Admin REST API with client_secret

Authenticating against Admin REST API with `client_id` and `client_secret`

server_development/topics/admin-rest-api.adoc

@@ -10,7 +10,9 @@ A token can be obtained by enabling authenticating to your application with {pro
 
 For complete documentation see {apidocs_link}[{apidocs_name}].
 
-=== Example using CURL
+=== Examples using CURL
+
+==== Authenticate with username and password
 
 Obtain access token for user in the realm `master` with username `admin` and password `password`:
 [source,bash]
@@ -37,6 +39,28 @@ curl \
   "http://localhost:8080/auth/admin/realms/master"
 ----
 
+==== Authenticate with a service account
+
+Before being able to authenticate against the Admin REST API using a `client_id` and a `client_secret` you need to make sure the client is configured as it follows:
+
+* `client_id` is a **confidential** client that belongs to the realm *master*
+* `client_id` has `Service Accounts Enabled` option enabled
+* `client_id` has a custom "Audience" mapper
+  ** Included Client Audience: `security-admin-console`
+
+Finally, check that `client_id` has the role 'admin' assigned in the "Service Account Roles" tab.
+
+After that, you will be able to obtain an access token for the Admin REST API using `client_id` and `client_secret`:
+
+[source,bash]
+----
+curl \
+  -d "client_id=<YOUR_CLIENT_ID>" \
+  -d "client_secret=<YOUR_CLIENT_SECRET>" \
+  -d "grant_type=client_credentials" \
+  "http://localhost:8080/auth/realms/master/protocol/openid-connect/token"
+----
+
 ifeval::[{project_community}==true]
 === Example using Java
 
@@ -61,4 +85,4 @@ RealmRepresentation realm = keycloak.realm("master").toRepresentation();
 ----
 
 Complete Javadoc for the admin client is available at {apidocs_link}[{apidocs_name}].
-endif::[]
+endif::[]