@LuckyNoS7evin thanks to you and Dist. I did use jwt.io the other day to analyze the Bearer token i’m sending, but you guys prompted me to look at it again.
I noticed that my “pubsub_perms” claim value just seemed… weird. i looked at my code again and saw that i was constructing the “pubsub_perms” object with the “send”: [ “broadcast” ] property… but all the strings were escaped (\") because i serialized the Claim value to JSON when i set it in my EBS.
i took that out, now setting the Claim value as an object, instead of the object serialized to a JSON string… and that fixed it!
thanks, all!