Validate() tries to check if exp or nbf are set by casting Content interface{} to map[string]interface{}.
This should work for any kind of struct but will fail for types like int, string and []byte.
These are valid JSON but cannot be handled by Validate() so please do not use those as the only payload of a JWT you plan to use with this package. Storing them in a JSON object works totally fine, it just takes a small bit of additional space.

I will fix this at some point but there's an easy workaround so it's not a high priority for me. Feel free to open a PR if you want to fix it.

My original assumption does not hold up as JWTs are submitted by the user and may therefore be tampered with.

After some reading I found that this issue is easily fixed by simply wrapping the type cast with a if clause just like retrieving values from the map.

I will fix this ASAP as it is not acceptable that users can crash your application with malicious content.