} else {
String[] audList = JSONObjectUtils.getStringArray(jsonObject, "aud");
if (audList.length > 1)
throw new ParseException("Multiple audiences (aud) not supported");
aud = new Audience(audList[0]);
}
Date exp = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "exp"));
// Parse optional claims
Date nbf = null;
if (jsonObject.containsKey("nbf"))
nbf = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "nbf"));
Date iat = null;
if (jsonObject.containsKey("iat"))
iat = DateUtils.fromSecondsSinceEpoch(JSONObjectUtils.getLong(jsonObject, "iat"));
JWTID jti = null;
if (jsonObject.containsKey("jti"))
jti = new JWTID(JSONObjectUtils.getString(jsonObject, "jti"));
// Check client ID
if (! iss.getValue().equals(sub.getValue()))
throw new ParseException("JWT issuer and subject must have the same client ID");
ClientID clientID = new ClientID(iss.getValue());
return new JWTAuthenticationClaimsSet(clientID, aud, exp, nbf, iat, jti);
}