Client ID registered in the realm. Used as the expected aud (audience)
claim when verifying bearer tokens, so tokens minted for other clients in
the same realm are rejected.
Keycloak realm name.
Keycloak server base URL, e.g. https://auth.example.com.
Configuration for Keycloak-backed JWT authentication.