WSO2 IS and Keycloak (Invalid authorization code received from token request)

Question

I'm having an issue integrating wso2-is with an external identity provider (keycloak). I've been checking a lot of posts and questions but I can't resolve it.

Authentication must be done with PKCE enabled so I've added a new oAuth-2.0 Service Provider. Under "Oauth/OpenID Connect Configuration", I've configured "Code, implicit and Refresh token" grant types allowed with PKCE Mandatory checkbox selected. Also, in "Local & Outbound Authentication Configuration I've selected keycloak federated Authenticator which I've added in Identity Providers Option.

I use Postman to retrieve Access token. "/authorize" call is done correctly ( https://localhost:9443/oauth2/authorize?response_type=code&client_id=XXXXXXXXXXXXXXXXX&scope=openid&redirect_uri=https%3A%2F%2Flocalhost%3A9443%2Fcommonauth&code_challenge=NdX8F8-7rdAPXnEK2jnxlMWtfHZq1nByJF8frUXw9TA&code_challenge_method=S256) and keycloak login page is shown. After a valid authentication (I can see a session created in keycloak), "/token" endpoint failed with 400 http status code and message: {"error_description":"Invalid authorization code received from token request","error":"invalid_grant"}.

Postman oAuth validation

I've enabled logs and I can see

[2022-05-23 17:24:19,271] DEBUG - AuthorizationCodeGrantHandler Invalid token request for client id: XXXXXXXXXXXXXXXXXXXX couldn't find persisted data for authorization code: YYYYYYYYYYYYYYYYYYYYYYYYYYY.ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ.KKKKKKKKKKKKKKKKKKKKKKKKKK [2022-05-23 17:24:19,274] DEBUG - AccessTokenIssuer Error occurred while validating grant org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception: Invalid authorization code received from token request

I think this error is thrown because the token is searched in IDN_OAUTH2_AUTHORIZATION_CODE table but data is not there, as I've checked in documentation.

Does anybody knows why I have this issue? I'm using wso2 4.1.0 docker image

I apreciate any help. Thanks in advance.