Schema registry server side Oauth2 enablement

[maverickode]

I want all communication to schema registry protected by Oauth2. I configured Oauth2 using following configurations but something is still missing.

rest.servlet.initializor.classes=io.confluent.common.security.jetty.initializer.AuthenticationHandler
oauthbearer.jwks.endpoint.url=/certs
oauthbearer.expected.issuer=/auth/realms/**
oauthbearer.expected.audience="account"
oauthbearer.sub.claim.name="sub"
oauthbearer.groups.claim.name="groups"

Upon accessing an endpoint I get following response while the token is valid. What is this realm configuration that it complaints about?

Bearer realm="null",error="invalid_token"