Currently it is up to the application that uses JWT to provide their own JWSTokenProvider implementation, for example in the following quickstart:

https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-angularjs-rest/src/main/java/org/jboss/as/quickstarts/picketlink/angularjs/security/authentication/JWSTokenProvider.java

We should provide this class out of the box. Furthermore, we should standardize on claims for the user's first name, last name and e-mail address. My suggestion is to adopt the standard that Microsoft uses for Azure, and use unique_name (for e-mail), given_name and family_name.

To support the use of custom identity types we should introduce new identity stereotype property (i.e. StereotypeProperty.Property) values for these fields. It would also be useful to create a general purpose utility class for working with identity stereotypes.