Deprecated API

Contents

• Terminally Deprecated
• Interfaces
• Classes
• Enum Classes
• Fields
• Methods
• Constructors
• Enum Constants

Terminally Deprecated Elements

Element	Description
org.keycloak.http.HttpCookie	This class will be removed in the future. Please use NewCookie.Builder
org.keycloak.http.HttpResponse.setCookieIfAbsent(HttpCookie)	This method will be removed in the future. Please use NewCookie.Builder
org.keycloak.locale.LocaleSelectorProvider.LOCALE_COOKIE

Deprecated Interfaces

Interface	Description
org.keycloak.cluster.ClusterProvider	This is only available when the legacy store is enabled. Support for this will be eventually removed.
org.keycloak.storage.federated.UserAttributeFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserBrokerLinkFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserConsentFederatedStorage.Streams	This interface is no longer necessary, collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserFederatedStorageProvider.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserFederatedUserCredentialStore.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserGroupMembershipFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserRequiredActionsFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserRoleMappingsFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly

Deprecated Classes

Class	Description
org.keycloak.common.util.HttpPostRedirect	Class is deprecated and may be removed in the future. Use org.keycloak.saml.BaseSAML2BindingBuilder#buildHtml instead
org.keycloak.common.util.ServerCookie	Should not be used on the Keycloak server-side, or in extensions. Will be removed when no longer used by adapters
org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory	The PBKDF2 provider with SHA1 and the recommended number of 1.300.000 iterations is known to be very slow. We recommend to use the PBKDF2 variants with SHA256 or SHA512 instead.
org.keycloak.http.HttpCookie	This class will be removed in the future. Please use NewCookie.Builder
org.keycloak.models.credential.PasswordUserCredentialModel	Recommended to use UserCredentialModel as it contains all the functionality required by this class
org.keycloak.representations.idm.ApplicationRepresentation
org.keycloak.representations.idm.ClientTemplateRepresentation
org.keycloak.representations.idm.OAuthClientRepresentation
org.keycloak.RSATokenVerifier
org.keycloak.services.managers.RealmManagerProviderFactory
org.keycloak.services.managers.RealmManagerSpi
org.keycloak.social.linkedin.LinkedInIdentityProvider
org.keycloak.social.linkedin.LinkedInIdentityProviderFactory
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.ImportRealmFromRepresentationEvent
org.keycloak.storage.PartialImportRealmFromRepresentationEvent
org.keycloak.url.FixedHostnameProvider
org.keycloak.url.FixedHostnameProviderFactory
org.keycloak.url.RequestHostnameProvider
org.keycloak.url.RequestHostnameProviderFactory
org.keycloak.utils.ServicesUtils	- DELETE once only used from within legacy datastore module

Deprecated Enum Classes

Enum Class	Description
org.keycloak.jose.jws.Algorithm

Deprecated Fields

Field	Description
org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticator.STORE_IN_USER_SESSION
org.keycloak.broker.saml.SAMLEndpoint.SAML_FEDERATED_SUBJECT
org.keycloak.broker.saml.SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEFORMAT
org.keycloak.credential.CredentialModel.HOTP
org.keycloak.credential.CredentialModel.OTP
org.keycloak.credential.CredentialModel.PASSWORD
org.keycloak.credential.CredentialModel.PASSWORD_HISTORY
org.keycloak.credential.CredentialModel.PASSWORD_TOKEN
org.keycloak.credential.CredentialModel.TOTP
org.keycloak.locale.LocaleSelectorProvider.LOCALE_COOKIE
org.keycloak.models.BrowserSecurityHeaders.realmDefaultHeaders
org.keycloak.models.jpa.entities.CredentialEntity.salt
org.keycloak.models.LDAPConstants.USE_TRUSTSTORE_LDAPS_ONLY	Use LDAPConstants.USE_TRUSTSTORE_ALWAYS instead.
org.keycloak.models.UserCredentialModel.HOTP
org.keycloak.models.UserCredentialModel.PASSWORD
org.keycloak.models.UserCredentialModel.PASSWORD_HISTORY
org.keycloak.models.UserCredentialModel.PASSWORD_TOKEN
org.keycloak.models.UserCredentialModel.TOTP
org.keycloak.protocol.RestartLoginCookie.cs
org.keycloak.representations.idm.ApplicationRepresentation.claims
org.keycloak.representations.idm.ClientRepresentation.clientTemplate
org.keycloak.representations.idm.ClientRepresentation.defaultRoles
org.keycloak.representations.idm.ClientRepresentation.directGrantsOnly
org.keycloak.representations.idm.CredentialRepresentation.counter
org.keycloak.representations.idm.CredentialRepresentation.device
org.keycloak.representations.idm.CredentialRepresentation.hashedSaltedValue
org.keycloak.representations.idm.CredentialRepresentation.hashIterations
org.keycloak.representations.idm.CredentialRepresentation.salt
org.keycloak.representations.idm.IdentityProviderRepresentation.updateProfileFirstLoginMode
org.keycloak.representations.idm.ProtocolMapperRepresentation.consentRequired
org.keycloak.representations.idm.ProtocolMapperRepresentation.consentText
org.keycloak.representations.idm.RealmRepresentation.applications
org.keycloak.representations.idm.RealmRepresentation.applicationScopeMappings
org.keycloak.representations.idm.RealmRepresentation.certificate
org.keycloak.representations.idm.RealmRepresentation.clientTemplates
org.keycloak.representations.idm.RealmRepresentation.codeSecret
org.keycloak.representations.idm.RealmRepresentation.defaultRoles
org.keycloak.representations.idm.RealmRepresentation.oauthClients
org.keycloak.representations.idm.RealmRepresentation.passwordCredentialGrantAllowed
org.keycloak.representations.idm.RealmRepresentation.privateKey
org.keycloak.representations.idm.RealmRepresentation.publicKey
org.keycloak.representations.idm.RealmRepresentation.realmCacheEnabled
org.keycloak.representations.idm.RealmRepresentation.requiredCredentials
org.keycloak.representations.idm.RealmRepresentation.social
org.keycloak.representations.idm.RealmRepresentation.socialProviders
org.keycloak.representations.idm.RealmRepresentation.updateProfileOnInitialSocialLogin
org.keycloak.representations.idm.RealmRepresentation.userCacheEnabled
org.keycloak.representations.idm.RoleRepresentation.Composites.application
org.keycloak.representations.idm.RoleRepresentation.scopeParamRequired
org.keycloak.representations.idm.RolesRepresentation.application
org.keycloak.representations.idm.ScopeMappingRepresentation.clientTemplate
org.keycloak.representations.idm.UserConsentRepresentation.grantedRealmRoles
org.keycloak.representations.idm.UserRepresentation.applicationRoles
org.keycloak.representations.idm.UserRepresentation.socialLinks
org.keycloak.social.github.GitHubIdentityProvider.AUTH_URL	Use GitHubIdentityProvider.DEFAULT_AUTH_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.EMAIL_URL	Use GitHubIdentityProvider.DEFAULT_EMAIL_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.PROFILE_URL	Use GitHubIdentityProvider.DEFAULT_PROFILE_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.TOKEN_URL	Use GitHubIdentityProvider.DEFAULT_TOKEN_URL instead.
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.salt

Deprecated Methods

Method	Description
org.keycloak.admin.client.resource.RealmLocalizationResource.getRealmLocalizationTexts(String, Boolean)	use RealmLocalizationResource.getRealmLocalizationTexts(String), in order to retrieve localization texts without fallbacks. If you need fallbacks, call the endpoint multiple time with all the relevant locales (e.g. "de" in case of "de-CH") - the realm default locale is NOT the only fallback to be considered.
org.keycloak.admin.client.resource.RealmResource.testLDAPConnection(String, String, String, String, String, String)
org.keycloak.admin.client.resource.RealmResource.testSMTPConnection(String)
org.keycloak.admin.client.resource.RoleResource.getRoleUserMembers()	please use RoleResource.getUserMembers()
org.keycloak.admin.client.resource.RoleResource.getRoleUserMembers(Integer, Integer)	please use RoleResource.getUserMembers(Integer, Integer)
org.keycloak.admin.client.resource.UserResource.resetPasswordEmail()
org.keycloak.admin.client.resource.UserResource.resetPasswordEmail(String)
org.keycloak.authentication.requiredactions.util.UpdateProfileContext.getAttribute(String)	Use getAttributeStream instead.
org.keycloak.authorization.client.resource.PermissionResource.forResource(PermissionRequest)	use PermissionResource.create(PermissionRequest)
org.keycloak.broker.provider.BrokeredIdentityContext.setName(String)	use BrokeredIdentityContext.setFirstName(String) and BrokeredIdentityContext.setLastName(String) instead
org.keycloak.broker.saml.SAMLIdentityProviderConfig.getSigningCertificate()	Prefer SAMLIdentityProviderConfig.getSigningCertificates()}
org.keycloak.broker.saml.SAMLIdentityProviderConfig.setSigningCertificate(String)	Prefer SAMLIdentityProviderConfig.addSigningCertificate(String)}
org.keycloak.common.util.ServerCookie.checkName(String)	- Not used
org.keycloak.common.util.ServerCookie.maybeQuote(int, StringBuffer, String)	- Not used
org.keycloak.common.util.StreamUtil.readString(InputStream)	Use StreamUtil.readString(java.io.InputStream, java.nio.charset.Charset) variant.
org.keycloak.component.AmphibianProviderFactory.create(KeycloakSession, ComponentModel)
org.keycloak.cookie.CookieType.getSameSiteLegacyName()
org.keycloak.cookie.CookieType.supportsSameSiteLegacy()
org.keycloak.credential.CredentialModel.getAlgorithm()	Recommended to use PasswordCredentialModel.getPasswordCredentialData().getAlgorithm() or OTPCredentialModel.getOTPCredentialData().getAlgorithm()
org.keycloak.credential.CredentialModel.getConfig()	Recommended to use CredentialModel.getCredentialData() instead and use the subtype of CredentialData specific to your credential
org.keycloak.credential.CredentialModel.getCounter()	Recommended to use OTPCredentialModel.getOTPCredentialData().getCounter()
org.keycloak.credential.CredentialModel.getDevice()	Recommended to use OTPCredentialModel.getOTPCredentialData().getDevice()
org.keycloak.credential.CredentialModel.getDigits()	Recommended to use OTPCredentialModel.getOTPCredentialData().getDigits()
org.keycloak.credential.CredentialModel.getHashIterations()	Recommended to use PasswordCredentialModel.getPasswordCredentialData().getHashIterations()
org.keycloak.credential.CredentialModel.getPeriod()	Recommended to use OTPCredentialModel.getOTPCredentialData().getPeriod()
org.keycloak.credential.CredentialModel.getSalt()	Recommended to use PasswordCredentialModel.getPasswordSecretData().getSalt()
org.keycloak.credential.CredentialModel.getValue()	Recommended to use PasswordCredentialModel.getPasswordSecretData().getValue() or OTPCredentialModel.getOTPSecretData().getValue()
org.keycloak.credential.CredentialModel.setAlgorithm(String)	See CredentialModel.getAlgorithm()
org.keycloak.credential.CredentialModel.setConfig(MultivaluedHashMap<String, String>)	Recommended to use CredentialModel.setCredentialData(String) instead and use the subtype of CredentialData specific to your credential
org.keycloak.credential.CredentialModel.setCounter(int)	See CredentialModel.getCounter()
org.keycloak.credential.CredentialModel.setDevice(String)	See CredentialModel.getDevice()
org.keycloak.credential.CredentialModel.setDigits(int)	See CredentialModel.setDigits(int)
org.keycloak.credential.CredentialModel.setHashIterations(int)	See CredentialModel.getHashIterations()
org.keycloak.credential.CredentialModel.setPeriod(int)	See CredentialModel.setPeriod(int)
org.keycloak.credential.CredentialModel.setSalt(byte[])	See CredentialModel.getSalt()
org.keycloak.credential.CredentialModel.setValue(String)	See CredentialModel.getValue()
org.keycloak.credential.hash.PasswordHashProvider.encode(String, int, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.encodedCredential(String, int)}
org.keycloak.credential.hash.PasswordHashProvider.policyCheck(PasswordPolicy, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.policyCheck(PasswordPolicy, PasswordCredentialModel)
org.keycloak.credential.hash.PasswordHashProvider.verify(String, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.verify(String, PasswordCredentialModel)
org.keycloak.dom.saml.v2.metadata.ExtensionsType.getElement()
org.keycloak.dom.saml.v2.metadata.ExtensionsType.setElement(Element)
org.keycloak.events.EventStoreProvider.clear()	Unused method. Currently, used only in the testsuite
org.keycloak.events.EventStoreProvider.clearAdmin()	Unused method. Currently, used only in the testsuite
org.keycloak.events.EventStoreProvider.clearExpiredEvents()	This method is problem from the performance perspective. Some storages can provide better way for doing this (e.g. entry lifespan in the Infinispan server, etc.). We need to leave solving event expiration to each storage provider separately using expiration field on entity level.
org.keycloak.http.HttpResponse.setCookieIfAbsent(HttpCookie)	This method will be removed in the future. Please use NewCookie.Builder
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac256(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac256(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac384(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac384(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac512(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac512(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa256(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa384(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa512(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.sign(Algorithm, PrivateKey)
org.keycloak.keys.DefaultKeyManager.getActiveAesKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getActiveHmacKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getActiveRsaKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getAesSecretKey(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getHmacSecretKey(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getRsaCertificate(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getRsaKeys(RealmModel)
org.keycloak.keys.DefaultKeyManager.getRsaPublicKey(RealmModel, String)
org.keycloak.migration.MigrationModel.getResourcesTag()
org.keycloak.models.ClientModel.updateClient()	Do not use, to be removed
org.keycloak.models.ClientProvider.getAllRedirectUrisOfEnabledClients(RealmModel)	Do not use, this is only to support a deprecated logout endpoint and will vanish with it's removal
org.keycloak.models.IdentityProviderModel.isAuthenticateByDefault()
org.keycloak.models.IdentityProviderModel.setAuthenticateByDefault(boolean)
org.keycloak.models.jpa.entities.CredentialEntity.getSalt()
org.keycloak.models.jpa.entities.CredentialEntity.setSalt(byte[])
org.keycloak.models.jpa.MigrationModelAdapter.getResourcesTag()
org.keycloak.models.KeycloakSession.getProvider(Class<T>, ComponentModel)	Deprecated in favor of {@link #getComponentProvider)
org.keycloak.models.KeyManager.getActiveAesKey(RealmModel)
org.keycloak.models.KeyManager.getActiveHmacKey(RealmModel)
org.keycloak.models.KeyManager.getActiveRsaKey(RealmModel)
org.keycloak.models.KeyManager.getAesKeys(RealmModel)
org.keycloak.models.KeyManager.getAesSecretKey(RealmModel, String)
org.keycloak.models.KeyManager.getHmacKeys(RealmModel)
org.keycloak.models.KeyManager.getHmacSecretKey(RealmModel, String)
org.keycloak.models.KeyManager.getRsaCertificate(RealmModel, String)
org.keycloak.models.KeyManager.getRsaKeys(RealmModel)
org.keycloak.models.KeyManager.getRsaPublicKey(RealmModel, String)
org.keycloak.models.RealmModel.getTopLevelGroupsStream()
org.keycloak.models.RealmModel.getTopLevelGroupsStream(Integer, Integer)
org.keycloak.models.session.PersistentUserSessionAdapter.PersistentUserSessionData.getStarted()
org.keycloak.models.session.PersistentUserSessionAdapter.PersistentUserSessionData.setStarted(int)
org.keycloak.models.StorageProviderRealmModel.getClientStorageProviders()	Use getClientStorageProvidersStream instead.
org.keycloak.models.StorageProviderRealmModel.getRoleStorageProviders()	Use getRoleStorageProvidersStream instead.
org.keycloak.models.StorageProviderRealmModel.getUserStorageProviders()	Use getUserStorageProvidersStream instead.
org.keycloak.models.SubjectCredentialManager.createCredentialThroughProvider(CredentialModel)
org.keycloak.models.SubjectCredentialManager.getConfiguredUserStorageCredentialTypesStream()
org.keycloak.models.SubjectCredentialManager.isConfiguredLocally(String)
org.keycloak.models.UserCredentialModel.isOtp(String)
org.keycloak.models.UserCredentialModel.passwordToken(String)
org.keycloak.models.UserSessionProvider.createUserSession(RealmModel, UserModel, String, String, String, boolean, String, String)	Use UserSessionProvider.createUserSession(String, RealmModel, UserModel, String, String, String, boolean, String, String, UserSessionModel.SessionPersistenceState) instead.
org.keycloak.models.UserSessionProvider.getClientSession(UserSessionModel, ClientModel, UUID, boolean)	Use UserSessionProvider.getClientSession(UserSessionModel, ClientModel, String, boolean) instead.
org.keycloak.models.UserSessionProvider.getOfflineUserSessionByBrokerSessionId(RealmModel, String)	Instead of this method, use UserSessionProvider.getOfflineUserSessionByBrokerUserIdStream(RealmModel, String) to first get the sessions of a user, and then filter by the broker session ID as needed.
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean, String)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean, String, Boolean)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(KeycloakSession, RealmModel, boolean)
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim(IDToken, ProtocolMapperModel, UserSessionModel)	override AbstractOIDCProtocolMapper.setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession, ClientSessionContext) instead.
org.keycloak.protocol.oidc.utils.RedirectUtils.verifyRealmRedirectUri(KeycloakSession, String)
org.keycloak.protocol.saml.profile.util.Soap.SoapMessageBuilder.call(String)	Use Soap.SoapMessageBuilder.call(String,KeycloakSession) to use SimpleHttp configuration
org.keycloak.provider.EnvironmentDependentProviderFactory.isSupported()	Prefer overriding/using the EnvironmentDependentProviderFactory.isSupported(Config.Scope) method.
org.keycloak.representations.idm.AbstractAuthenticationExecutionRepresentation.isAutheticatorFlow()
org.keycloak.representations.idm.AbstractAuthenticationExecutionRepresentation.setAutheticatorFlow(boolean)
org.keycloak.representations.idm.authorization.ResourceRepresentation.getUri()
org.keycloak.representations.idm.authorization.ResourceRepresentation.setUri(String)
org.keycloak.representations.idm.ClientRepresentation.getClientTemplate()
org.keycloak.representations.idm.ClientRepresentation.getDefaultRoles()
org.keycloak.representations.idm.ClientRepresentation.isDirectGrantsOnly()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateConfig()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateMappers()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateScope()
org.keycloak.representations.idm.ClientRepresentation.setDefaultRoles(String[])
org.keycloak.representations.idm.CredentialRepresentation.getAlgorithm()
org.keycloak.representations.idm.CredentialRepresentation.getConfig()
org.keycloak.representations.idm.CredentialRepresentation.getCounter()
org.keycloak.representations.idm.CredentialRepresentation.getDevice()
org.keycloak.representations.idm.CredentialRepresentation.getDigits()
org.keycloak.representations.idm.CredentialRepresentation.getHashedSaltedValue()
org.keycloak.representations.idm.CredentialRepresentation.getHashIterations()
org.keycloak.representations.idm.CredentialRepresentation.getPeriod()
org.keycloak.representations.idm.CredentialRepresentation.getSalt()
org.keycloak.representations.idm.IdentityProviderRepresentation.getUpdateProfileFirstLoginMode()	deprecated and replaced by configuration on IdpReviewProfileAuthenticator
org.keycloak.representations.idm.IdentityProviderRepresentation.isAuthenticateByDefault()	Replaced by configuration option in identity provider authenticator
org.keycloak.representations.idm.IdentityProviderRepresentation.setAuthenticateByDefault(boolean)
org.keycloak.representations.idm.IdentityProviderRepresentation.setUpdateProfileFirstLogin(boolean)	IdentityProviderRepresentation.setUpdateProfileFirstLoginMode(String)
org.keycloak.representations.idm.IdentityProviderRepresentation.setUpdateProfileFirstLoginMode(String)	deprecated and replaced by configuration on IdpReviewProfileAuthenticator
org.keycloak.representations.idm.ProtocolMapperRepresentation.getConsentText()
org.keycloak.representations.idm.ProtocolMapperRepresentation.isConsentRequired()
org.keycloak.representations.idm.RealmRepresentation.getApplicationScopeMappings()
org.keycloak.representations.idm.RealmRepresentation.getClientTemplates()
org.keycloak.representations.idm.RealmRepresentation.getDefaultRoles()
org.keycloak.representations.idm.RealmRepresentation.getOauthClients()
org.keycloak.representations.idm.RealmRepresentation.getRequiredCredentials()
org.keycloak.representations.idm.RealmRepresentation.getSocialProviders()
org.keycloak.representations.idm.RealmRepresentation.isSocial()
org.keycloak.representations.idm.RealmRepresentation.isUpdateProfileOnInitialSocialLogin()
org.keycloak.representations.idm.RealmRepresentation.setDefaultRoles(List<String>)
org.keycloak.representations.idm.RealmRepresentation.setRequiredCredentials(Set<String>)
org.keycloak.representations.idm.RoleRepresentation.Composites.getApplication()
org.keycloak.representations.idm.RoleRepresentation.isScopeParamRequired()
org.keycloak.representations.idm.RolesRepresentation.getApplication()
org.keycloak.representations.idm.ScopeMappingRepresentation.getClientTemplate()
org.keycloak.representations.idm.UserConsentRepresentation.getGrantedRealmRoles()
org.keycloak.representations.idm.UserRepresentation.getApplicationRoles()
org.keycloak.representations.idm.UserRepresentation.isTotp()
org.keycloak.representations.idm.UserRepresentation.setTotp(Boolean)
org.keycloak.representations.IDToken.getAuthTime()	int will overflow with values after 2038. Use IDToken.getAuth_time() instead.
org.keycloak.representations.IDToken.setAuthTime(int)	int will overflow with values after 2038. Use IDToken.setAuth_time(Long) ()} instead.
org.keycloak.representations.JsonWebToken.expiration(int)	int will overflow with values after 2038. Use JsonWebToken.exp(Long) instead.
org.keycloak.representations.JsonWebToken.getExpiration()	int will overflow with values after 2038. Use JsonWebToken.getExp() instead.
org.keycloak.representations.JsonWebToken.getIssuedAt()	int will overflow with values after 2038. Use JsonWebToken.getIat() instead.
org.keycloak.representations.JsonWebToken.getNotBefore()	int will overflow with values after 2038. Use JsonWebToken.getNbf() instead.
org.keycloak.representations.JsonWebToken.issuedAt(int)	int will overflow with values after 2038. Use JsonWebToken.iat(Long) ()} instead.
org.keycloak.representations.JsonWebToken.notBefore(int)	int will overflow with values after 2038. Use JsonWebToken.nbf(Long) instead.
org.keycloak.saml.common.util.StaxParserUtil.getAttributeValue(StartElement, String)
org.keycloak.saml.common.util.StaxParserUtil.getBooleanAttributeValue(StartElement, String)
org.keycloak.saml.common.util.StaxParserUtil.getBooleanAttributeValue(StartElement, String, boolean)
org.keycloak.saml.common.util.StaxParserUtil.validate(StartElement, String)
org.keycloak.saml.SAML2LogoutRequestBuilder.userPrincipal(String, String)	Prefer SAML2LogoutRequestBuilder.nameId(org.keycloak.dom.saml.v2.assertion.NameIDType)
org.keycloak.services.DefaultKeycloakContext.getRequestHeaders()	Use DefaultKeycloakContext.getHttpRequest() to obtain the request headers.
org.keycloak.services.managers.UserSessionManager.findOfflineSessions(RealmModel, UserModel)
org.keycloak.services.resources.account.AccountCredentialResource.removeCredential(String)	It is recommended to delete credentials with the use of "delete_credential" kc_action. Action can be used for instance by adding parameter like "kc_action=delete_credential:123" to the login URL where 123 is ID of the credential to delete.
org.keycloak.services.resources.account.LinkedAccountsResource.buildLinkedAccountURI(String, String)
org.keycloak.services.resources.account.PasswordUtil.isConfigured(KeycloakSession, RealmModel, UserModel)	Instead, use PasswordUtil.isConfigured()
org.keycloak.services.resources.admin.AuthenticationManagementResource.createAuthenticatorConfig(AuthenticatorConfigRepresentation)	Use AuthenticationManagementResource.newExecutionConfig(String, AuthenticatorConfigRepresentation) instead
org.keycloak.services.resources.admin.AuthenticationManagementResource.getAuthenticatorConfig(String, String)	Use rather AuthenticationManagementResource.getAuthenticatorConfig(String)
org.keycloak.services.resources.admin.RealmAdminResource.getClientTemplates()
org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(String)
org.keycloak.services.resources.admin.ScopeMappedResource.getScopeMappings()	the method is not used neither from admin console or from admin client. It may be removed in future releases.
org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(String, String, String, String, String, String, String, String)
org.keycloak.services.resources.admin.UserResource.resetPasswordEmail(String, String)
org.keycloak.sessions.AuthenticationSessionProvider.removeAllExpired()	manual removal of expired entities should not be used anymore. It is responsibility of the store implementation to handle expirable entities
org.keycloak.sessions.AuthenticationSessionProvider.removeExpired(RealmModel)	manual removal of expired entities should not be used anymore. It is responsibility of the store implementation to handle expirable entities
org.keycloak.storage.adapter.AbstractUserAdapter.getAttribute(String)	Use AbstractUserAdapter.getAttributeStream(String) instead
org.keycloak.storage.adapter.AbstractUserAdapter.getClientRoleMappings(ClientModel)	Use AbstractUserAdapter.getClientRoleMappingsStream(ClientModel) instead
org.keycloak.storage.adapter.AbstractUserAdapter.getGroups()	Use AbstractUserAdapter.getGroupsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapter.getRealmRoleMappings()	Use AbstractUserAdapter.getRealmRoleMappingsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapter.getRequiredActions()	User AbstractUserAdapter.getRequiredActionsStream()
org.keycloak.storage.adapter.AbstractUserAdapter.getRoleMappings()	Use AbstractUserAdapter.getRoleMappingsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage.getFederatedRoleMappings()	Use AbstractUserAdapterFederatedStorage.getFederatedRoleMappingsStream() instead
org.keycloak.storage.group.GroupLookupProvider.searchForGroupByNameStream(RealmModel, String, Integer, Integer)	Use GroupLookupProvider.searchForGroupByNameStream(RealmModel, String, Boolean, Integer, Integer) instead.
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.getSalt()
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.setSalt(byte[])
org.keycloak.storage.StorageId.isLocalStorage(ClientModel)	Use StorageId.isLocalStorage(String) instead.
org.keycloak.storage.StorageId.isLocalStorage(UserModel)	Use StorageId.isLocalStorage(String) instead.
org.keycloak.storage.StorageId.resolveProviderId(ClientModel)	Use StorageId.providerId(String) instead.
org.keycloak.storage.StorageId.resolveProviderId(UserModel)	Use StorageId.providerId(String) instead.
org.keycloak.storage.user.UserCountMethodsProvider.getUsersCount(RealmModel, String)	Use UserCountMethodsProvider.getUsersCount(RealmModel, Map) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserCountMethodsProvider.getUsersCount(RealmModel, String, Set<String>)	Use UserCountMethodsProvider.getUsersCount(RealmModel, Map, Set) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserQueryMethodsProvider.searchForUserStream(RealmModel, String)	Use UserQueryMethodsProvider.searchForUserStream(RealmModel, Map) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserQueryMethodsProvider.searchForUserStream(RealmModel, String, Integer, Integer)	Use UserQueryMethodsProvider.searchForUserStream(RealmModel, Map, Integer, Integer) with an params map containing UserModel.SEARCH instead.
org.keycloak.TokenVerifier.checkActive(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.checkRealmUrl(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.checkTokenType(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.realmUrl(String)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.util.JWKSUtils.getKeysForUse(JSONWebKeySet, JWK.Use)	Use JWKSUtils.getKeyWrappersForUse(JSONWebKeySet, JWK.Use)

Deprecated Constructors

Constructor	Description
org.keycloak.authentication.requiredactions.UpdatePassword()	use UpdatePassword(KeycloakSession) instead
org.keycloak.services.resources.account.PasswordUtil(KeycloakSession, UserModel)

Deprecated Enum Constants

Enum Constant	Description
org.keycloak.common.Profile.Feature.ACCOUNT2
org.keycloak.common.Profile.Feature.LINKEDIN_OAUTH
org.keycloak.cookie.CookieScope.LEGACY
org.keycloak.cookie.CookieScope.LEGACY_JS
org.keycloak.events.EventType.VALIDATE_ACCESS_TOKEN	see KEYCLOAK-2266
org.keycloak.events.EventType.VALIDATE_ACCESS_TOKEN_ERROR
org.keycloak.saml.common.constants.JBossSAMLConstants.EXTENSIONS	Use namespace-aware variant instead
org.keycloak.saml.common.constants.JBossSAMLConstants.RESPONSE	Use namespace-aware variant instead