Access nested fields in JWT token for [subject_key, roles_key]

Hi. I’m trying to connect to ES via JWT with an access token in the header.

My config and token are below. Currently es is failing to retrieve given a nested key. Unfortunately, I don’t have the ability to re-design and re-implement the token structure.

Any ideas?

esproxy-service      | [2019-05-31T22:48:39,068][WARN ][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] Failed to get subject from JWT claims, check if subject_key 'context.user.name' is correct.
esproxy-service      | [2019-05-31T22:48:39,069][ERROR][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] No subject found in JWT token
```

      jwt_auth_domain:
        enabled: true
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: jwt
          challenge: false
          config:
            signing_key: "XXXXXXXXX"
            jwt_header: "Authorization"
            jwt_url_parameter: null
            subject_key: context.user.name
            roles_key: context.user.policies
        authentication_backend:
          type: noop
```



```
{
  "context": {
    "user": {
      "policies": [
        "data_upload",
        "programs.XXXX-read-storage",
        "programs.XXXX-read",
        "programs.XXXX-create",
        "programs.XXXX-upload",
        "programs.XXXX-update",
        "programs.XXXX-delete",
        "programs.XXXX.proj1-read-storage",
        "programs.XXXX.proj1-read",
        "programs.XXXX.proj1-create",
        "programs.XXXX.proj1-upload",
        "programs.XXXX.proj1-update",
        "programs.XXXX.proj1-delete",
        "programs.XXXX.proj2-read-storage",
        "programs.XXXX.proj2-read",
        "programs.XXXX.proj2-create",
        "programs.XXXX.proj2-upload",
        "programs.XXXX.proj2-update",
        "programs.XXXX.proj2-delete",
        "programs.XXXX.proj3-read-storage",
        "programs.XXXX.proj3-read",
        "programs.XXXX.proj3-create",
        "programs.XXXX.proj3-upload",
        "programs.XXXX.proj3-update",
        "programs.XXXX.proj3-delete"
      ],
      "google": {
        "proxy_group": null
      },
      "is_admin": true,
      "name": "ME@XXXX.edu",
      "projects": {
        "XXXX-proj1": [
          "read-storage",
          "read",
          "create",
          "upload",
          "update",
          "delete"
        ],
        "XXXX-proj3": [
          "read-storage",
          "read",
          "create",
          "upload",
          "update",
          "delete"
        ],
        "XXXX": [
          "read-storage",
          "read",
          "create",
          "upload",
          "update",
          "delete"
        ]
      }
    }
  },
  "jti": "e49fd918-7a4e-4f02-a03b-f56f72a74d87",
  "aud": [
    "openid",
    "user",
    "credentials",
    "data",
    "admin",
    "google_credentials",
    "google_service_account"
  ],
  "exp": 1559343582,
  "azp": "",
  "iss": "https://localhost/user",
  "iat": 1559342382,
  "pur": "access",
  "sub": "2"
}
```