Dancer2::Plugin::JWT - JSON Web Token made simple for Dancer2


     use Dancer2;
     use Dancer2::Plugin::JWT;

     post '/login' => sub {
         if (is_valid(param("username"), param("password"))) {
            jwt { username => param("username") };
            template 'index';
         else {
             redirect '/';

     get '/private' => sub {
         my $data = jwt;
         redirect '/ unless exists $data->{username};


     hook 'plugin.jwt.jwt_exception' => sub {
         my $error = shift;
         # do something


Registers the jwt keyword that can be used to set or retrieve the payload of a JSON Web Token.

To this to work it is required to have a secret defined in your config.yml file:

          secret: "string or path to private RSA/EC key"
          # default, or others supported by Crypt::JWT
          alg: HS256
          # required only for JWE
          # add issued at time (iat) field
          need_iat: 1
          # check not before field
          need_nbf: 1
          # in seconds
          need_exp: 600
          # timeshift for expiration
          need_leeway: 30
          # JWT cookie domain, in case you need to override it
          # Attach Authorization header to HTTP response
          set_authorization_header: 0
          # Attach 'Access-Control-Expose-Headers: Authorization' header to HTTP response
          expose_authorization_header: 0
          # Attach Set-Cookie header to HTTP response
          set_cookie_header: 0
          # Attach Location header to HTTP response when response is 300-399
          # e.g. redirect
          set_location_header: 0

NOTE: A empty call (without arguments) to jwt will trigger the exception hook if there is no jwt defined.

NOTE: If you are using JWT to authenticate an API call to return, e.g. JSON, not a web page to display, be sure to set the config items set_authorization_header, expose_authorization_header, set_cookie_header and set_location_header so you don't return any unnecessary headers.


I am sure a lot. Please use GitHub issue tracker here.


To Lee Johnson for his talk "JWT JWT JWT" in YAPC::EU::2015.

To Nuno Carvalho for brainstorming and help with testing.

To user2014, thanks for making the module use Crypt::JWT.


Copyright 2015-2018 Alberto Simões, all rights reserved.

This module is free software and is published under the same terms as Perl itself.


Alberto Simões <>