Add t.jwt() to Power-Up Client Library

We’re adding a new function to the Power-Up client library that allows you
to asynchronously request a signed JWT from Trello for the current member.

  'board-buttons': async function (t, opts) {
    if (t.isMemberSignedIn()) {
      const jwt = await t.jwt({
        state: JSON.stringify({ hello: 'world' }),
    return [];

If you checked the console you would find a JWT that includes the state you’ve provided.

The purpose of these JWTs is for you to be able to secure the communication between your Power-Up and your server, if needed. If you need to know that a request made by your Power-Up to your server was made on behalf of a particular Trello user, you have two main ways of accomplishing that.

If you already need and are retrieving Trello OAuth tokens for members who use your Power-Up, you can send the token in requests to your server, and validate the token by making a request with it to Trello.

However, if you don’t need a Trello OAuth token (you don’t need to talk to Trello’s REST API), then you should use this t.jwt() method and send the resulting JWT with requests to your server.

Trello will provide a public key ( that can be used to decode the JWT on your server.

Read more on how to use this effectively in t.jwt() documentation.


Why expiration time so small? only 15 minutes.

Am I right in assuming that it’s not safe to use state field to store permission data, for example isAdmin: true?