...
By default keycloak maps roles to the JWT Claim path realm_access.roles. Micronauts oauth implementation expects roles to appear at "roles". To synchronize the two you should update the oauth client in the dcb_hub realm by clicking on "Client Scopes", "Roles", "Mappers", "Realm Roles" then in "Token Claim Name" change "realm_access.roles" to "roles"
This step will enable the admin scripts to work with the keycloak main realm
...