OAuth without creating internal users

Hi, I am integrating Grafana with Keycloak over OAuth (both running as containers).

When I create the user in Grafana manually, OAuth login works fine (matching the user through email address). However I don’t want this step, and preferably I’d allow empty email set in Keycloak. In my preferred OAuth-only authentication should be sufficient. I certainly don’t want the [user] allow_sign_up option, and I’d like to disable basic auth.

On a bit different note - is it possible to disable the initial admin/admin user creation and just get an API key? Ideally I’d set the secret key as an env var (since I am running in container) and then use it to get access over HTTP API.