Token verification failed

[des1roer]

Bearer realm="master", error="invalid_token", error_description="Token verification failed"

provider

        $provider = new \Drupal\moduleform\Controller\Provider([
            'authServerUrl'         => 'http://kc_app:8080',
            'realm'                 => 'master',
            'clientId'              => 'same',
            'clientSecret'          => '8nOJEQv2O0h6ORtxy6G17zZiRTwBCaUj',
            'redirectUri'           => 'http://localhost:5080/login',
            'encryptionAlgorithm'   => 'RS256',                             // optional
        ]);

jwt

looks like this error https://gist.github.com/des1roer/b7240dfcb299c7d91881f7908b92cbe8

response + request - https://gist.github.com/des1roer/b7240dfcb299c7d91881f7908b92cbe8

keycloack container

version: '3'

volumes:
  postgres_data:
    driver: local

services:
  kc_db:
    container_name: kc_postgres
    image: postgres:15.1-alpine
    # volumes:
    #   - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    ports:
      - '${EXTERNAL_DB_PORT}:5432'
  kc_app:
    container_name: keycloak
    image: quay.io/keycloak/keycloak:20.0.1
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://kc_db:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: password
      # DB_SCHEMA: public
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
      #JDBC_PARAMS: "ssl=true"
    command: start-dev
    ports:
      - '${KC_PORT}:8080'
    depends_on:
      - kc_db
    networks:
      - bd_external
      - default

networks:
  bd_external:
    external: true

php container

version: '3'
services:
    nginx:
        image: nginx:latest
        ports:
            - "${NGINX_PORT}:80"
        volumes:
            - ./hosts:/etc/nginx/conf.d
            - ../:/var/www
            - ./logs/nginx:/var/log/nginx
        links:
            - php
        networks:
            - internal
            - default
            - bd_external
    php:
        build: ./php
        environment:
            XDEBUG_CONFIG: 'remote_host=${XDEBUG_REMOTE_HOST:-host.docker.internal} remote_enable=1'
        volumes:
            - ../:/var/www
        networks:
            - internal
            - default
            - bd_external
        extra_hosts:
            - "host.docker.internal:host-gateway"

networks:
    bd_external:
        external: true

client

{
  "clientId": "same",
  "name": "",
  "description": "",
  "rootUrl": "http://localhost:5080",
  "adminUrl": "",
  "baseUrl": "http://localhost:5080",
  "surrogateAuthRequired": false,
  "enabled": true,
  "alwaysDisplayInConsole": true,
  "clientAuthenticatorType": "client-secret",
  "secret": "8nOJEQv2O0h6ORtxy6G17zZiRTwBCaUj",
  "redirectUris": [
    "http://localhost:5080/login"
  ],
  "webOrigins": [
    "*"
  ],
  "notBefore": 0,
  "bearerOnly": false,
  "consentRequired": false,
  "standardFlowEnabled": true,
  "implicitFlowEnabled": false,
  "directAccessGrantsEnabled": true,
  "serviceAccountsEnabled": false,
  "publicClient": false,
  "frontchannelLogout": true,
  "protocol": "openid-connect",
  "attributes": {
    "oidc.ciba.grant.enabled": "false",
    "client.secret.creation.time": "1669120316",
    "backchannel.logout.session.required": "true",
    "display.on.consent.screen": "false",
    "oauth2.device.authorization.grant.enabled": "true",
    "backchannel.logout.revoke.offline.tokens": "false",
    "request.uris": "",
    "token.endpoint.auth.signing.alg": "HS256",
    "consent.screen.text": "",
    "frontchannel.logout.url": "",
    "backchannel.logout.url": "",
    "login_theme": "",
    "acr.loa.map": "{}",
    "use.jwks.url": "false",
    "logoUri": "",
    "policyUri": "",
    "tosUri": "",
    "access.token.signed.response.alg": "",
    "id.token.signed.response.alg": "",
    "id.token.encrypted.response.alg": "",
    "id.token.encrypted.response.enc": "",
    "user.info.response.signature.alg": "",
    "request.object.signature.alg": "",
    "request.object.encryption.alg": "",
    "request.object.encryption.enc": "",
    "request.object.required": "",
    "authorization.signed.response.alg": "",
    "authorization.encrypted.response.alg": "",
    "authorization.encrypted.response.enc": "",
    "exclude.session.state.from.auth.response": "",
    "use.refresh.tokens": "true",
    "client_credentials.use_refresh_token": "false",
    "token.response.type.bearer.lower-case": "false",
    "access.token.lifespan": "",
    "client.session.idle.timeout": "",
    "client.session.max.lifespan": "",
    "client.offline.session.idle.timeout": "",
    "client.offline.session.max.lifespan": "",
    "tls-client-certificate-bound-access-tokens": false,
    "pkce.code.challenge.method": "",
    "require.pushed.authorization.requests": "false"
  },
  "authenticationFlowBindingOverrides": {
    "direct_grant": "776a184f-b92d-46c0-9959-64dc85dd5fee",
    "browser": ""
  },
  "fullScopeAllowed": true,
  "nodeReRegistrationTimeout": -1,
  "defaultClientScopes": [
    "web-origins",
    "acr",
    "roles",
    "profile",
    "email"
  ],
  "optionalClientScopes": [
    "address",
    "phone",
    "offline_access",
    "microprofile-jwt"
  ],
  "access": {
    "view": true,
    "configure": true,
    "manage": true
  },
  "authorizationServicesEnabled": false
}