Scenario overview

Authorization Code Grant Type

Browser Login (only Authorization Endpoint. After username+password login, there is no exchange of OAuth2 "code" for the tokens)

Client Secret (Client Credentials Grant)

Create and delete clients (requires --client-secret=<client secret for gatling client>)

Create clients (requires --client-secret=<client secret for gatling client>)

Create and delete users (requires --client-secret=<client secret for gatling client>)

Create users (requires --client-secret=<client secret for gatling client>)

Create and delete roles (requires --client-secret=<client secret for gatling client>)

Create roles (requires --client-secret=<client secret for gatling client>)

Create and delete groups (requires --client-secret=<client secret for gatling client>)

Create groups (requires --client-secret=<client secret for gatling client>)

Create and delete client scopes (requires --client-secret=<client secret for gatling client>)

Create client scope (requires --client-secret=<client secret for gatling client>)

Crawls all users page by page (requires --client-secret=<client secret for gatling client>)

Create User and Client sessions (requires --admin-username=<admin login> and --admin-password=<admin password>)

Create realms (requires --admin-username=<admin login> and --admin-password=<admin password>)

Create and immediately delete realms (requires --admin-username=<admin login> and --admin-password=<admin password>)

Repeatedly call a specific URL with HTTP GET and report and check the status code