@Override public Jwt decode(String token) throws JwtException { Jwt jwt; try { JWT parsedJwt = JWTParser.parse(token); // Verify the signature JWTClaimsSet jwtClaimsSet = this.jwtProcessor.process(parsedJwt, null); Instant expiresAt = jwtClaimsSet.getExpirationTime().toInstant(); Instant issuedAt; if (jwtClaimsSet.getIssueTime() != null) { issuedAt = jwtClaimsSet.getIssueTime().toInstant(); } else { // issuedAt is required in SecurityToken so let's default to expiresAt - 1 second issuedAt = Instant.from(expiresAt).minusSeconds(1); } Map<String, Object> headers = new LinkedHashMap<>(parsedJwt.getHeader().toJSONObject()); jwt = new Jwt(token, issuedAt, expiresAt, headers, jwtClaimsSet.getClaims()); } catch (Exception ex) { throw new JwtException("An error occurred while attempting to decode the Jwt: " + ex.getMessage(), ex); } return jwt; } }