"exp" claim should be number, however jjwt supports parsing the string as a number, and as last fallback parsing string as a ISO_8601 formatted date.

In io.jsonwebtoken.lang.DateFormats
there are following patterns

private static final String ISO_8601_PATTERN = "yyyy-MM-dd'T'HH:mm:ss'Z'";

private static final String ISO_8601_MILLIS_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";

So they are named here as ISO_8601 and if can't parse the exception says it is not ISO_8601 formatted.

private static Date parseIso8601Date(String s, String name) throws IllegalArgumentException {
    try {
        return DateFormats.parseIso8601Date(s);
    } catch (ParseException e) {
        String msg = "'" + name + "' value does not appear to be ISO-8601-formatted: " + s;
        throw new IllegalArgumentException(msg, e);
    }
}

Despite that ISO_8601 allows you to have the offset

The offset from UTC is appended to the time in the same way that 'Z' was above, in the form ± 
 [hh]:[mm], ±[hh][mm], or ±[hh]

https://en.wikipedia.org/wiki/ISO_8601

The patterns from DateFormats will accept only 'Z' value.

Therefore values like 2019-11-26T15:54:13.100-0800 are not accepted, resulting in ParseException->IllegalArgumentException.

Another point is that it throws IllegalArgumentException, which does not inherit from JwtException, not intuitively this may result in non-caught exception.

In my understanding the fix would be to change the patterns to following (removing the single quotes around Z letter) :

private static final String ISO_8601_PATTERN = "yyyy-MM-dd'T'HH:mm:ssZ";

private static final String ISO_8601_MILLIS_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSSZ";

and throwing MalformedSpecificationClaimException extends JwtException instead of IllegalArgumentException.