I am looking to implement the jjwt in my application and looking to implement jjwt, when I googled I found these two maven dependency not sure which one to pick and why ?
<jjwt.version>0.7.0</jjwt.version>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>${jjwt.version}</version>
</dependency>
and other is
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>5.1</version>
</dependency>
I have played POC with both the API library, but not sure which one will be the extensible solution. I am developing Spring MVC + Spring Security + Spring REST + HATEOAS + CORS + Spring Batch and all backend code will be deployed on the tomcat and front-end is AngularJS will be deployed on the nodejs.
Hope this info will be sufficient to answer the question.
If you are not going to create JWT token and only need to consume it in Spring then you dont really need any of libraries. Spring will take care of validating and decoding the JWT token for you.
The only time I needed to use either libraries is when trying to generate JWT token.
The jsonwebtoken library was more straightforward to use and had better documentation. But I found nimbus library to be more feature rich and the only one that could work with JWKS.