How to use BinderHub API with OpenId (Keycloak)

I’m trying to launch a binder server using the BinderHub API by following this example: .

In the example there is no authentication used but my BinderHub has authentication enabled, it uses Keycloak (OpenId). I am able to build my OAuth2Session but when I do my GET request it does not launch a binder, instead it redirects to the JupyterHub login page with the button “Sign in with keycloak” while I am already authenticated. Can someone point me out what I am doing wrong?

This is what I have so far:

import json
import webbrowser
import sys

from bs4 import BeautifulSoup as bs
from oauthlib.oauth2 import LegacyApplicationClient
from requests_oauthlib import OAuth2Session

def build_binder(repo, ref='master', filepath=None, *, binder_url='', oauth_session):
    """Launch a binder
    Yields Binder's event-stream events (dicts)
    print("Building binder for {repo}@{ref}".format(repo=repo, ref=ref))
    url = binder_url + '/build/gh/{repo}/{ref}'.format(repo=repo, ref=ref)
    r = oauth_session.get(url, stream=True)

    # Printing HTML for debugging purposes
    soup = bs(r.content, features="html.parser")  # make BeautifulSoup
    prettyHTML = soup.prettify()  # prettify the html

    for line in r.iter_lines():
        line = line.decode('utf8', 'replace')
        if line.startswith('data:'):
            yield json.loads(line.split(':', 1)[1])

if __name__ == '__main__':
    repo = 'jakevdp/PythonDataScienceHandbook'

    client_id = "xxx-xxx-xxx"
    client_secret = "xxx-xxx-xxx-xxx-xxx"

    # Start OAuth2 session
    oauth = OAuth2Session(client=LegacyApplicationClient(client_id=client_id))
    oauth.redirect_uri = ""
    token = oauth.fetch_token(token_url='',
                              username="patrick", password="spongebob", client_id=client_id,

    for evt in build_binder(repo, oauth_session=oauth):
        if 'message' in evt:
            print("[{phase}] {message}".format(
                phase=evt.get('phase', ''),
        if evt.get('phase') == 'ready':
            url = "{url}?token={token}".format(**evt)
            print("Opening %s" % url)
            sys.exit("binder never became ready")