Your data is never sent to a server or stored anywhere. All processing happens in your browser.

JWT Generator (HS256 / HS384 / HS512)

⚠️ Don't paste real production secrets while screen-sharing (the processing is local, but the screen isn't).
Algorithm
Generated JWT
 
 
 
How to Use
 
 
Pick the algorithm, fill in the header / payload / secret, and a signed JWT is produced. The `alg` field in the header auto-syncs to the selected algorithm. Choosing `alg: none` produces an unsigned token (debug only — do not use in production).
 
JWT Structure
 
 
A JWT is three Base64URL segments joined by dots: `header.payload.signature`. The header names the algorithm, the payload carries arbitrary claims (`sub`, `iat`, `exp`, etc.), and the signature is produced by HMAC or RSA / ECDSA. This tool supports HMAC-based algorithms (HS256/384/512). RS256 / ES256 (public-key) are intentionally not supported here, since handling private keys in a browser tool is risky.
 
Use Cases
 
 
  • Generating test JWTs during local development
  • Walking through an auth flow with a mock JWT against your own API
  • Iterating on the payload shape while designing claims
  • Pairing with this site's JWT decoder to verify your output round-trips
  • Teaching / learning what a JWT actually looks like under the hood
 
Security Notes
 
 
Signing happens in-browser via Web Crypto, but **don't paste real production secrets while screen-sharing** — anyone watching can see them. Also, JWT verifiers that accept `alg: none` are a classic vulnerability; in production, always pin verification to the specific algorithm you expect.