OpenSearch JWT authentication

I’m trying to autenticate to OpenSearch using a JWT token and i keep getting the following error:

[2022-09-05T10:24:00,610][WARN ][o.o.s.h.HTTPBasicAuthenticator] [mikeVIrtual] No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’

This is my config.yml:

authc:
  basic_internal_auth_domain:
    description: "Authenticate via HTTP Basic against internal users database"
    http_enabled: true
    transport_enabled: true
    order: 1
    http_authenticator:
      type: basic
      challenge: true
    authentication_backend:
      type: intern
  jwt_auth_domain:
    description: "Authenticate via Json Web Token"
    http_enabled: true
    transport_enabled: true
    order: 0
    http_authenticator:
      type: jwt
      challenge: false
      config:
        signing_key: YmlnIHNlY3JldA==
        jwt_header: "Authorization"
        jwt_url_parameter: null
        roles_key: roles
        subject_key: sub
    authentication_backend:
      type: noop

And this is my postman request:

This is how i’m generating the token (it doesn’t even matter right now because it’s not even evaluating if the token is valid or not from the above error):

{
“sub”: “admin”,
“iat”: 1662357733,
“exp”: 1667620920,
“roles”: “own_index, all_access”
}

It’s also a bit unclear if these validated registered claims from the documentation are mandatory or optional.

I also believe that the enabled flag from the documentation config example is deprecated since i’m getting an unknown argument error if i’m trying to use it in the config.yml.

Any help would be really appreciated, i’ve been reading and experimenting with the configuration for over a week without any results. Thanks!

In case anyone stumbles upon this problem:

Enable more detailed logs for opensearch security plugin:
plugins.security.audit.type set it to debug in opensearch.yml

And in my case, the signing_key was too short and it wasn’t accepted…