diff --git a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
index 5965592e9..1393c822b 100644
--- a/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
+++ b/doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
@@ -131,7 +131,7 @@ spec:
     authentication:
       "keycloak-users":
         jwt:
-          issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant
+          issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant
       "k8s-service-accounts":
         kubernetesTokenReview:
           audiences:
@@ -170,7 +170,7 @@ curl -H 'Host: api.toystore.com' http://localhost:9080/toy -i
 Obtain an access token with the Keycloak server:
 
 ```sh
-ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' | jq -r .access_token)
+ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' -d 'scope=openid' | jq -r .access_token)
 ```
 
 Send a request to the API as the Keycloak-authenticated user while still missing permissions:
@@ -340,13 +340,13 @@ Each user should be entitled to a maximum of 5 requests every 10 seconds.
 Send requests as the Keycloak-authenticated user:
 
 ```sh
-while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
 ```
 
 Send requests as the Kubernetes service account:
 
 ```sh
-while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
+while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
 ```
 
 ## Cleanup
diff --git a/examples/toystore/authpolicy_jwt-k8s-authnz.yaml b/examples/toystore/authpolicy_jwt-k8s-authnz.yaml
index ce45a6bad..87b2c8fdf 100644
--- a/examples/toystore/authpolicy_jwt-k8s-authnz.yaml
+++ b/examples/toystore/authpolicy_jwt-k8s-authnz.yaml
@@ -19,7 +19,7 @@ spec:
       # Read more about this feature at https://github.com/Kuadrant/authorino/blob/v0.11.0/docs/user-guides/oidc-jwt-authentication.md.
       "keycloak-users":
         jwt:
-          issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant
+          issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant
 
       # Authorino will verify Kubernetes Service Account tokens, using Kubernetes TokenReview API,
       # as valid authentication tokens to consume the protected API.