==== Client side ====

  #!/usr/bin/perl
  
  use strict; use warnings;
  
  use Crypt::JWT qw(encode_jwt decode_jwt);
  
  use Term::ReadKey;
  
  ReadMode ( 'noecho' );
  
      say STDERR "Please enter the passphrase:";
      my $pass = <STDIN>;
      chomp $pass;
  ReadMode ( 'normal' );    #Back to your regularly scheduled program
  
  my $key = Crypt::PK::RSA->new('/home/user/.ssh/id_rsa', $pass);
  
  my $jws_token = encode_jwt(payload => 'payload', alg => 'RS256', key => $key, extra_headers=>{kid=>'me@example.com'});
  say STDOUT $jws_token;

==== Server side ====

  #!/usr/bin/perl
  
  use strict; use warnings;
  
  use Crypt::JWT qw(encode_jwt decode_jwt);
  use Crypt::PK::RSA;
  
  my $request_token = 'xxx';
  
  my $pubkey = Crypt::PK::RSA->new('/home/user/ssh/id_rsa.pub');
  my $jwk_hash1 = $pubkey->export_key_jwk('public', 1);
  $jwk_hash1->{kid} = 'me@example.com';
  
  my $keylist = {
    keys => [
        $jwk_hash1,
        $jwk_hash2,
    ]
  };
  
  my ($header, $client) = decode_jwt(token=>$request_token, kid_keys=>$keylist, decode_header => 1);
  
  say STDERR Dumper $header;
  say STDOUT $client;