/** * Verifies the claims of the specified JWT. * * @param jwt The JWT. Must be in a state which allows the claims * to be extracted. * @param context Optional context, {@code null} if not required. * * @return The JWT claims set. * * @throws BadJWTException If the JWT claims are invalid or rejected. */ private JWTClaimsSet verifyAndReturnClaims(final JWT jwt, final C context) throws BadJWTException { JWTClaimsSet claimsSet; try { claimsSet = jwt.getJWTClaimsSet(); } catch (ParseException e) { // Payload not a JSON object throw new BadJWTException(e.getMessage(), e); } if (getJWTClaimsSetVerifier() != null) { getJWTClaimsSetVerifier().verify(claimsSet, context); } else if (getJWTClaimsVerifier() != null) { // Fall back to deprecated claims verifier getJWTClaimsVerifier().verify(claimsSet); } return claimsSet; }