JWT Generator

Build and sign JSON Web Tokens online with editable headers, payload claims, and HS256/HS384/HS512 signatures generated locally.

JWT header (JSON)

The header is automatically updated to match the selected algorithm.

JWT payload (JSON)

Toggle timestamp helpers to inject iat, nbf, and exp automatically.

Algorithm

Balanced security with SHA-256 HMAC.

Shared secret

Secrets never leave your browser; signing runs via Web Crypto.

Add iat

Add nbf

Add exp

Expiry window (minutes)Applies when exp is enabled.

How it works

Header and payload JSON are Base64URL encoded, then concatenated with the signature.
Signing uses the Web Crypto API so your secret never leaves the browser.
Enable timestamp helpers to regenerate iat, nbf, and exp on every signing.

Tips

Use long, random secrets for production tokens—at least 32 bytes for HS256.
Keep private signing secrets in a vault; never paste production values on shared devices.
Match algorithm and secret across services to avoid signature mismatches.

Related tools

Explore more helpers you might need next.

Generate TOTP 2FA codes online from Base32 secrets with live countdowns, SHA-1/SHA-256/SHA-512 support, and otpauth links.

Decode JWT tokens, inspect claims, and verify HS256, HS384, or HS512 signatures online without exposing secrets.

Generate strong random passwords online with custom length, character sets, and passphrase options powered by secure randomness.

Generate secure SSH key pairs online (Ed25519, RSA, ECDSA) with OpenSSH-ready output, fingerprints, and PEM downloads.