I use the Keycloak service to login my web app. Use as a backend Spring with OAuth 2.0 security. When I go to make a request with Postman using the bearer token obtained from Keycloak it gives me an error 401 and also in the text of the answer next to the www-Authenticate entry it tells me:
Bearer error="invalid_token", error_description="An error occurred while attempting to decode the Jwt: The iss claim is not valid", error_uri="https://tools.ietf.org/html/rfc6750#section-3.1"
How could I solve this problem?
Spring config value must be exactly the same as iss claim value. Even trailing slash, if any, is important.
Do as @BenchVue wrote in comment: open one of access-token JWTs in jwt.io, copy iss claim value and paste it in spring conf.
Another option is to remove the issuer validation from the JWT decoder: provide jwk-set-uri in your conf and remove issuer-uri, but be aware that in this case the token validation will be done only using its signature.