Bitbucket Cloud API: Unable to authenticate with JWT against Bitbucket using Atlassian connect core

I wrote an add-on that should react to pull request webhooks
to install it i enabled the “Enabled development mode” in the “manage install apps” and install it using “install app from URL” link on that page

in the installation i am saving the payload to have the sharedSecret, add-on Key and ClientKey for future usages

when a pull request webhooks is received i want to call bitbucket cloud rest api to get/post some data for that i am generating a JWT with qsh using the installed data and shared secret and add it to authorization header as “JWT ”
the JWT payload is looks like:

  "iss": "***",
  "iat": 1686035947,
  "exp": 1686035977,
  "qsh": "bb4df84cf34ba5b6583d0e19e7e313afa6b6f4b6d46f82267d20b1525e1a76f1",
  "aud": [

to generate the JWT i am using the following NuGet Bitbucket (also try generating all in my code) but all the time i am getting 401 Unauthorized

As a developer that installed the app on my workspace is there any option to understand what went wrong? why the JWT is not authorized? see any verbose log (in bitbucket cloud side? that will help me understand that?

the descriptor file looks like:

  "key": "***",
  "name": "*** for Bitbucket Cloud",
  "description": "my description",
  "version": "1.1",
  "baseUrl": "",
  "authentication": {
    "type": "jwt"
  "lifecycle": {
    "installed": "lifecycle",
    "uninstalled": "lifecycle"
  "modules": {
    "webhooks": [
        "event": "*",
        "url": "webhooks"
  "scopes": [
  "contexts": [