diff --git a/Gemfile b/Gemfile
index 4232034b61..7c79d4cffd 100644
--- a/Gemfile
+++ b/Gemfile
@@ -19,7 +19,7 @@ gem 'base32-crockford'
 gem 'activesupport'
 gem 'bcrypt-ruby', '~> 3.0.0'
 gem 'random_password_generator', '= 1.0.0'
-gem 'slosilo', '>=2.0.0'
+gem 'slosilo', '~> 2.1', github: 'cyberark/slosilo', branch: 'feature/jwt'
 gem 'listen'
 gem 'gli', require: false
 
@@ -28,7 +28,7 @@ gem 'gli', require: false
 gem 'ruby_dep', '= 1.3.1'
 
 gem 'conjur-api', github: 'cyberark/api-ruby'
-gem 'conjur-rack', github: 'conjurinc/conjur-rack'
+gem 'conjur-rack', '~> 3.1', github: 'conjurinc/conjur-rack', branch: 'feature/jwt'
 gem 'conjur-rack-heartbeat'
 gem 'conjur-policy-parser', github: 'conjurinc/conjur-policy-parser', branch: 'possum'
 gem 'rack-rewrite'
diff --git a/Gemfile.lock b/Gemfile.lock
index 710c20e217..2420db4937 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -24,12 +24,13 @@ GIT
 
 GIT
   remote: https://github.com/conjurinc/conjur-rack.git
-  revision: c82a886e4e6e90df4c7de347b007cc8fe0b5c1b6
+  revision: 244f4127713758ce2efde2b14e045a241dc2e91f
+  branch: feature/jwt
   specs:
-    conjur-rack (3.0.0.pre)
+    conjur-rack (3.1.0)
       conjur-api (< 6)
       rack (~> 1)
-      slosilo
+      slosilo (~> 2.1)
 
 GIT
   remote: https://github.com/cyberark/api-ruby.git
@@ -39,6 +40,13 @@ GIT
       activesupport
       rest-client
 
+GIT
+  remote: https://github.com/cyberark/slosilo.git
+  revision: 4132657c09d089e9625a5c5237dc511fe8fb1548
+  branch: feature/jwt
+  specs:
+    slosilo (2.1.0)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -440,7 +448,6 @@ GEM
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.0)
     slop (3.6.0)
-    slosilo (2.0.1)
     spring (2.0.1)
       activesupport (>= 4.2)
     spring-commands-cucumber (1.0.1)
@@ -489,7 +496,7 @@ DEPENDENCIES
   conjur-cli!
   conjur-debify
   conjur-policy-parser!
-  conjur-rack!
+  conjur-rack (~> 3.1)!
   conjur-rack-heartbeat
   cucumber
   database_cleaner
@@ -519,7 +526,7 @@ DEPENDENCIES
   sequel-postgres-schemata
   sequel-rails
   simplecov
-  slosilo (>= 2.0.0)
+  slosilo (~> 2.1)!
   spring
   spring-commands-cucumber
   spring-commands-rspec
@@ -527,4 +534,4 @@ DEPENDENCIES
   therubyracer
 
 BUNDLED WITH
-   1.15.3
+   1.15.4
diff --git a/app/controllers/concerns/token_generator.rb b/app/controllers/concerns/token_generator.rb
index 26b38ed3db..b4b28acad0 100644
--- a/app/controllers/concerns/token_generator.rb
+++ b/app/controllers/concerns/token_generator.rb
@@ -6,7 +6,7 @@ def signing_key
   end
     
   def sign_token role
-    signing_key.signed_token Role.username_from_roleid(role.id)
+    signing_key.issue_jwt sub: Role.username_from_roleid(role.id)
   end
 
 end
diff --git a/spec/controllers/authenticate_controller_spec.rb b/spec/controllers/authenticate_controller_spec.rb
index de2f0789c8..4751e37d3a 100644
--- a/spec/controllers/authenticate_controller_spec.rb
+++ b/spec/controllers/authenticate_controller_spec.rb
@@ -11,10 +11,10 @@
     RSpec::Matchers.define :have_valid_token_for do |login|
       match do |response|
         expect(response).to be_ok
-        token = JSON.parse response.body
-        expect(token['data']).to eq(login)
-        expect(token).to have_key('signature')
-        expect(token).to have_key('timestamp')
+        token = Slosilo::JWT.parse_json response.body
+        expect(token.claims['sub']).to eq(login)
+        expect(token.signature).to be
+        expect(token.claims).to have_key('iat')
       end
     end
     
@@ -71,4 +71,4 @@ def invoke
       end
     end
   end
-end
\ No newline at end of file
+end