Stuck in redirection with keycloak and superset behind nginx reverse proxy

Question

we are running Superset with Keycloak behind a Nginx reverse proxy with SSL certificates in OpenShift.

When we try to login via Superset the redirection sticks and the browser loops infinitely. When we query the keycloak directly and leave the reverse proxy out of the game, it works as expected.

We rely on the reverse proxy because of the SSL certificates via certbot.

Here is our nginx configuration:

server {
    listen 8080 ssl;
    listen [::]:8080 ssl;
    server_name example.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    port_in_redirect off;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    location /.well-known/acme-challenge/ {
        root /var/www/certbot/example.com;
    }
    location / {
        proxy_pass http://superset-service:8080;
    }
    location /auth {
        return 301 $scheme://$http_host/auth/;
    }
    location /auth/ {
        proxy_pass http://keycloak:8080;
    }
}

Answer 1

_{Converting OP's solution from a comment to an answer:}

Changing the token_uri to go directly and not over the proxy seems to work.