Zero Signup ToolsFree browser tools

Developer Tools

JWT Generator

Build and sign JSON Web Tokens in your browser. HS256, HS384, and HS512 with editable header, payload claims, expiry helpers, and copy-ready output.

Algorithm

HMAC algorithms supported by the browser Web Crypto API. Asymmetric algorithms like RS256 and ES256 are not supported here because they require pasting a private key.

Quick samples

36 chars
65 chars

Issued at (iat)

Skipped if your payload already has an iat key.

Expiration (exp)

Skipped if your payload already has an exp key, or if No expiry is selected.

For HS256, HS384, and HS512 the secret is shared between signer and verifier. Do not paste real production secrets into any web tool.

Signed JWT

Three base64url segments joined with dots: header, payload, signature.

Not signed
Token will appear here once header, payload, and secret are valid.

How to use

  1. Pick an algorithm (HS256, HS384, or HS512) and optionally set a typ or kid in the header row.
  2. Edit the payload JSON with the claims you need, or click a quick sample to start from a realistic token.
  3. Tick Add iat to stamp the current Unix time, and pick an expiration preset (or Custom seconds) to add an exp claim.
  4. Paste your shared secret and pick its encoding: UTF-8 text, Base64, or hex.
  5. Read the signed JWT in the output panel and click Copy token, or copy the decoded header or payload JSON.

About this tool

JWT Generator builds and signs JSON Web Tokens (RFC 7519) directly in your browser using the Web Crypto API. Pick a symmetric algorithm (HS256, HS384, or HS512), edit the header (alg, typ, kid) and payload claims as JSON, paste a shared secret as UTF-8 text, Base64, or hex, and the tool produces a signed token live as you type. Two helpers make the most common claims painless: tick a box to add an iat (issued at) claim with the current Unix time, and pick an expiration preset (5 minutes through 365 days, or a custom number of seconds) to add an exp claim. Both helpers respect explicit values you have already set in the payload, so they will not overwrite an iat or exp you wrote yourself. The signed JWT is shown in the canonical header.payload.signature form with each segment color-coded so the structure is obvious at a glance, and a decoded view shows the header and payload JSON pretty-printed for verification. Quick samples cover an admin access token, an API key with a kid header for key rotation, and a short-lived session token. Asymmetric algorithms (RS256, ES256, PS256) are intentionally not supported because they require pasting a private key in PEM format, which is a meaningful security risk to invite into a free web tool. Useful for testing JWT-aware backends, generating fixtures for integration tests, prototyping authentication flows, building Postman or Insomnia collections, debugging token expiry edge cases, and reproducing a token an upstream library produced. Signing runs entirely on your device, so the secret you paste and the claims you sign never leave your browser.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Developer

JWT Decoder

Decode header, payload, and claims of a JWT with expiry checks.

Open tool

Security

HMAC Generator

Generate and verify HMAC-SHA1, SHA-256, SHA-384, and SHA-512 signatures.

Open tool

Developer

Base64 Encoder Decoder

Encode and decode Base64 with full Unicode.

Open tool

Generator

UUID Generator

Generate UUID v4 identifiers in batch.

Open tool

All toolsDeveloper Tools