Joken for Authentication API

Who is using Joken? For what tasks? What are the pros and cons of it? Is it suitable for building authentication API?
Last beta version of it is similar to main Guardian module. I understand that Guardian has more features. But it’s easier for me to implement tracking tokens myself than to use the GuardianDB in may way (

I use Joken and JOSE. I use Joken.verify!/1 to validate that an incoming JWT was signed with a valid signature. But that’s the only thing we use it for. We used to use Guardian to generate JWT tokens, but that is no longer a requirement.

One potentially worrying thing is that both Guardian and Joken depend on JOSE, which hasn’t been updated for a year and half and which has issues like not building on OTP 21.