diff --git a/broker-client-auth-keycloak/README.md b/broker-client-auth-keycloak/README.md
new file mode 100644
index 00000000..2cee6ebe
--- /dev/null
+++ b/broker-client-auth-keycloak/README.md
@@ -0,0 +1,4 @@
+
+This package has been removed from the project, due to underutilized and security vulnerabilities. It is no longer actively maintained or supported.
+
+The final commit containing this package can be accessed here: [460277d2f22c891405486bcb4a6ca57710eb0937](https://github.com/aktin/broker/tree/460277d2f22c891405486bcb4a6ca57710eb0937)
\ No newline at end of file
diff --git a/broker-client-auth-keycloak/pom.xml b/broker-client-auth-keycloak/pom.xml
deleted file mode 100644
index 624a90a1..00000000
--- a/broker-client-auth-keycloak/pom.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-
- 4.0.0
- AKTIN : Broker : Client Authentication via Keycloak
-
- broker-client-auth-keycloak
-
-
- Broker client authentication library
- using keycloak for authentication.
-
-
-
-
- org.aktin
- broker
- 1.5.2-SNAPSHOT
-
-
-
- UTF-8
- 11
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-dependency-plugin
-
-
- install
-
- copy-dependencies
-
-
- provided
- runtime
- ${project.build.directory}/lib
-
-
-
-
-
-
-
-
- lombok
- org.projectlombok
- provided
-
-
- org.aktin
- broker-client
- 1.5.2-SNAPSHOT
-
-
- org.keycloak
- keycloak-authz-client
- 25.0.6
-
-
-
\ No newline at end of file
diff --git a/broker-client-auth-keycloak/src/main/java/org/aktin/broker/client2/auth/OpenIdAuthentication.java b/broker-client-auth-keycloak/src/main/java/org/aktin/broker/client2/auth/OpenIdAuthentication.java
deleted file mode 100644
index ed178a60..00000000
--- a/broker-client-auth-keycloak/src/main/java/org/aktin/broker/client2/auth/OpenIdAuthentication.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package org.aktin.broker.client2.auth;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import org.keycloak.authorization.client.AuthzClient;
-import org.keycloak.representations.AccessTokenResponse;
-
-/**
- * OpenID authentication via Keycloak client.
- * Use e.g. by passing the file {@code keycloak.json} to
- * constructor {@link #OpenIdAuthentication(String)}
- *
- */
-public class OpenIdAuthentication extends HttpAuthorizationBearerAuth {
- private AuthzClient client;
- private AccessTokenResponse resp;
- private long expirationTimestamp;
-
- private void checkAndRefreshToken() {
- long now = System.currentTimeMillis();
- if( expirationTimestamp == 0 || expirationTimestamp < now ) {
- // obtain new token
- resp = client.obtainAccessToken();
- // resp.expiresIn is seconds???
- expirationTimestamp = now + 1000*resp.getExpiresIn();
- }
- }
- public OpenIdAuthentication(String keycloakJsonConfigPath) throws IOException {
- try (InputStream in = Files.newInputStream(Paths.get(keycloakJsonConfigPath))) {
- this.client = AuthzClient.create(in);
- checkAndRefreshToken();
- }
- }
-
- @Override
- protected String getBearerToken() throws IOException {
- checkAndRefreshToken();
- return resp.getToken();
- }
-
-}
diff --git a/pom.xml b/pom.xml
index 0dc32905..43de3d65 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,6 @@
broker-api
broker-client
- broker-client-auth-keycloak
broker-server
broker-auth-local
broker-auth-openid