Alternatively you could just use a token that has sane defaults, rather than having a tool that could bite you or could bite your organization after you depart.
I've implemented JWT's in apps more times than I'd like to think about, and never has it been done without ensuring the tokens are signed, signing keys rotated regularly, tokens having a short lifecycle, etc. and none of these required some deep expert knowledge just a couple of hours of research on best practices.
Again, it's not about the tool, it's how you use it.
Again, it's not about the tool, it's how you use it.