jwt · anakinj · Feb 17, 2026 · Feb 16, 2026
diff --git a/lib/jwt/encoded_token.rb b/lib/jwt/encoded_token.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative 'encoded_token/claims_context'
+
 module JWT
   # Represents an encoded JWT token
   #
@@ -12,22 +14,6 @@ module JWT
   #   encoded_token.verify_signature!(algorithm: 'HS256', key: 'secret')
   #   encoded_token.payload # => {'pay' => 'load'}
   class EncodedToken
-    # @private
-    # Allow access to the unverified payload for claim verification.
-    class ClaimsContext
-      extend Forwardable
-
-      def_delegators :@token, :header, :unverified_payload
-
-      def initialize(token)
-        @token = token
-      end
-
-      def payload
-        unverified_payload
-      end
-    end
-
     DEFAULT_CLAIMS = [:exp].freeze
 
     private_constant(:DEFAULT_CLAIMS)

diff --git a/lib/jwt/encoded_token/claims_context.rb b/lib/jwt/encoded_token/claims_context.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
+module JWT
+  # @private
+  class EncodedToken
+    # Allow access to the unverified payload for claim verification.
+    class ClaimsContext
+      extend Forwardable
+
+      def_delegators :@token, :header, :unverified_payload
+
+      def initialize(token)
+        @token = token
+      end
+
+      def payload
+        unverified_payload
+      end
+    end
+  end
+end
diff --git a/lib/jwt/jwa.rb b/lib/jwt/jwa.rb
@@ -9,40 +9,12 @@
 require_relative 'jwa/ps'
 require_relative 'jwa/rsa'
 require_relative 'jwa/unsupported'
+require_relative 'jwa/verifier_context'
+require_relative 'jwa/signer_context'
 
 module JWT
   # The JWA module contains all supported algorithms.
   module JWA
-    # @api private
-    class VerifierContext
-      attr_reader :jwa
-
-      def initialize(jwa:, keys:)
-        @jwa = jwa
-        @keys = Array(keys)
-      end
-
-      def verify(*args, **kwargs)
-        @keys.any? do |key|
-          @jwa.verify(*args, **kwargs, verification_key: key)
-        end
-      end
-    end
-
-    # @api private
-    class SignerContext
-      attr_reader :jwa
-
-      def initialize(jwa:, key:)
-        @jwa = jwa
-        @key = key
-      end
-
-      def sign(*args, **kwargs)
-        @jwa.sign(*args, **kwargs, signing_key: @key)
-      end
-    end
-
     class << self
       # @api private
       def resolve(algorithm)

diff --git a/lib/jwt/jwa/signer_context.rb b/lib/jwt/jwa/signer_context.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    # @api private
+    class SignerContext
+      attr_reader :jwa
+
+      def initialize(jwa:, key:)
+        @jwa = jwa
+        @key = key
+      end
+
+      def sign(*args, **kwargs)
+        @jwa.sign(*args, **kwargs, signing_key: @key)
+      end
+    end
+  end
+end
diff --git a/lib/jwt/jwa/verifier_context.rb b/lib/jwt/jwa/verifier_context.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module JWT
+  module JWA
+    # @api private
+    class VerifierContext
+      attr_reader :jwa
+
+      def initialize(jwa:, keys:)
+        @jwa = jwa
+        @keys = Array(keys)
+      end
+
+      def verify(*args, **kwargs)
+        @keys.any? do |key|
+          @jwa.verify(*args, **kwargs, verification_key: key)
+        end
+      end
+    end
+  end
+end