Decoding JWT works fine locally (Docker) but fails when uploaded to AWS

[BEndreLexly]

We are currently updating our system (Symfony 5.4) to use jwt authentication for our Microservice API. The JWT's are signed via private keys on 2 other systems and we need to just be be able to verify them in our microservice. All our development is done on a local setup using Docker to spin up the same server as on AWS. And on this setup everything works fine. Testing with different JWT's (expired, invalid etc) works fine and we can decode it and use the content. However, when we put the code on our AWS we just keep getting Invalid token when I do a API-call using the same token.

lexik_jwt_authentication.yaml:

lexik_jwt_authentication:
    secret_key: ''
    public_key: '%env(resolve:JWT_PUBLIC_KEY1)%'
    pass_phrase: ''
    additional_public_keys:
        - '%env(resolve:JWT_PUBLIC_KEY2)%'
        - '%env(resolve:JWT_PUBLIC_KEY3)%'

security.yaml:

   main:
            pattern: ^/
            stateless: true
            custom_authenticators:
                - App\Security\JWTTokenAuthenticator

JWTTokenAuthenticator:

class JWTTokenAuthenticator extends AbstractAuthenticator
{
    private JWTEncoderInterface $jwtEncoder;

    public function __construct(JWTEncoderInterface $jwtEncoder)
    {
        $this->jwtEncoder = $jwtEncoder;
    }

    public function supports(Request $request): ?bool
    {
        $extractor = new AuthorizationHeaderTokenExtractor(
            'Bearer',
            'Authorization'
        );
        $token = $extractor->extract($request);

        return false !== $token;
    }

    public function authenticate(Request $request): Passport
    {
        $extractor = new AuthorizationHeaderTokenExtractor(
            'Bearer',
            'Authorization'
        );

        $token = $extractor->extract($request);

        if (false === $token) {
            throw new CustomUserMessageAuthenticationException('Token missing');
        }

        try {
            $jwt = $this->jwtEncoder->decode($token);

        } catch (JWTDecodeFailureException $ex) {
            switch ($ex->getReason()) {
                case JWTDecodeFailureException::INVALID_TOKEN:
                    throw new CustomUserMessageAuthenticationException('Invalid token');
                case JWTDecodeFailureException::EXPIRED_TOKEN:
                    throw new CustomUserMessageAuthenticationException('Token expired');
                case JWTDecodeFailureException::UNVERIFIED_TOKEN:
                    throw new CustomUserMessageAuthenticationException('Unverified token');
            }
        }

Of course there are more code later but what I do see is that it fails at the $jwt = $this->jwtEncoder->decode($token); throwing the INVALID_TOKEN error.

In the local environment the JWT_PUBLIC_KEY1 etc are paths to pem-files and stored in an env-file while on AWS we use the Parameter Store for the env-parameters. Here JWT_PUBLIC_KEY1 etc are the actual public keys.

As I wondered if this could be the issue I uploaded one of the pem-files to the server and changed lexik_jwt_authentication to point to this pem-file instead of the env-variable. But still same issue.

To me it feels like I am missing something regarding the public keys. At the same time .. there isn't much needed to set it up more than point the lexik_jwt_authentication.yaml to the public keys ... and since it works great in the "local" env I feel like it still is a configuration error from my part ....