I am writing a Java client to allow users to self-register to Keycloak vers 26.x.x. This succeeds but Login itself fails as it seems that the user has to be added to a Client Policy (defined in the Keycloak Web console via Clients>Client details, Authorization tab, then Policies subtab).

So, in the Keycloak Web console I create a Client policy in that subtab (eg: "my-defpolicy"). Subsequently in Clients>Clients details>Policy details>my-defpolicy screen I add a (registered) User via a dropdown to that policy and lo! Login (via the Java client again) is successful.

But despite several days effort, I am utterly unable to add a registering user to this policy (my-defpolicy) via the Java client. I have trawled through a ton of documentation, searches, AI suggestions and none work. A lot of example code is not relevant to version 26, of course, and any registration examples I have seen do not include the subsequent process to enable a user to login successfully. (Note: the addition of adding a registering user to this policy would happen after a confirmation email process.)

Can anyone post a definitive example of registering a user using the Keycloak 26/Java client which allows a registering user to be added to my policy?

Or, if this is the incorrect route for a registered user on Keycloak 26 to be enabled for a successful subsequent login, could that process be posted here?