Get expiry date from firebase token (JOSE header "typ" (type) "JWT" not allowed)

Question

I need to extract the expiry date of firebase tokens. How can I extract the "exp" from the token in java?

I tried to use code from https://connect2id.com/products/nimbus-jose-jwt/examples/validating-jwt-access-tokens using com.nimbusds:nimbus-jose-jwt:9.23 but it fails:

    String accessToken = "...";

    // Create a JWT processor for the access tokens
    ConfigurableJWTProcessor<SecurityContext> jwtProcessor =
            new DefaultJWTProcessor<>();

    // Set the required "typ" header "at+jwt" for access tokens issued by the
    // Connect2id server, may not be set by other servers
    jwtProcessor.setJWSTypeVerifier(
            new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("at+jwt")));

    // The public RSA keys to validate the signatures will be sourced from the
    // OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
    // object caches the retrieved keys to speed up subsequent look-ups and can
    // also handle key-rollover

    // I changed it to what I think should work for firebase, but it doesn't seem to matter what I put here:

    JWKSource<SecurityContext> keySource =
            new RemoteJWKSet<>(new URL("https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"));

    // The expected JWS algorithm of the access tokens (agreed out-of-band)
    JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;

    // Configure the JWT processor with a key selector to feed matching public
    // RSA keys sourced from the JWK set URL
    JWSKeySelector<SecurityContext> keySelector =
            new JWSVerificationKeySelector<>(expectedJWSAlg, keySource);

    jwtProcessor.setJWSKeySelector(keySelector);

    // Set the required JWT claims for access tokens issued by the Connect2id
    // server, may differ with other servers
    jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(
            null,
            new HashSet<>(Arrays.asList("exp"))));

    // Process the token
    SecurityContext ctx = null; // optional context parameter, not required here
    JWTClaimsSet claimsSet = jwtProcessor.process(accessToken, ctx);

    // Print out the token claims set
    System.out.println(claimsSet.toJSONObject());

I get this error:

JOSE header "typ" (type) "JWT" not allowed
com.nimbusds.jose.proc.BadJOSEException: JOSE header "typ" (type) "JWT" not allowed
    at com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier.verify(DefaultJOSEObjectTypeVerifier.java:149)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:341)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:303)
    at com.nimbusds.jwt.proc.DefaultJWTProcessor.process(DefaultJWTProcessor.java:294)