JWT Generator

Build and sign a JSON Web Token (HS256/384/512) locally — your secret never leaves the browser.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkRldlRvb2wiLCJhZG1pbiI6dHJ1ZX0.IT8lSvj9AZktnUD60OfSYO6uq1AaES4zlPj5eJ1XzcE

Generate a JWT

Enter a payload and secret, pick an HMAC algorithm, and get a signed token. Signing happens entirely in your browser with crypto-js — the secret is never transmitted. Use the JWT Debugger to decode and verify tokens.

Frequently asked questions

Which signing algorithms are supported?

HMAC with SHA-256, SHA-384 or SHA-512 (HS256/HS384/HS512). You provide the secret, set the header and payload claims, and the tool produces a correctly signed token.

Does my secret leave the page?

No. Signing is performed in your browser and the secret never leaves it — but for the same reason, avoid entering real production secrets into any web tool you do not fully control.

How do I set expiry?

Add an exp claim as a Unix timestamp; shortcuts help you set it relative to now. Consumers of the token treat exp as the moment it stops being valid.