JWT Generator
Generate and sign JSON Web Tokens (JWT) for testing. Create HS256, HS384, and HS512 tokens instantly in your browser.
Features
- ✓Sign JWTs with HS256, HS384, or HS512 algorithms
- ✓Custom payload with any JSON claims
- ✓Set your own secret key for signing
- ✓Load sample payload with standard claims
- ✓Copy generated token with one click
- ✓Runs entirely in your browser — no server needed
How to Use
- 1Select the HMAC algorithm (HS256, HS384, or HS512)
- 2Enter your secret key for signing
- 3Write or paste a JSON payload with your claims
- 4Click "Generate JWT" to create the signed token
- 5Copy the token and use it for testing
Examples
Input
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"exp": 1516242622
}Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE1MTYyNDI2MjJ9.{signature}Input
{
"sub": "user-42",
"roles": ["admin", "editor"],
"iss": "my-app"
}Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyLTQyIiwicm9sZXMiOlsiYWRtaW4iLCJlZGl0b3IiXSwiaXNzIjoibXktYXBwIn0.{signature}Input
{
"service": "payment-api",
"scope": "read write",
"exp": 1700000000
}Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzZXJ2aWNlIjoicGF5bWVudC1hcGkiLCJzY29wZSI6InJlYWQgd3JpdGUiLCJleHAiOjE3MDAwMDAwMDB9.{signature}What is a JWT Generator?
A JSON Web Token (JWT) generator creates signed tokens that can be used for testing authentication flows, API authorization, and microservice communication. JWTs are an open standard (RFC 7519) for securely transmitting information between parties as a compact, URL-safe JSON object. This tool lets you generate HMAC-signed tokens directly in your browser.
The generator supports three HMAC algorithms: HS256 (HMAC-SHA256), HS384 (HMAC-SHA384), and HS512 (HMAC-SHA512). HMAC algorithms use a shared secret key to both sign and verify the token. HS256 is by far the most commonly used algorithm for JWTs and provides strong security for most applications. HS384 and HS512 offer longer signatures for additional security margin.
A JWT consists of three parts separated by dots: the header, payload, and signature. The header specifies the algorithm and token type. The payload contains claims — statements about the user or entity and additional metadata. Standard claims include sub (subject), iss (issuer), exp (expiration time), iat (issued at), and aud (audience). You can also include any custom claims your application needs.
This tool uses the Web Crypto API to perform HMAC signing directly in your browser. Your secret key and payload never leave your device. However, this tool is designed for testing and development purposes only. In production, JWT generation should happen server-side where the signing key is securely stored and never exposed to clients.
Common use cases for a JWT generator include testing API endpoints that require authentication, verifying your backend correctly validates and decodes tokens, creating mock tokens for frontend development, and learning how JWTs work by experimenting with different payloads and algorithms.