Looking through the github docs I notice that the payload has an 'exp' attribute (expiration time) which the python script deals with like so:
if time.time() > claims['exp']:
print('Token is expired')
return False
Using Crypt::JWT you need to specify what to do with 'exp' by passing a value for 'verify_exp':
verify_exp
undef (default) - Expiration Time 'exp' claim must be valid if present
0 - ignore 'exp' claim
1 - require valid 'exp' claim
If the payload has 'exp' and your arguments to decode_jwt() do not contain 'verify_exp' then you get the error you describe. You could try:
my $data = decode_jwt(token=>$token, kid_keys=>$keylist, verify_exp=>1
+);