Yup, that’s what I ended up with and works.
Instructions under the Domain on File URL section:
Be advised that the bucket name and domain name must match exactly, and HTTPS is not supported with a custom domain out of the box.
Because of this, I started with my Bucket named as cdn.example.com, which didn’t seem to function.
Mostly posted this thread to let you and others know.
Newer versions of keycloak don’t supply the openid content unless the scope is provided. Be sure to set the OpenID Scope setting to something like: “openid profile email”.
Otherwise check the “Identity Key” setting – if it doesn’t match something coming back in the claims, it fails with that message, or so I believe.
