For keycloak to work, you also need to edit the hosts file of your OS.
JWT's payload contains a field iss (issuer). It's an URL of an authorization server, in our case Keycloak. In the backend application we need to provide exactly the same URL to keycloak. The problem here is, that a Docker network and machine's hosts are not the same. From point of view of a backend service a keycloak will have a different URL than from the point of view of a user!
To mitigate this problem you need to add the following lines to the hosts file:
127.0.0.1 keycloak
Location of hosts file on different OS: