I am facing exact issue with keycloak. I am using tyk oss with api and policy as mentioned here Tyk (Open source) + Keycloak (OIDC) - #2 by rwxget
keycloak has myrealm with tyk-test client. I am getting
time="Jan 24 12:52:27" level=warning msg="JWT Invalid" api_id=3 api_name="httpbin.org - OIDC" error="Validation error. Validation error. The provider https://<example.com>/auth/realms/myrealm does not have a client id matching any of the token audiences [tyk-test]" mw=OpenIDMW org_id=1 origin=10.42.0.1 path="/httpbin/oidc/ip"
time="Jan 24 12:52:27" level=warning msg="Attempted access with invalid key." api_id=3 api_name="httpbin.org - OIDC" key="****JWT]" mw=OpenIDMW org_id=1 origin=10.42.0.1 path="/httpbin/oidc/ip"
I have obtained token using https://openidconnect.net/ with client = tyk-test