[keycloak-user] JWT token auth. advice