Istio security stopped working

I had set up istio to use keycloak jwts to secure my backend and had on open frontend.
I had cors set up to allow calls from local frontends for dev purposes.
It was all working as intended and then all of a sudden all calls to the backend from local frontends were met with ‘401 unauthorized Origin authentication failed’ and calls to the frontend on istio were met with ‘RBAC: access denied’. I have since tried uninstalling istio and deleting everything, fresh installing and it is still the same state of affairs.

Any advice on how to debug this or examples of what could have caused this would be greatly appreciated.

Could it be the case that your jwt expired? RBAC most likely won’t work if authentication fails, depends on how you set the RBAC rules. Can you take a look at or see the log of istio-proxy for the backend service?