[grpc-io] grpc_jwt_claims_from_json() returns nullptr

[boomaker]

Hello,

I have the following JWT claims:

{
  "jti": "b30c9e6b-6999-4493-8783-50c09731c2b7",
  "exp": 1572683947,
  "nbf": 1569993791,
  "iat": 1570091947,
  "iss": "https://sso.rec.******.**/auth/realms/************-rec";,
  "aud": "********-site-unique-client",
  "sub": "6e198439-7b32-4623-9692-f2b4af0814dc",
  "typ": "Bearer",
  "azp": "*********-site-unique-client",
  "auth_time": 1569911503,
  "session_state": "526f374a-c881-4ef8-80d6-c46397694aec",
  "acr": "1",
  "allowed-origins": [],
  "resource_access": {},
  "clientId": "***********-site-unique-client",
  "clientHost": "192.168.**.***",
  "https://hasura.io/jwt/claims": {
    "x-hasura-allowed-roles": [
      "editor",
      "user",
      "mod"
    ],
    "x-hasura-default-role": "user",
    "x-hasura-user-id": "1234567890",
    "x-hasura-org-id": "123",
    "x-hasura-custom": "custom-value"
  },
  "preferred_username": "service-account-*******-site-unique-client",
  "clientAddress": "192.168.**.***",
  "email": "***********"
}

The gRPC lib function grpc_jwt_claims_from_json() returns nullptr and I 
have the following message from ESP in the logs:
E1003 08:41:50.311386810       9 auth_jwt_validator.cc:361]  JWT claims 
could not be created. Incompatible value types for some claim(s)
See related source code line: 
https://github.com/cloudendpoints/esp/blob/master/src/api_manager/auth/lib/auth_jwt_validator.cc#L358

Based on the implementation of grpc_jwt_claims_from_json(), it checks for 
sub, iss, aud and jti to be strings; and iat, exp and nbf to be numbers and 
greater than 0. (See 
https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/jwt/jwt_verifier.cc#L239)
All these checks should pass based on the JWT claims, so I am not sure if 
issue is related to grpc_jwt_claims_from_json() in gRPC lib or in the 
parsing of the JSON before that.

May you have an idea or a way to investigate that?

Thanks for any help!

-- 
You received this message because you are subscribed to the Google Groups 
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to grpc-io+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/grpc-io/db76bb16-3943-4268-8a7f-2d04c9c71adc%40googlegroups.com.