The route "oauth/login" must be allowed anonymously in your security.yaml, or app won't be able to serve the page. The same for the "oauth/callback"
The KeycloalAuthenticator guard must be listed in guards section of security.yaml.
Correct scopes might need to be set for the client on Keycloak. Such as "profile" and "email" are default. If you don't set the login attempt may fail with "invalid_scopes" error
The route "oauth/login" must be allowed anonymously in your security.yaml, or app won't be able to serve the page. The same for the "oauth/callback"
The KeycloalAuthenticator guard must be listed in guards section of security.yaml.
Correct scopes might need to be set for the client on Keycloak. Such as "profile" and "email" are default. If you don't set the login attempt may fail with "invalid_scopes" error
Oh, you have #2 at the end, I missed that