In your call to hash_hmac, the last argument should be False, not True. Your code generates a proper JWT with that change:
False
True