Deprecated API

Contents

• Terminally Deprecated
• Interfaces
• Classes
• Enum Classes
• Fields
• Methods
• Constructors
• Enum Constants

Terminally Deprecated Elements

Element	Description
org.keycloak.models.KeycloakContext.getContextObject(Class<T>)
org.keycloak.models.sessions.infinispan.stream.Mappers.toStream(Collection<T>)
org.keycloak.models.UserSessionProvider.importUserSessions(Collection<UserSessionModel>, boolean)	Deprecated as offline session preloading was removed in KC25. This method will be removed in KC27.
org.keycloak.services.managers.UserSessionCrossDCManager	To be removed without replacement. Check the methods documentation for alternatives.
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionIfExistsRemotely(AuthenticationSessionManager, RealmModel)	To be removed in Keycloak 27+. Use AuthenticationSessionManager.getUserSessionFromAuthenticationCookie(RealmModel)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithClient(RealmModel, String, boolean, String)	To be removed in Keycloak 27+. Use UserSessionProvider.getUserSessionIfClientExists(RealmModel, String, boolean, String)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithClient(RealmModel, String, String)	To be removed in Keycloak 27+. Use UserSessionProvider.getUserSessionIfClientExists(RealmModel, String, boolean, String)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithImpersonatorClient(RealmModel, String, boolean, String)	To be removed in Keycloak 27+. Use UserSessionUtil.getUserSessionWithImpersonatorClient(KeycloakSession, RealmModel, String, boolean, String)

Deprecated Interfaces

Interface	Description
org.keycloak.storage.federated.UserAttributeFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserBrokerLinkFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserConsentFederatedStorage.Streams	This interface is no longer necessary, collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserFederatedStorageProvider.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserFederatedUserCredentialStore.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserGroupMembershipFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserRequiredActionsFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.federated.UserRoleMappingsFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly

Deprecated Classes

Class	Description
org.keycloak.common.util.HttpPostRedirect	Class is deprecated and may be removed in the future. Use org.keycloak.saml.BaseSAML2BindingBuilder#buildHtml instead
org.keycloak.common.util.reflections.SetAccessiblePrivilegedAction	for removal in Keycloak 27
org.keycloak.common.util.reflections.UnSetAccessiblePrivilegedAction	for removal in Keycloak 27
org.keycloak.common.util.Resteasy	use org.keycloak.util.KeycloakSessionUtil instead
org.keycloak.credential.hash.Pbkdf2PasswordHashProviderFactory	The PBKDF2 provider with SHA1 and the recommended number of 1.300.000 iterations is known to be very slow. We recommend to use the PBKDF2 variants with SHA256 or SHA512 instead.
org.keycloak.models.credential.PasswordUserCredentialModel	Recommended to use UserCredentialModel as it contains all the functionality required by this class
org.keycloak.representations.idm.ApplicationRepresentation
org.keycloak.representations.idm.ClientTemplateRepresentation
org.keycloak.representations.idm.OAuthClientRepresentation
org.keycloak.RSATokenVerifier
org.keycloak.services.managers.RealmManagerProviderFactory
org.keycloak.services.managers.RealmManagerSpi
org.keycloak.services.managers.UserSessionCrossDCManager	To be removed without replacement. Check the methods documentation for alternatives.
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage.Streams	This interface is no longer necessary; collection-based methods were removed from the parent interface and therefore the parent interface can be used directly
org.keycloak.storage.ImportRealmFromRepresentationEvent
org.keycloak.storage.PartialImportRealmFromRepresentationEvent
org.keycloak.utils.ServicesUtils	- DELETE once only used from within legacy datastore module

Deprecated Enum Classes

Enum Class	Description
org.keycloak.jose.jws.Algorithm

Deprecated Fields

Field	Description
org.keycloak.authentication.authenticators.conditional.ConditionalLoaAuthenticator.STORE_IN_USER_SESSION
org.keycloak.broker.saml.SAMLEndpoint.SAML_FEDERATED_SUBJECT
org.keycloak.broker.saml.SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEFORMAT
org.keycloak.credential.CredentialModel.HOTP
org.keycloak.credential.CredentialModel.OTP
org.keycloak.credential.CredentialModel.PASSWORD
org.keycloak.credential.CredentialModel.PASSWORD_HISTORY
org.keycloak.credential.CredentialModel.PASSWORD_TOKEN
org.keycloak.credential.CredentialModel.TOTP
org.keycloak.models.BrowserSecurityHeaders.realmDefaultHeaders
org.keycloak.models.IdentityProviderModel.LEGACY_HIDE_ON_LOGIN_ATTR
org.keycloak.models.jpa.entities.CredentialEntity.salt
org.keycloak.models.LDAPConstants.USE_TRUSTSTORE_LDAPS_ONLY	Use LDAPConstants.USE_TRUSTSTORE_ALWAYS instead.
org.keycloak.models.UserCredentialModel.HOTP
org.keycloak.models.UserCredentialModel.PASSWORD
org.keycloak.models.UserCredentialModel.PASSWORD_HISTORY
org.keycloak.models.UserCredentialModel.PASSWORD_TOKEN
org.keycloak.models.UserCredentialModel.TOTP
org.keycloak.protocol.RestartLoginCookie.cs
org.keycloak.representations.idm.ApplicationRepresentation.claims
org.keycloak.representations.idm.ClientRepresentation.clientTemplate
org.keycloak.representations.idm.ClientRepresentation.defaultRoles
org.keycloak.representations.idm.ClientRepresentation.directGrantsOnly
org.keycloak.representations.idm.CredentialRepresentation.counter
org.keycloak.representations.idm.CredentialRepresentation.device
org.keycloak.representations.idm.CredentialRepresentation.hashedSaltedValue
org.keycloak.representations.idm.CredentialRepresentation.hashIterations
org.keycloak.representations.idm.CredentialRepresentation.salt
org.keycloak.representations.idm.IdentityProviderRepresentation.updateProfileFirstLoginMode
org.keycloak.representations.idm.ProtocolMapperRepresentation.consentRequired
org.keycloak.representations.idm.ProtocolMapperRepresentation.consentText
org.keycloak.representations.idm.RealmRepresentation.applications
org.keycloak.representations.idm.RealmRepresentation.applicationScopeMappings
org.keycloak.representations.idm.RealmRepresentation.certificate
org.keycloak.representations.idm.RealmRepresentation.clientTemplates
org.keycloak.representations.idm.RealmRepresentation.codeSecret
org.keycloak.representations.idm.RealmRepresentation.defaultRoles
org.keycloak.representations.idm.RealmRepresentation.oauthClients
org.keycloak.representations.idm.RealmRepresentation.passwordCredentialGrantAllowed
org.keycloak.representations.idm.RealmRepresentation.privateKey
org.keycloak.representations.idm.RealmRepresentation.publicKey
org.keycloak.representations.idm.RealmRepresentation.realmCacheEnabled
org.keycloak.representations.idm.RealmRepresentation.requiredCredentials
org.keycloak.representations.idm.RealmRepresentation.social
org.keycloak.representations.idm.RealmRepresentation.socialProviders
org.keycloak.representations.idm.RealmRepresentation.updateProfileOnInitialSocialLogin
org.keycloak.representations.idm.RealmRepresentation.userCacheEnabled
org.keycloak.representations.idm.RoleRepresentation.Composites.application
org.keycloak.representations.idm.RoleRepresentation.scopeParamRequired
org.keycloak.representations.idm.RolesRepresentation.application
org.keycloak.representations.idm.ScopeMappingRepresentation.clientTemplate
org.keycloak.representations.idm.UserConsentRepresentation.grantedRealmRoles
org.keycloak.representations.idm.UserRepresentation.applicationRoles
org.keycloak.representations.idm.UserRepresentation.socialLinks
org.keycloak.social.github.GitHubIdentityProvider.AUTH_URL	Use GitHubIdentityProvider.DEFAULT_AUTH_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.EMAIL_URL	Use GitHubIdentityProvider.DEFAULT_EMAIL_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.PROFILE_URL	Use GitHubIdentityProvider.DEFAULT_PROFILE_URL instead.
org.keycloak.social.github.GitHubIdentityProvider.TOKEN_URL	Use GitHubIdentityProvider.DEFAULT_TOKEN_URL instead.
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.salt

Deprecated Methods

Method	Description
org.keycloak.admin.client.resource.RealmLocalizationResource.getRealmLocalizationTexts(String, Boolean)	use RealmLocalizationResource.getRealmLocalizationTexts(String), in order to retrieve localization texts without fallbacks. If you need fallbacks, call the endpoint multiple time with all the relevant locales (e.g. "de" in case of "de-CH") - the realm default locale is NOT the only fallback to be considered.
org.keycloak.admin.client.resource.RealmResource.testLDAPConnection(String, String, String, String, String, String)
org.keycloak.admin.client.resource.RealmResource.testSMTPConnection(String)
org.keycloak.admin.client.resource.RoleResource.getRoleUserMembers()	please use RoleResource.getUserMembers()
org.keycloak.admin.client.resource.RoleResource.getRoleUserMembers(Integer, Integer)	please use RoleResource.getUserMembers(Integer, Integer)
org.keycloak.admin.client.resource.UserResource.resetPasswordEmail()
org.keycloak.admin.client.resource.UserResource.resetPasswordEmail(String)
org.keycloak.authentication.requiredactions.util.UpdateProfileContext.getAttribute(String)	Use getAttributeStream instead.
org.keycloak.authentication.requiredactions.WebAuthnRegister.getOriginalEventTypeForBackwardsCompatibility(RequiredActionContext)	For compatibility sake as long as we use @link EventType.UPDATE_PASSWORD , EventType.UPDATE_TOTP a.s.o.
org.keycloak.authorization.client.resource.PermissionResource.forResource(PermissionRequest)	use PermissionResource.create(PermissionRequest)
org.keycloak.broker.provider.BrokeredIdentityContext.setName(String)	use BrokeredIdentityContext.setFirstName(String) and BrokeredIdentityContext.setLastName(String) instead
org.keycloak.broker.saml.SAMLIdentityProviderConfig.getSigningCertificate()	Prefer SAMLIdentityProviderConfig.getSigningCertificates()}
org.keycloak.broker.saml.SAMLIdentityProviderConfig.setSigningCertificate(String)	Prefer SAMLIdentityProviderConfig.addSigningCertificate(String)}
org.keycloak.common.util.reflections.Reflections.newInstance(Class<?>, String)	for removal in Keycloak 27
org.keycloak.common.util.reflections.Reflections.newInstance(Class<T>)	for removal in Keycloak 27
org.keycloak.common.util.Resteasy.pushDefaultContextObject(Class, Object)
org.keycloak.common.util.StreamUtil.readString(InputStream)	Use StreamUtil.readString(java.io.InputStream, java.nio.charset.Charset) variant.
org.keycloak.component.AmphibianProviderFactory.create(KeycloakSession, ComponentModel)
org.keycloak.connections.httpclient.HttpClientProvider.get(String)	For String content, use HttpClientProvider.getString(String), for binary data use HttpClientProvider.getInputStream(String). To be removed in Keycloak 27.
org.keycloak.credential.CredentialModel.getAlgorithm()	Recommended to use PasswordCredentialModel.getPasswordCredentialData().getAlgorithm() or OTPCredentialModel.getOTPCredentialData().getAlgorithm()
org.keycloak.credential.CredentialModel.getConfig()	Recommended to use CredentialModel.getCredentialData() instead and use the subtype of CredentialData specific to your credential
org.keycloak.credential.CredentialModel.getCounter()	Recommended to use OTPCredentialModel.getOTPCredentialData().getCounter()
org.keycloak.credential.CredentialModel.getDevice()	Recommended to use OTPCredentialModel.getOTPCredentialData().getDevice()
org.keycloak.credential.CredentialModel.getDigits()	Recommended to use OTPCredentialModel.getOTPCredentialData().getDigits()
org.keycloak.credential.CredentialModel.getHashIterations()	Recommended to use PasswordCredentialModel.getPasswordCredentialData().getHashIterations()
org.keycloak.credential.CredentialModel.getPeriod()	Recommended to use OTPCredentialModel.getOTPCredentialData().getPeriod()
org.keycloak.credential.CredentialModel.getSalt()	Recommended to use PasswordCredentialModel.getPasswordSecretData().getSalt()
org.keycloak.credential.CredentialModel.getValue()	Recommended to use PasswordCredentialModel.getPasswordSecretData().getValue() or OTPCredentialModel.getOTPSecretData().getValue()
org.keycloak.credential.CredentialModel.setAlgorithm(String)	See CredentialModel.getAlgorithm()
org.keycloak.credential.CredentialModel.setConfig(MultivaluedHashMap<String, String>)	Recommended to use CredentialModel.setCredentialData(String) instead and use the subtype of CredentialData specific to your credential
org.keycloak.credential.CredentialModel.setCounter(int)	See CredentialModel.getCounter()
org.keycloak.credential.CredentialModel.setDevice(String)	See CredentialModel.getDevice()
org.keycloak.credential.CredentialModel.setDigits(int)	See CredentialModel.setDigits(int)
org.keycloak.credential.CredentialModel.setHashIterations(int)	See CredentialModel.getHashIterations()
org.keycloak.credential.CredentialModel.setPeriod(int)	See CredentialModel.setPeriod(int)
org.keycloak.credential.CredentialModel.setSalt(byte[])	See CredentialModel.getSalt()
org.keycloak.credential.CredentialModel.setValue(String)	See CredentialModel.getValue()
org.keycloak.credential.hash.PasswordHashProvider.encode(String, int)
org.keycloak.credential.hash.PasswordHashProvider.encode(String, int, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.encodedCredential(String, int)}
org.keycloak.credential.hash.PasswordHashProvider.policyCheck(PasswordPolicy, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.policyCheck(PasswordPolicy, PasswordCredentialModel)
org.keycloak.credential.hash.PasswordHashProvider.verify(String, CredentialModel)	Exists due the backwards compatibility. It is recommended to use PasswordHashProvider.verify(String, PasswordCredentialModel)
org.keycloak.dom.saml.v2.metadata.ExtensionsType.getElement()
org.keycloak.dom.saml.v2.metadata.ExtensionsType.setElement(Element)
org.keycloak.events.EventStoreProvider.clear()	Unused method. Currently, used only in the testsuite
org.keycloak.events.EventStoreProvider.clearAdmin()	Unused method. Currently, used only in the testsuite
org.keycloak.events.EventStoreProvider.clearExpiredEvents()	This method is problem from the performance perspective. Some storages can provide better way for doing this (e.g. entry lifespan in the Infinispan server, etc.). We need to leave solving event expiration to each storage provider separately using expiration field on entity level.
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac256(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac256(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac384(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac384(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac512(byte[])
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.hmac512(SecretKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa256(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa384(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.rsa512(PrivateKey)
org.keycloak.jose.jws.JWSBuilder.EncodingBuilder.sign(Algorithm, PrivateKey)
org.keycloak.keys.DefaultKeyManager.getActiveAesKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getActiveHmacKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getActiveRsaKey(RealmModel)
org.keycloak.keys.DefaultKeyManager.getAesSecretKey(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getHmacSecretKey(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getRsaCertificate(RealmModel, String)
org.keycloak.keys.DefaultKeyManager.getRsaKeys(RealmModel)
org.keycloak.keys.DefaultKeyManager.getRsaPublicKey(RealmModel, String)
org.keycloak.migration.MigrationModel.getResourcesTag()
org.keycloak.models.AuthenticatedClientSessionModel.getCurrentRefreshToken()	use AuthenticatedClientSessionModel.getRefreshToken(String)
org.keycloak.models.AuthenticatedClientSessionModel.getCurrentRefreshTokenUseCount()	use AuthenticatedClientSessionModel.getRefreshTokenUseCount(String)
org.keycloak.models.AuthenticatedClientSessionModel.setCurrentRefreshToken(String)	use AuthenticatedClientSessionModel.setRefreshToken(String, String)}
org.keycloak.models.AuthenticatedClientSessionModel.setCurrentRefreshTokenUseCount(int)
org.keycloak.models.ClientModel.updateClient()	Do not use, to be removed
org.keycloak.models.ClientProvider.getAllRedirectUrisOfEnabledClients(RealmModel)	Do not use, this is only to support a deprecated logout endpoint and will vanish with it's removal
org.keycloak.models.IdentityProviderModel.isAuthenticateByDefault()
org.keycloak.models.IdentityProviderModel.setAuthenticateByDefault(boolean)
org.keycloak.models.jpa.entities.CredentialEntity.getSalt()
org.keycloak.models.jpa.entities.CredentialEntity.setSalt(byte[])
org.keycloak.models.jpa.MigrationModelAdapter.getResourcesTag()
org.keycloak.models.KeycloakContext.getContextObject(Class<T>)
org.keycloak.models.KeycloakSession.getProvider(Class<T>, ComponentModel)	Deprecated in favor of {@link #getComponentProvider)
org.keycloak.models.KeyManager.getActiveAesKey(RealmModel)
org.keycloak.models.KeyManager.getActiveHmacKey(RealmModel)
org.keycloak.models.KeyManager.getActiveRsaKey(RealmModel)
org.keycloak.models.KeyManager.getAesKeys(RealmModel)
org.keycloak.models.KeyManager.getAesSecretKey(RealmModel, String)
org.keycloak.models.KeyManager.getHmacKeys(RealmModel)
org.keycloak.models.KeyManager.getHmacSecretKey(RealmModel, String)
org.keycloak.models.KeyManager.getRsaCertificate(RealmModel, String)
org.keycloak.models.KeyManager.getRsaKeys(RealmModel)
org.keycloak.models.KeyManager.getRsaPublicKey(RealmModel, String)
org.keycloak.models.RealmModel.addIdentityProvider(IdentityProviderModel)	Use IdentityProviderStorageProvider.create(IdentityProviderModel) instead.
org.keycloak.models.RealmModel.addIdentityProviderMapper(IdentityProviderMapperModel)	Use IDPProvider#createMapper(IdentityProviderMapperModel) instead.
org.keycloak.models.RealmModel.getIdentityProviderByAlias(String)	Use IdentityProviderStorageProvider.getByAlias(String) instead.
org.keycloak.models.RealmModel.getIdentityProviderMapperById(String)	Use IDPProvider#getMapperById(String) instead.
org.keycloak.models.RealmModel.getIdentityProviderMapperByName(String, String)	Use IDPProvider#getMapperByName(String, String) instead.
org.keycloak.models.RealmModel.getIdentityProviderMappersByAliasStream(String)	Use IDPProvider#getMappersByAliasStream(String) instead.
org.keycloak.models.RealmModel.getIdentityProviderMappersStream()	Use IDPProvider#getMappersStream() instead.
org.keycloak.models.RealmModel.getIdentityProvidersStream()	Use IdentityProviderStorageProvider.getAllStream() instead.
org.keycloak.models.RealmModel.getTopLevelGroupsStream()
org.keycloak.models.RealmModel.getTopLevelGroupsStream(Integer, Integer)
org.keycloak.models.RealmModel.isIdentityFederationEnabled()	use IdentityProviderStorageProvider.isIdentityFederationEnabled() instead.
org.keycloak.models.RealmModel.removeIdentityProviderByAlias(String)	Use IdentityProviderStorageProvider.remove(String) instead.
org.keycloak.models.RealmModel.removeIdentityProviderMapper(IdentityProviderMapperModel)	Use IDPProvider#removeMapper(IdentityProviderMapperModel) instead.
org.keycloak.models.RealmModel.updateIdentityProvider(IdentityProviderModel)	Use IdentityProviderStorageProvider.update(IdentityProviderModel) instead.
org.keycloak.models.RealmModel.updateIdentityProviderMapper(IdentityProviderMapperModel)	Use IDPProvider#updateMapper(IdentityProviderMapperModel) instead.
org.keycloak.models.session.PersistentUserSessionAdapter.PersistentUserSessionData.getStarted()
org.keycloak.models.session.PersistentUserSessionAdapter.PersistentUserSessionData.setStarted(int)
org.keycloak.models.sessions.infinispan.stream.Mappers.toStream(Collection<T>)
org.keycloak.models.SingleUseObjectKeyModel.getExpiration()	int will overflow with values after 2038. Use SingleUseObjectKeyModel.getExp() instead.
org.keycloak.models.StorageProviderRealmModel.getClientStorageProviders()	Use getClientStorageProvidersStream instead.
org.keycloak.models.StorageProviderRealmModel.getRoleStorageProviders()	Use getRoleStorageProvidersStream instead.
org.keycloak.models.StorageProviderRealmModel.getUserStorageProviders()	Use getUserStorageProvidersStream instead.
org.keycloak.models.SubjectCredentialManager.createCredentialThroughProvider(CredentialModel)
org.keycloak.models.SubjectCredentialManager.getConfiguredUserStorageCredentialTypesStream()
org.keycloak.models.SubjectCredentialManager.isConfiguredLocally(String)
org.keycloak.models.UserCredentialModel.isOtp(String)
org.keycloak.models.UserCredentialModel.passwordToken(String)
org.keycloak.models.UserSessionProvider.createUserSession(RealmModel, UserModel, String, String, String, boolean, String, String)	Use UserSessionProvider.createUserSession(String, RealmModel, UserModel, String, String, String, boolean, String, String, UserSessionModel.SessionPersistenceState) instead.
org.keycloak.models.UserSessionProvider.getClientSession(UserSessionModel, ClientModel, UUID, boolean)	Use UserSessionProvider.getClientSession(UserSessionModel, ClientModel, String, boolean) instead.
org.keycloak.models.UserSessionProvider.importUserSessions(Collection<UserSessionModel>, boolean)	Deprecated as offline session preloading was removed in KC25. This method will be removed in KC27.
org.keycloak.models.UserSessionProviderFactory.loadPersistentSessions(KeycloakSessionFactory, int, int)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean, String)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(GroupModel, boolean, String, Boolean)
org.keycloak.models.utils.ModelToRepresentation.toGroupHierarchy(KeycloakSession, RealmModel, boolean)
org.keycloak.models.utils.RealmModelDelegate.getTopLevelGroupsStream()
org.keycloak.models.utils.RealmModelDelegate.getTopLevelGroupsStream(Integer, Integer)
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper.setClaim(IDToken, ProtocolMapperModel, UserSessionModel)	override AbstractOIDCProtocolMapper.setClaim(IDToken, ProtocolMapperModel, UserSessionModel, KeycloakSession, ClientSessionContext) instead.
org.keycloak.protocol.saml.profile.util.Soap.SoapMessageBuilder.call(String)	Use Soap.SoapMessageBuilder.call(String,KeycloakSession) to use SimpleHttp configuration
org.keycloak.representations.idm.AbstractAuthenticationExecutionRepresentation.isAutheticatorFlow()
org.keycloak.representations.idm.AbstractAuthenticationExecutionRepresentation.setAutheticatorFlow(boolean)
org.keycloak.representations.idm.authorization.ResourceRepresentation.getUri()
org.keycloak.representations.idm.authorization.ResourceRepresentation.setUri(String)
org.keycloak.representations.idm.ClientRepresentation.getClientTemplate()
org.keycloak.representations.idm.ClientRepresentation.getDefaultRoles()
org.keycloak.representations.idm.ClientRepresentation.isDirectGrantsOnly()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateConfig()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateMappers()
org.keycloak.representations.idm.ClientRepresentation.isUseTemplateScope()
org.keycloak.representations.idm.ClientRepresentation.setDefaultRoles(String[])
org.keycloak.representations.idm.CredentialRepresentation.getAlgorithm()
org.keycloak.representations.idm.CredentialRepresentation.getConfig()
org.keycloak.representations.idm.CredentialRepresentation.getCounter()
org.keycloak.representations.idm.CredentialRepresentation.getDevice()
org.keycloak.representations.idm.CredentialRepresentation.getDigits()
org.keycloak.representations.idm.CredentialRepresentation.getHashedSaltedValue()
org.keycloak.representations.idm.CredentialRepresentation.getHashIterations()
org.keycloak.representations.idm.CredentialRepresentation.getPeriod()
org.keycloak.representations.idm.CredentialRepresentation.getSalt()
org.keycloak.representations.idm.IdentityProviderRepresentation.getUpdateProfileFirstLoginMode()	deprecated and replaced by configuration on IdpReviewProfileAuthenticator
org.keycloak.representations.idm.IdentityProviderRepresentation.isAuthenticateByDefault()	Replaced by configuration option in identity provider authenticator
org.keycloak.representations.idm.IdentityProviderRepresentation.setAuthenticateByDefault(boolean)
org.keycloak.representations.idm.IdentityProviderRepresentation.setUpdateProfileFirstLogin(boolean)	IdentityProviderRepresentation.setUpdateProfileFirstLoginMode(String)
org.keycloak.representations.idm.IdentityProviderRepresentation.setUpdateProfileFirstLoginMode(String)	deprecated and replaced by configuration on IdpReviewProfileAuthenticator
org.keycloak.representations.idm.ProtocolMapperRepresentation.getConsentText()
org.keycloak.representations.idm.ProtocolMapperRepresentation.isConsentRequired()
org.keycloak.representations.idm.RealmRepresentation.getApplicationScopeMappings()
org.keycloak.representations.idm.RealmRepresentation.getClientTemplates()
org.keycloak.representations.idm.RealmRepresentation.getDefaultRoles()
org.keycloak.representations.idm.RealmRepresentation.getOauthClients()
org.keycloak.representations.idm.RealmRepresentation.getRequiredCredentials()
org.keycloak.representations.idm.RealmRepresentation.getSocialProviders()
org.keycloak.representations.idm.RealmRepresentation.isSocial()
org.keycloak.representations.idm.RealmRepresentation.isUpdateProfileOnInitialSocialLogin()
org.keycloak.representations.idm.RealmRepresentation.setDefaultRoles(List<String>)
org.keycloak.representations.idm.RealmRepresentation.setRequiredCredentials(Set<String>)
org.keycloak.representations.idm.RoleRepresentation.Composites.getApplication()
org.keycloak.representations.idm.RoleRepresentation.isScopeParamRequired()
org.keycloak.representations.idm.RolesRepresentation.getApplication()
org.keycloak.representations.idm.ScopeMappingRepresentation.getClientTemplate()
org.keycloak.representations.idm.UserConsentRepresentation.getGrantedRealmRoles()
org.keycloak.representations.idm.UserRepresentation.getApplicationRoles()
org.keycloak.representations.idm.UserRepresentation.getOrigin()	Use UserRepresentation.getFederationLink() instead
org.keycloak.representations.idm.UserRepresentation.isTotp()
org.keycloak.representations.idm.UserRepresentation.setOrigin(String)	Use UserRepresentation.setFederationLink(String) instead
org.keycloak.representations.idm.UserRepresentation.setTotp(Boolean)
org.keycloak.representations.IDToken.getSessionState()	Use IDToken.getSessionId() instead.
org.keycloak.saml.common.util.StaxParserUtil.getAttributeValue(StartElement, String)
org.keycloak.saml.common.util.StaxParserUtil.getBooleanAttributeValue(StartElement, String)
org.keycloak.saml.common.util.StaxParserUtil.getBooleanAttributeValue(StartElement, String, boolean)
org.keycloak.saml.common.util.StaxParserUtil.validate(StartElement, String)
org.keycloak.saml.SAML2LogoutRequestBuilder.userPrincipal(String, String)	Prefer SAML2LogoutRequestBuilder.nameId(org.keycloak.dom.saml.v2.assertion.NameIDType)
org.keycloak.services.DefaultKeycloakContext.getRequestHeaders()	Use DefaultKeycloakContext.getHttpRequest() to obtain the request headers.
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionIfExistsRemotely(AuthenticationSessionManager, RealmModel)	To be removed in Keycloak 27+. Use AuthenticationSessionManager.getUserSessionFromAuthenticationCookie(RealmModel)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithClient(RealmModel, String, boolean, String)	To be removed in Keycloak 27+. Use UserSessionProvider.getUserSessionIfClientExists(RealmModel, String, boolean, String)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithClient(RealmModel, String, String)	To be removed in Keycloak 27+. Use UserSessionProvider.getUserSessionIfClientExists(RealmModel, String, boolean, String)
org.keycloak.services.managers.UserSessionCrossDCManager.getUserSessionWithImpersonatorClient(RealmModel, String, boolean, String)	To be removed in Keycloak 27+. Use UserSessionUtil.getUserSessionWithImpersonatorClient(KeycloakSession, RealmModel, String, boolean, String)
org.keycloak.services.managers.UserSessionManager.findOfflineSessions(RealmModel, UserModel)
org.keycloak.services.resources.account.AccountCredentialResource.removeCredential(String)	It is recommended to delete credentials with the use of "delete_credential" kc_action. Action can be used for instance by adding parameter like "kc_action=delete_credential:123" to the login URL where 123 is ID of the credential to delete.
org.keycloak.services.resources.account.LinkedAccountsResource.buildLinkedAccountURI(String, String)
org.keycloak.services.resources.account.LinkedAccountsResource.getLinkedAccounts(KeycloakSession, RealmModel, UserModel)
org.keycloak.services.resources.account.PasswordUtil.isConfigured(KeycloakSession, RealmModel, UserModel)	Instead, use PasswordUtil.isConfigured()
org.keycloak.services.resources.admin.AuthenticationManagementResource.createAuthenticatorConfig(AuthenticatorConfigRepresentation)	Use AuthenticationManagementResource.newExecutionConfig(String, AuthenticatorConfigRepresentation) instead
org.keycloak.services.resources.admin.AuthenticationManagementResource.getAuthenticatorConfig(String, String)	Use rather AuthenticationManagementResource.getAuthenticatorConfig(String)
org.keycloak.services.resources.admin.RealmAdminResource.getClientTemplates()
org.keycloak.services.resources.admin.RealmAdminResource.testSMTPConnection(String)
org.keycloak.services.resources.admin.ScopeMappedResource.getScopeMappings()	the method is not used neither from admin console or from admin client. It may be removed in future releases.
org.keycloak.services.resources.admin.TestLdapConnectionResource.testLDAPConnection(String, String, String, String, String, String, String, String)
org.keycloak.services.resources.admin.UserResource.resetPasswordEmail(String, String)
org.keycloak.sessions.AuthenticationSessionProvider.removeAllExpired()	manual removal of expired entities should not be used anymore. It is responsibility of the store implementation to handle expirable entities
org.keycloak.sessions.AuthenticationSessionProvider.removeExpired(RealmModel)	manual removal of expired entities should not be used anymore. It is responsibility of the store implementation to handle expirable entities
org.keycloak.storage.adapter.AbstractUserAdapter.getAttribute(String)	Use AbstractUserAdapter.getAttributeStream(String) instead
org.keycloak.storage.adapter.AbstractUserAdapter.getClientRoleMappings(ClientModel)	Use AbstractUserAdapter.getClientRoleMappingsStream(ClientModel) instead
org.keycloak.storage.adapter.AbstractUserAdapter.getGroups()	Use AbstractUserAdapter.getGroupsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapter.getRealmRoleMappings()	Use AbstractUserAdapter.getRealmRoleMappingsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapter.getRequiredActions()	User AbstractUserAdapter.getRequiredActionsStream()
org.keycloak.storage.adapter.AbstractUserAdapter.getRoleMappings()	Use AbstractUserAdapter.getRoleMappingsStream() instead
org.keycloak.storage.adapter.AbstractUserAdapterFederatedStorage.getFederatedRoleMappings()	Use AbstractUserAdapterFederatedStorage.getFederatedRoleMappingsStream() instead
org.keycloak.storage.group.GroupLookupProvider.searchForGroupByNameStream(RealmModel, String, Integer, Integer)	Use GroupLookupProvider.searchForGroupByNameStream(RealmModel, String, Boolean, Integer, Integer) instead.
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.getSalt()
org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity.setSalt(byte[])
org.keycloak.storage.StorageId.isLocalStorage(ClientModel)	Use StorageId.isLocalStorage(String) instead.
org.keycloak.storage.StorageId.isLocalStorage(UserModel)	Use StorageId.isLocalStorage(String) instead.
org.keycloak.storage.StorageId.resolveProviderId(ClientModel)	Use StorageId.providerId(String) instead.
org.keycloak.storage.StorageId.resolveProviderId(UserModel)	Use StorageId.providerId(String) instead.
org.keycloak.storage.user.UserCountMethodsProvider.getUsersCount(RealmModel, String)	Use UserCountMethodsProvider.getUsersCount(RealmModel, Map) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserCountMethodsProvider.getUsersCount(RealmModel, String, Set<String>)	Use UserCountMethodsProvider.getUsersCount(RealmModel, Map, Set) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserQueryMethodsProvider.searchForUserStream(RealmModel, String)	Use UserQueryMethodsProvider.searchForUserStream(RealmModel, Map) with an params map containing UserModel.SEARCH instead.
org.keycloak.storage.user.UserQueryMethodsProvider.searchForUserStream(RealmModel, String, Integer, Integer)	Use UserQueryMethodsProvider.searchForUserStream(RealmModel, Map, Integer, Integer) with an params map containing UserModel.SEARCH instead.
org.keycloak.TokenVerifier.checkActive(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.checkRealmUrl(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.checkTokenType(boolean)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.TokenVerifier.realmUrl(String)	This method is here only for backward compatibility with previous version of TokenVerifier.
org.keycloak.util.JWKSUtils.getKeysForUse(JSONWebKeySet, JWK.Use)	Use JWKSUtils.getKeyWrappersForUse(JSONWebKeySet, JWK.Use)

Deprecated Constructors

Constructor	Description
org.keycloak.authentication.requiredactions.UpdatePassword()	use UpdatePassword(KeycloakSession) instead
org.keycloak.services.resources.account.PasswordUtil(KeycloakSession, UserModel)

Deprecated Enum Constants

Enum Constant	Description
org.keycloak.common.enums.HostnameVerificationPolicy.STRICT
org.keycloak.common.enums.HostnameVerificationPolicy.WILDCARD
org.keycloak.cookie.CookieScope.LEGACY
org.keycloak.cookie.CookieScope.LEGACY_JS
org.keycloak.events.EventType.REMOVE_TOTP
org.keycloak.events.EventType.REMOVE_TOTP_ERROR
org.keycloak.events.EventType.UPDATE_PASSWORD
org.keycloak.events.EventType.UPDATE_PASSWORD_ERROR
org.keycloak.events.EventType.UPDATE_TOTP
org.keycloak.events.EventType.UPDATE_TOTP_ERROR
org.keycloak.events.EventType.VALIDATE_ACCESS_TOKEN	see KEYCLOAK-2266
org.keycloak.events.EventType.VALIDATE_ACCESS_TOKEN_ERROR
org.keycloak.saml.common.constants.JBossSAMLConstants.EXTENSIONS	Use namespace-aware variant instead
org.keycloak.saml.common.constants.JBossSAMLConstants.RESPONSE	Use namespace-aware variant instead