Getting project list by addon via JWT authorization

Hello community!

I am trying to apply JWT for my addon and for some reason get empty array instead of projects. Seems like I am not the only who runs into this trouble. Here are examples:
https://community.atlassian.com/t5/Jira-questions/Atlassian-JIRA-Rest-API-returning-unauthorized-401-while-calling/qaq-p/773262#M268307
https://community.atlassian.com/t5/Answers-Developer-Questions/Query-to-JIRA-rest-api-with-JWT-returns-empty-json/qaq-p/542402

My Node.js code is following:

let extReq = { method: 'GET', originalUrl: '/rest/api/2/project' };
const qshJwt = atlassianJwt.createQueryStringHash(extReq);
let iat = (new Date).getTime();
let claim = { 
  'iss': pluginName, 
  'iat': iat, 
  'qsh': qshJwt, 
  'exp': iat + 180000
};
let jwtClaim = atlassianJwt.encode(claim, currentCustomer.sharedSecret);
let authOptions = { 
  method: 'GET', 
  url: 'https://atriplex.atlassian.net/rest/api/2/project', 
  headers: { 
    'Authentication': `JWT ${jwtClaim}`
  }, 
  // auth: { 
  // username: CREDS.username, 
  // password: CREDS.password 
  // } 
};

axios(authOptions).then(extRes => { 
   let projects = extRes.data;
   // projects in fact empty array

 If I use usual credential (commented out) this code works correctly. But I need using JWT
scope for addon is 
READ, but I also tried WRITE and ADMIN with the same result.