grpc_jwt_claims_from_json() returns nullptr

[boom...@gmail.com]

Hello,

I have the following JWT claims:

{
  "jti": "b30c9e6b-6999-4493-8783-50c09731c2b7",
  "exp": 1572683947,
  "nbf": 1569993791,
  "iat": 1570091947,
  "iss": "https://sso.rec.******.**/auth/realms/************-rec",
  "aud": "********-site-unique-client",
  "sub": "6e198439-7b32-4623-9692-f2b4af0814dc",
  "typ": "Bearer",
  "azp": "*********-site-unique-client",
  "auth_time": 1569911503,
  "session_state": "526f374a-c881-4ef8-80d6-c46397694aec",
  "acr": "1",
  "allowed-origins": [],
  "resource_access": {},
  "clientId": "***********-site-unique-client",
  "clientHost": "192.168.**.***",
  "https://hasura.io/jwt/claims": {
    "x-hasura-allowed-roles": [
      "editor",
      "user",
      "mod"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "1234567890",
    "x-hasura-org-id": "123",
    "x-hasura-custom": "custom-value"
  },
  "preferred_username": "service-account-*******-site-unique-client",
  "clientAddress": "192.168.**.***",
  "email": "***********"
}

The gRPC lib function grpc_jwt_claims_from_json() returns nullptr and I have the following message from ESP in the logs:

E1003 08:41:50.311386810       9 auth_jwt_validator.cc:361]  JWT claims could not be created. Incompatible value types for some claim(s)

See related source code line: https://github.com/cloudendpoints/esp/blob/master/src/api_manager/auth/lib/auth_jwt_validator.cc#L358

Based on the implementation of grpc_jwt_claims_from_json(), it checks for sub, iss, aud and jti to be strings; and iat, exp and nbf to be numbers and greater than 0. (See https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/jwt/jwt_verifier.cc#L239)

All these checks should pass based on the JWT claims, so I am not sure if issue is related to grpc_jwt_claims_from_json() in gRPC lib or in the parsing of the JSON before that.

May you have an idea or a way to investigate that?

Thanks for any help!