Get an access token extracted in a [[ClojureAccessToken]] record with one additionnal attribute `:token` that hold the token as a string

returns a keycloak client configuration data structure given the params

return the keycloak client config as an input stream containing JSON, see [[client-conf]]

take a keycloak client configuration as EDN and return a KeycloakDeployment object, see [[client-conf]] for getting a proper conf structure

retrieve the secrets and build dynamically a map with realm-name as key and the keycloak deployment as value given a keycloak client with admin role, an array of realm name. This is useful for large number of realms and multi-tenant applications or tests, otherwise you should define them statically

Return a [[keycloak.deployment/ClojureAccessToken]] record with `:user` and `:roles` keys with values extracted from the Keycloak access token along with all the props of the AccessToken bean

Build a [org.keycloak.admin.client.Keycloak](https://www.keycloak.org/docs-api/12.0/javadocs/org/keycloak/admin/client/Keycloak.html) object from a [[client-conf]] and a credential (secret or username/password), use the RestEasy client.
This keycloak-client object will be used as the first param for every interactions with the Keycloak server.

Verify an Access Token given a deployment to check against.

Checks an Access Token for the following:
  - `iss` (issuer) is defined and matches realm url from `deployment`
  - `sub` is defined
  - `typ` is "Bearer"
  - token is active (both not expired and not used before its validity: `exp` and `nbf`)
  - token signature: `ES256` `ES384` `ES512` `PS256` `PS384` `PS512` `RS256` `RS384` `RS512`