Bearer-only access type means that the application only allows bearer token requests. If this is turned on, this application cannot participate in browser logins.
So if you select your client as bearer-only then in that case keycloak adapter will not attempt to authenticate users, but only verify bearer tokens. That why keycloak documentation also mentioned bearer-only application will not allow the login from browser.
Client Config
important
Remember, the requests are then public, so when going up to production anyone could access, one way to protect yourself is by using 'antMatchers', and creating the 'ADMIN' role in the keycloak, as shown in the example below.
But before doing that create ROLE ADMIN in keycloak.