ADVERT
π JWT Generator
Create signed JSON Web Tokens with customizable headers and payloads. Choose HS256, HS384, or HS512 HMAC algorithms and copy the ready-to-use JWT.
JWT Generator
Generate JSON Web Tokens entirely in your browser. Edit the header and payload JSON, pick an HMAC algorithm, add your secret, and copy the signed JWT β no data ever leaves your device.
HeaderJSON
PayloadJSON
SigningHMAC
Signed JWT
Generate a token to see the signed JWT here. Your secret never leaves the browser.
How to use this tool
- Adjust the header and payload JSON to match the claims you need.
- Select an HMAC algorithm and provide a strong shared secret.
- Generate the token and copy it for local testing or staging environments.
Practical uses
- Mock authentication flows when developing against protected APIs.
- Generate tokens for Postman or integration tests without spinning up auth services.
- Teach new teammates how header and payload claims influence JWT behavior.
Best practices
- Never use production secrets in browser toolsβstick to staging keys.
- Set short expirations (<code>exp</code>) when sharing tokens for debugging.
- Store secrets in environment variables in real apps; hard-coding them is risky.
FAQ
- Which algorithms are supported?
- This tool focuses on symmetric HMAC algorithms (HS256/384/512). Asymmetric algorithms like RS256 require private keys and aren't supported here.
- Where is signing done?
- Signing happens locally via the Web Crypto API. Your secret never leaves the browser.
- Can I generate refresh tokens?
- Refresh tokens are typically opaque strings. You can still craft custom payloads here if your system uses JWT-based refresh tokens.
ADVERT
ADVERT