Access nested fields in JWT token for [subject_key, roles_key]

Hi. I’m trying to connect to ES via JWT with an access token in the header.

My config and token are below. Currently es is failing to retrieve given a nested key. Unfortunately, I don’t have the ability to re-design and re-implement the token structure.

Any ideas?

esproxy-service      | [2019-05-31T22:48:39,068][WARN ][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] Failed to get subject from JWT claims, check if subject_key '' is correct.
esproxy-service      | [2019-05-31T22:48:39,069][ERROR][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] No subject found in JWT token

        enabled: true
        http_enabled: true
        transport_enabled: true
        order: 0
          type: jwt
          challenge: false
            signing_key: "XXXXXXXXX"
            jwt_header: "Authorization"
            jwt_url_parameter: null
            roles_key: context.user.policies
          type: noop

  "context": {
    "user": {
      "policies": [
      "google": {
        "proxy_group": null
      "is_admin": true,
      "name": "",
      "projects": {
        "XXXX-proj1": [
        "XXXX-proj3": [
        "XXXX": [
  "jti": "e49fd918-7a4e-4f02-a03b-f56f72a74d87",
  "aud": [
  "exp": 1559343582,
  "azp": "",
  "iss": "https://localhost/user",
  "iat": 1559342382,
  "pur": "access",
  "sub": "2"