Hello Sergey!
No problem, it took me a long time too.
Right, a custom factory receives an unparsed token, but delegates the work to the real factory, the real factory analyzes and validates, turning it into a JWTCallerPrincipal object, which contains the parsed token, instead of simply returning this object, I do my logic with it, and then I'll come back if it's not blacklisted.
But yes, I will use the encoded token as the key, I only commented if I was going to extract something like the "jti" field.
Well, you already answered my question if I could use custom factory by saying that it will be fine.
Thank you so much for everything Sergey, without you I would still be lost in what I could or could not do.
I don't know where you're from, but here in Brazil it's Thursday, you'll probably read this tomorrow, so a great Friday for you and have a nice weekend.