"500 Error: Cannot exchange code for grant in bearer-only mode" after successful browser login in Keycloak

User trying to access /hello url in the browser via a reverse-proxy.

"500 Error: Cannot exchange code for grant in bearer-only mode"

error is popped after successful login by the user on Keycloak login page on access to protected url.

The following code is used in the reverse proxy:

var Keycloak = require('keycloak-connect');
var session = require('express-session');
var memoryStore = new session.MemoryStore();

let keycloak = new Keycloak(memoryStore);
app = express();
app.use( keycloak.middleware() );
app.get( '/hello', keycloak.protect( 'realm:admin' ));

keycloak.json is:

{
  "realm": "master",
  "auth-server-url": "https://127.0.0.1/auth",  
  "resource": "test_ui",
  "confidential-port": 0,  
  "credentials" : {
    "password" : "d31c4718-12e9-407b-9bf2-cb72734a23f0"
  }
}

client test_ui is confidential. Adding bearer-only : true to keycloak.json results in access denied error instead of the above error.

What's wrong with the configuration?

from "500 Error: Cannot exchange code for grant in bearer-only mode" after successful browser login in Keycloak