UAA supports client JWT authentication two ways, the OAuth2 standard defined in RFC 7523, and OpenID Connect. The OpenID Connect standard requires the JTI claim in the token but in the OAuth standard it is optional.

RFC 7523:
The JWT MAY contain a "jti" (JWT ID) claim that provides a
unique identifier for the token. The authorization server MAY
ensure that JWTs are not replayed by maintaining the set of used
"jti" values for the length of time for which the JWT would be
considered valid based on the applicable "exp" instant.

However, UAA always requires the JTI claim:
https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/jwt/JwtClientAuthentication.java#L75

This poses a problem when using certain identity providers like Microsoft Entra ID that do not include a JTI claim in their tokens. Reference:
https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference