How to use keycloak to sign into JupyterHub?

I’m trying to configure JupyterHub, to enable Keycloak authorization method. I’m looking at doc here (Authentication and authorization — Zero to JupyterHub with Kubernetes documentation). The thing that is confusing to me is username_key and userdata_params . What should I specify here, and how should I configure Keycloak client named jupyterhub that correspond to it? (The role and mapper I guess)

Currently I’m getting successful redirect to my Keycloak, but am getting 400 error. Any help?

At the end of https://discourse.jupyter.org/t/setup-oauth2-locally-tornado-curl-httpclient-curlerror-http-599-server-certificate-verification-failed-cafile-none-crlfile-none/ I shared my working config.