JWT Generator

Generate a JSON Web Token (JWT) from a header, payload, and signing secret.

Input data is processed in your browser
Data is never sent to a server

Tool

or drag & drop a file

* Only symmetric key signing (HMAC) is supported. The key you enter is processed entirely in your browser and is never sent to a server. Do not use production secret keys.

What is JWT Generator?

JWT Generator creates a JSON Web Token just by entering a header, payload, and signing secret. It supports HMAC signing (HS256/HS384/HS512) using the Web Crypto API, and you can verify the result with the JWT Decoder tool. Useful for testing authentication flows and learning JWT structure.

How to Use

  1. Edit the Header and Payload JSON (you can change the default sample values).
  2. Enter a signing secret.
  3. Choose an algorithm (HS256, HS384, or HS512).
  4. With auto-generate enabled, the JWT is generated instantly as you type.

FAQ

Which signing algorithms are supported?

Symmetric-key HMAC signing (HS256, HS384, HS512) is supported. Public-key algorithms such as RS256 are not supported.

Can I use the generated JWT in production?

A technically valid JWT is generated, but a secret typed into a browser tool cannot be considered securely managed. We strongly recommend not using production secrets with this tool.

Does the Header's alg field update automatically?

Yes. Changing the algorithm automatically syncs the "alg" field in the Header.

Is my data sent to a server?

No. All processing happens in your browser using the built-in Web Crypto API.