How Elasticsearch does verify JWT tokens?

did you try with single quotes

curl -X GET 'https://xxx-xxx:9200/_security/_authenticate' -H 'ES-Client-Authentication: SharedSecret 0qUPuF****mzvjG' -H 'Authorization: Bearer eyJhbGciOiJSUzI1N*****Hq-Sf-T-lHyYWotGyWL4k_g'