JWT Encoder / Signer
Create and sign JSON Web Tokens (HS256) in your browser. Header, payload, and secret key.
For learning/testing only. Never expose real secrets in client-side tools. Use a server-side library for production JWTs.
About JWT Encoder / Signer
Build a JSON Web Token from scratch: edit the header (algorithm, type) and payload (any JSON claims), enter an HMAC secret key, and sign with HMAC-SHA256 using the browser's Web Crypto API (SubtleCrypto). Includes one-click expiry presets (15 minutes, 1 hour, 24 hours, 7 days) that automatically set the exp claim. The signed token is generated immediately as you type. For development, testing, and learning purposes only — never share your signing secrets.
All processing happens entirely in your browser using modern web APIs. Nothing is uploaded to our servers — your data stays local and private. Free to use forever, with a Pro plan for power users who want an ad-free experience and API access.
Common use cases
- Creating test JWTs with specific claims to test authentication flows
- Generating tokens with custom expiry times for integration testing
- Learning how JWT signing and HMAC-SHA256 work in practice
- Creating tokens to test your API's authentication middleware
- Generating tokens with specific role or permission claims for authorization testing
How it works
Encodes the header and payload separately as Base64URL strings (base64 with + replaced by -, / by _, and padding = removed). Concatenates them as header.payload. Then computes HMAC-SHA256 of the concatenated string using the provided secret key via SubtleCrypto.sign(). The signature is Base64URL-encoded and appended as the third segment. The result is a valid JWT that any HS256 JWT library can verify.