You're issuing the token from your frontend using http://localhost:8082, but then your backend tries to validate it using http://keycloak:80 as the issuer. These are two different URLs, so the iss (issuer) claim in the token doesn't match what your backend expects.

Keycloak includes the full issuer URL in the token (e.g. http://localhost:8082/realms/myrealm), and the backend expects to verify the token against the same issuer.

If the backend tries to verify against http://keycloak:80/realms/myrealm, the token will be rejected because the issuer doesn't match.