.loa.map": "{}",
         "display.on.consent.screen": "false",
+        "pkce.code.challenge.method": "S256",
         "token.response.type.bearer.lower-case": "false"
       },
       "authenticationFlowBindingOverrides": {},
       "fullScopeAllowed": true,
       "nodeReRegistrationTimeout": -1,
       "defaultClientScopes": [
-        "service_account",
         "web-origins",
         "acr",
         "roles",