Configuring Fiware PEP Proxy, Keyrock and Orion Context Broker

I'm trying to integrate Keyrock and PEP Proxy in order to secure the access to the Context Broker but I'm having some issues.

What I want to achieve is that only determined users registered in Keyrock can access to the Context Broker.

I followed Fiware tutorials but in that development scene there is an application which listens on port 3000 that is registered in Keyrock. But how can I get the same result without that tutorial application? Can't I secure access to the Context Broker without an application?

If it's possible, it would be nice some help. Here you have relevant part of my docker-compose file:

keyrock:
    image: fiware/idm:${KEYROCK_VERSION}
    container_name: fiware-keyrock
    hostname: keyrock
    networks:
      default:
        ipv4_address: 172.18.1.5
    depends_on:
        - mysql-db
    ports:
        - "${KEYROCK_PORT}:${KEYROCK_PORT}" # localhost:3005
        - "${KEYROCK_HTTPS_PORT}:${KEYROCK_HTTPS_PORT}" # localhost:3443
    environment:
        - "DEBUG=idm:*"
        - "IDM_DB_HOST=mysql-db"
        - "IDM_DB_PASS_FILE=/run/secrets/my_secret_data"
        - "IDM_DB_USER=root"
        - "IDM_PORT=${KEYROCK_PORT}"
        - "IDM_HOST=http://localhost:${KEYROCK_PORT}"
        - "IDM_HTTPS_ENABLED=${IDM_HTTPS_ENABLED}"
        - "IDM_HTTPS_PORT=${KEYROCK_HTTPS_PORT}"
        - "IDM_ADMIN_USER=admin"
        - "[email protected]"
        - "IDM_ADMIN_PASS=1234"
    secrets:
        - my_secret_data
    healthcheck:
        interval: 5s
# Database
mysql-db:
    restart: always
    image: mysql:${MYSQL_DB_VERSION}
    hostname: mysql-db
    container_name: db-mysql
    expose:
      - "${MYSQL_DB_PORT}"
    ports:
      - "${MYSQL_DB_PORT}:${MYSQL_DB_PORT}"
    networks:
      default:
        ipv4_address: 172.18.1.6
    environment:
      - "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_secret_data"
      - "MYSQL_ROOT_HOST=172.18.1.5" # Allow Keyrock to access this database
    volumes:
      - mysql-db:/var/lib/mysql
    secrets:
      - my_secret_data

orion-proxy:
    image: fiware/pep-proxy
    container_name: fiware-orion-proxy
    hostname: orion-proxy
    networks:
      default:
        ipv4_address: 172.18.1.10
    depends_on:
        - keyrock
    ports:
        - "1027:1027"
    expose:
        - "1027"
    environment:
        - PEP_PROXY_APP_HOST=orion
        - PEP_PROXY_APP_PORT=1026
        - PEP_PROXY_PORT=1027
        - PEP_PROXY_IDM_HOST=keyrock
        - PEP_PROXY_HTTPS_ENABLED=false
        - PEP_PROXY_AUTH_ENABLED=false
        - PEP_PROXY_IDM_SSL_ENABLED=false
        - PEP_PROXY_IDM_PORT=3005
        - PEP_PROXY_APP_ID= <Obtained in Keyrock>
        - PEP_PROXY_USERNAME= <Obtained in Keyrock>
        - PEP_PASSWORD= <Obtained in Keyrock>
        - PEP_PROXY_PDP=idm
        - PEP_PROXY_MAGIC_KEY=1234

In order to test it, I registered a test application with URL localhost:1026 (orion context broker URL) with a PEP Proxy (from which I got PEP_PROXY_APP_ID, PEP_PROXY_USERNAME and PEP_PASSWORD).

When I run the docker containers it works but the problem comes when I try to get an access token using this bash (changing CLIENT_ID and CLIENT_SECRET to those obtained in the OAuth2 field of the application and https://idm/oauth2/token to http://localhost:3005/oauth2/token) with admin credentials.

I get invalid_client: Invalid client: client is invalid error.

If you need to see any more file just ask me.