Invalid_token in jmix 2.0 with oidc addon

I create a jmix 2.0 project and add rest api add-on and Openid Connect add-on.Then I follow the documentand remove implementation("io.jmix.security:jmix-security-oauth2-starter") . when I try to call a service.It response a 401 with WWW-Authenticate: Bearer error=“invalid_token”, error_description=“An error occurred while attempting to decode the Jwt: The iss claim is not valid”,

the application.properties is here

#spring.security.oauth2.authorizationserver.client.myclient.registration.client-id=dvubeumwcm
#spring.security.oauth2.authorizationserver.client.myclient.registration.client-secret={noop}HVuXtBcHKA
#spring.security.oauth2.authorizationserver.client.myclient.registration.authorization-grant-types=client_credentials,refresh_token
##,authorization_code,refresh_token
#spring.security.oauth2.authorizationserver.client.myclient.registration.client-authentication_methods=client_secret_basic
#spring.security.oauth2.authorizationserver.client.myclient.token.access-token-format=reference
#
#spring.security.oauth2.authorizationserver.client.myclient.token.access-token-time-to-live=1h
#spring.security.oauth2.authorizationserver.client.myclient.token.refresh-token-time-to-live=24h
#spring.security.oauth2.authorizationserver.client.myclient.require-proof-key=true
#
#
## Define resource roles for the client
#jmix.authserver.client.myclient.client-id = dvubeumwcm
#jmix.authserver.client.myclient.resource-roles = rest-minimal


spring.security.oauth2.client.registration.keycloak.client-id=test
#spring.security.oauth2.client.registration.keycloak.client-secret=<client-secret>
spring.security.oauth2.client.registration.keycloak.scope=openid, profile, email
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8180/auth/realms/realms-x
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8180/auth/realms/realms-x
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
jmix.oidc.jwt-authentication-converter.username-claim=preferred_username

I got the reason here