fix: update jjwt version

[manisha1997]

Fixes #788

JJWT version updated to 0.12.6

Summary

From JJWT version 0.12.0, when Content-type is set, the payload is no longer extracting claims by default
For discussion, jwtk/jjwt#897
https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10

Checklist

• I acknowledge that all my contributions will be made under the project's license
• I have made a material change to the repo (functionality, testing, spelling, grammar)
• I have read the Contribution Guidelines and my PR follows them
• I have titled the PR appropriately
• I have updated my branch with the main branch
• I have added tests that prove my fix is effective or that my feature works
• I have added the necessary documentation about the functionality in the appropriate .md file
• I have added inline documentation to the code I modified

If you have questions, please file a support ticket, or create a GitHub Issue in this repository.

[Copilot]

Pull Request Overview

This pull request updates the jjwt version and migrates all secret inputs from String to byte[] across the codebase. The changes ensure compatibility with the new jjwt API and improve security key handling in both production and test code.

• Updated tests to use new parser() methods and conversion of secret/authToken from String to byte[]
• Modified builder constructors and Jwt creation methods to accept byte[] secrets
• Added new getter methods in TwilioRestClient to expose internal fields for testing and debugging

Reviewed Changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/test/java/com/twilio/jwt/validation/ValidationTokenTest.java	Introduced getClaimFromJwtToken for centralized claims extraction using publicKey verification
src/test/java/com/twilio/jwt/taskrouter/TaskRouterCapabilityTest.java	Updated AUTH_TOKEN initialization to use a KeyGenerator and byte[] instead of a plain String
src/test/java/com/twilio/jwt/client/ClientCapabilityTest.java	Converted SECRET handling from String to byte[] and updated claims extraction logic
src/test/java/com/twilio/jwt/accesstoken/AccessTokenTest.java	Revised SECRET usage and claims retrieval using the new jjwt parser API
src/main/java/com/twilio/jwt/taskrouter/TaskRouterCapability.java	Changed authToken type and updated Builder constructor signature
src/main/java/com/twilio/jwt/client/ClientCapability.java	Updated authToken type from String to byte[] in the Builder
src/main/java/com/twilio/jwt/accesstoken/AccessToken.java	Migrated secret parameter to byte[] in the Builder and updated internal usage
src/main/java/com/twilio/jwt/Jwt.java	Fixed secret handling by removing the redundant getBytes() call and using the byte[] directly
src/main/java/com/twilio/http/TwilioRestClient.java	Added getters for objectMapper, accountSid, and authStrategy to aid debugging

Files not reviewed (1)

• pom.xml: Language not supported

Comments suppressed due to low confidence (2)

src/test/java/com/twilio/jwt/validation/ValidationTokenTest.java:87

• Directly casting claims.getPayload() to a byte[] may be unsafe if the payload isn't in byte[] format. Consider validating the type or using an alternative method provided by the new jjwt API to reliably obtain the payload.

Map<String,?> map = (Map<String,?>)objectMapper.readValue((byte[])claims.getPayload(), Map.class);

src/test/java/com/twilio/jwt/taskrouter/TaskRouterCapabilityTest.java:38

• [nitpick] For HMAC SHA256, a key length of 256 bits is typically sufficient. Using 2048 bits may be overkill and impact performance; consider revising the key size to 256 bits unless there is a specific requirement.

keyGen.init(2048); // Use 2048 bits for stronger security

[tiwarishubham635]

LGTM! I have added a couple of comments for inline documentation. It would be better if we can add them. Thanks!

[sonarqubecloud]

Quality Gate failed

Failed conditions
16.7% Coverage on New Code (required ≥ 80%)
C Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE