As your potential client as well as as an entrepreneur and provider of development services for large companies, I have decided to take a few minutes to provide you with some constructive criticism.
I must tell you that you are not providing the tranquility and security required for a product that you wish to position as "Enterprise-level".
I have been developing a web application for several months which is fed via the Wordpress REST API. In this application the authentication process is based on JWT provided by your plugin.
From day one I noticed that the documentation of the JWT authentication flow with your plugin is a bit lazy and scarce. I immediately thought that the documentation of the plugin could use to show some examples with code for the less knowledgeable. You are making the mistake of assuming that the user of your plugin will immediately know things like filtering the authentication response. The best documentation in the world are those that assume a total ignorance by the user about the use of the product or service they document.
A good example of an award winning documentation is the Vue Guide (https://vuejs.org/v2/guide/).
Today I made an update of your plugin to version 6. I always check the change log (something that 99.9999999% of WP users don't do) before updating a plugin. As I saw no mention of "breaking changes" I proceeded with the update and then came across that the authentication path via REST had been eliminated. Then I went to the guide that you have called "Ultimate guide to WordPress JWT Authentication" and I noticed that JWT routes had changed. The fact that you have not mentioned this in the change log is the first mistake.
After updating the routes in my application I proceeded to try to log in but the authentication process was failing because the request was not returning a token. I decided to check the source code of the plugin to see what was happening and it turns out that for the request to return a token now we have to add a parameter called "issueJWT" as "true" which is not mentioned in the guide. This was error number two.
I like the plugin in a general sense, but I am worried about the repercussions of using it in a critical project, where failures derived from bad communication practices can end up costing money.
How can I sell your product to my customers without the assurance that tomorrow or in a few days there will be no other major change that is not mentioned and documented properly?